Pentesters and redteamers alike are nowadays faced with multiple challenges where conventional tools fail or just doesn’t work and you need to whip up a tool of your own may be just for this one task or may be as a new tool entirely. With that in mind This talk will explore using Golang as a language of choice in such scenarios. Golang is a recent entry in the world of modern languages. This language has bought the capabilities of compiled languages as well as interpreted languages in a single place and as cherry on top it has brilliant cross platform capabilities. This talk will explore how Golang can be used by a professionals to automate routine taskβs and how a single codebase can be leveraged to craft binaries for multiple platform.
In the current world preferred choices are python / bash however we would like to leverage Go for its inherent capabilities such as low level I/O handling or handling high volume of incoming data (web requests / large file content) and in-build concurrency capabilities which allows golang to perform magnitudes faster then python or bash or any other typed or interpreted language.
The talk will guide from starting to write a basic hello world program in Golang to leveraging the brilliant modules available in the language to perform routine tasks like,
port scanning,
network query,
web requests,
user input handling,
network monitoring
Log parsing
This talk will provide the necessary boilerplates to get started with writing your own next gen tool in golang and take the next step in evolving information security.
AI Generated Summary
AI Generated Content Disclaimer
Note: This summary is AI-generated and may contain inaccuracies, errors, or omissions. If you spot any issues, please contact the site owner for corrections. Errors or omissions are unintended.
This presentation by Anant Shrivastava at c0c0n 12 (2019) introduces the Go programming language (Golang) as a practical tool for penetration testers and red teamers. Across 32 slides, the talk covers why Go is well-suited for offensive security work β from its cross-platform compiled binaries and lack of runtime dependencies to its rich standard library and active security tooling ecosystem. The presentation walks through setting up a Go development environment, essential modules for pentesting tasks (DNS lookups, port scanning, web scraping, JSON handling), building and cross-compiling binaries, Docker deployment, code security with gosec, dependency management, binary size reduction techniques, and automating the entire build process with Makefiles.
Key Topics Covered
Why Go for Pentesters: Go combines the ease of an interpreted dynamically-typed language with the efficiency and safety of a statically-typed compiled language. Key advantages for offensive security include cross-platform support (Windows, Linux, Mac), fat static binaries by default with no third-party dependencies or runtime requirements, the ability to run in bare/scratch Docker containers directly above the kernel, and modern support for networked and multicore computing.
Why Not Go: The presentation honestly addresses Go’s limitations β a relatively young ecosystem, heavy dependence on GitHub for package hosting, large binary sizes, limited GUI library support, and monolithic binary output.
Existing Security Tools Written in Go: A catalog of established Go-based security tools that pentesters already use:
Gobuster: Directory/DNS brute-forcing
Bettercap: Network reconnaissance and MITM framework
GoBot: Bot framework
GoAT: Go Application Testing
Cracklord: Distributed password cracking queue
GoCrack: Password cracking management
Merlin: Cross-platform post-exploitation C2 server
Vuls: Vulnerability scanner
And many more available at https://github.com/topics/pentesting with Go filter
Environment Setup: Installing Go via binary downloads or package managers (apt/yum), configuring GOPATH (where packages are installed, typically ~/go) and GOROOT (default installation location, typically /usr/lib), and adding the local Go path to the system PATH.
Go Fundamentals for Pentesters:
Hello World: Basic program structure with package main, import "fmt", and func main()
Running Go code: Direct execution via go run, compiled execution via go build
Managing Go versions: Installing and running alternate versions (e.g., go get golang.org/dl/go1.8; go1.8 download; go1.8 run helloworld.go)
Essential Modules for Pentesting:
argparse (github.com/akamensky/argparse): Command-line argument parsing, an improvement over the default flag package, with support for required flags, string options, and help output
net (golang.org/pkg/net): DNS lookups including LookupIP, LookupCNAME, LookupAddr, LookupNS, LookupMX, LookupTXT. Tip: if a domain is registered it will always have an NS record
publicsuffix (golang.org/x/net/publicsuffix): Identifying domain names from arbitrary strings using the Public Suffix List data for accurate domain parsing
encoding/json (golang.org/pkg/encoding/json): JSON marshaling for structured output β demonstrated with a ColorGroup struct example
net.Dial / port scanning: TCP connection-based port scanning with timeout support. Alternative: github.com/anvie/port-scanner
soup (github.com/anaskhan/soup): Web scraping library inspired by Python’s Beautiful Soup, providing Get, Header, Cookie, HTMLParse, Find, FindAll, sibling navigation, Children, Text, and FullText methods
Code Quality and Formatting: Go enforces uniform code formatting via gofmt, eliminating formatting debates. The gofmt command automatically formats code to the Go standard.
Binary Size Reduction: Go’s fat binaries include runtime integration. Techniques to reduce size:
Compiler flags: -s (omit symbol table and debug information), -w (omit DWARF symbol table)
UPX compression: Further reduces binary size after compilation
Example: go build -ldflags '-s -w' helloworld.go followed by UPX compression
Docker Deployment: Since fat Go binaries have no dependencies, they can run in a scratch (empty) Docker container, resulting in minimal container images. The Dockerfile is straightforward: FROM scratch, ADD the binary, set the ENTRYPOINT.
Cross-Compilation: Go’s built-in cross-compilation via environment variables:
Linux: env GOOS=linux GOARCH=amd64 go build
Windows: env GOOS=windows GOARCH=amd64 go build
Mac: env GOOS=darwin GOARCH=amd64 go build
Code Security with gosec: Running periodic security checks on Go code using gosec (github.com/securego/gosec). Multiple rules are available, and you can run recursively in the current directory, run specific rule sets, or exclude specific rules. Snyk also offers Go module dependency checks.
Dependency/Update Management: Keeping dependencies current using go get -u ./... and building after updates to ensure compatibility with the latest versions.
Build Automation with Makefile: A complete Makefile automating the entire workflow β building for Linux, Mac, and Windows targets, Docker image creation, dependency updates, gosec security checks, and combined all and complete targets.
Reversing Go Applications: Fat Go binaries are inherently difficult to reverse engineer, which is advantageous for red team tooling. References provided for those who want to explore Go binary reversing techniques.
Reproducible Builds: Ensuring source code produces byte-for-byte matching binaries across different systems by maintaining a consistent build environment, ideally through Docker-based builds.
Actionable Takeaways
Set up a Go development environment and start by building simple pentesting utilities β port scanners, DNS enumerators, or web scrapers β using the modules covered (net, soup, argparse).
Leverage Go’s cross-compilation to build tools for all target platforms (Linux, Windows, Mac) from a single codebase with simple GOOS/GOARCH environment variables.
Use scratch Docker containers for deploying Go-based tools, creating minimal attack surface and tiny container images since Go binaries have zero runtime dependencies.
Reduce binary sizes with -ldflags '-s -w' compiler flags and UPX compression to make tools less conspicuous for red team operations.
Integrate gosec into your development workflow (and CI/CD via Makefile) to catch security issues in your own pentesting tools before deployment.
Explore existing Go security tools (Gobuster, Bettercap, Merlin, Cracklord) both as ready-to-use utilities and as reference implementations for building your own.
Create a Makefile that automates multi-platform builds, Docker packaging, dependency updates, and security scanning for a professional, repeatable tooling workflow.
Take advantage of Go’s difficult-to-reverse-engineer binaries for red team implants and post-exploitation tools where operational security matters.
