A collection of Go-based tools and live tutorials for automated vulnerability hunting and exploitation in bug bounty programs.
Live for Go hackers (bug bounty)
This toolset is designed for security researchers and bug bounty hunters who want to automate reconnaissance and vulnerability exploitation using Go. It provides practical examples and code for scanning, identifying, and exploiting common web vulnerabilities, enabling users to build their own custom security tools.
This repository serves both as a learning resource and a toolkit; users should have Go environment set up to build and run the tools. Since some tools target live vulnerabilities, ensure you have proper authorization before scanning or exploiting targets. The tutorials are in Persian, which may require language proficiency for full benefit.
Clone the repository: git clone https://github.com/ravro-ir/golang_bug_hunting.git
Navigate to the desired tool directory inside the cloned repo
Build or run Go tools using 'go run' or 'go build' commands as appropriate
Refer to individual folders for specific usage and dependenciesgo run recon/portscan/main.go
Runs the slow port scanning tool
go run recon/portscanfast/main.go
Runs the fast port scanning tool
go run recon/arvan/cdn_finder/main.go
Executes the CDN Finder targeting Arvan Cloud
go run ognl_injection/main.go
Tests for OGNL Injection vulnerability (CVE-2022-26134)
go run path_traversal/main.go
Checks for Path Traversal vulnerability (CVE-2021-41773)