Each programming language brings its own features and benefits, so there is no best programming language for developing penetration testing tools. Python, Perl, Ruby but also PowerShell as well as other programming languages are often used in this area.

Go is often referred to as Golang, this is due to the domain of the programming language: golang.org. The Go project was started in 2007 by Robert Griesemer, Ken Thompson and Rob Pike. In 2009 they presented the Go programming language, the concept and their ideas behind it. The first stable version Go 1 was released three years later in March 2012. Originally, Go was created out of dissatisfaction with other programming languages like C++ or Java regarding topics like cluster and cloud computing but also scalable network services.

Go is strongly based on C syntax, but like Java it has a garbage collector. The main goals in the development of Go were: Supporting concurrency with native language elements, easy handling of large code bases, and achieving high translation speed.

Object orientation is possible in Go, but not through classes and their inheritance, but through the use of interfaces and mixins.

package main
import "fmt"

func main() {
   fmt.Println("Hello World")
}

Binary as a Final Product and Cross Compilation

A Go project is compiled with the go build command. This compiles all packages and dependencies into one binary. go build supports a wide range of target systems. After executing a single command, a binary for the desired platform is ready. Thus, it is easy to build a binary for Windows 10 64-bit on macOS. To do this, the build command must be given the information GOOS (target operating system) and GOARCH (target architecture). There are three different types, whereby only the first variant works with Go 1.16:

1. Via the command line:

GOOS="windows" GOARCH="amd64" go build hello.go

2. By a comment in the code:

// +build windows,amd64

3. By a special format in the file name:

hello_windows_amd64.go

Cross-compilation is nothing new in itself, but very convenient and easy to implement in Go.

Simple Concurrency with Goroutines

Go, besides being an easy way to create binaries for other platforms, also has a way for fast and easy implementation of concurrency, called goroutines. Compared to normal threads, goroutines require much less resources to create.

To create a goroutine, you call the desired function with a go in front of it, it is that simple. In the case of moving the print of Hello World to its own function, it would look like this:

func hello() {
   fmt.Println("Hello World")
}

Calling the hello() function using go hello(). By so-called channels goroutines can communicate and be synchronized.

Go Standard Library will soon get a Fuzzing Module

The fuzzing module was released for beta testers at the beginning of June this year. Fuzzing is a method to find errors, crashes and other peculiarities of applications by automatically adjusting inputs. By using fuzzing, test coverage can be increased and existing security vulnerabilities can be discovered.

Open Source Penetration Testing Tools in Go

• OWASP Amass: Attack surface mapping and asset discovery tool
• gobuster: Brute force tool to discover files and folders of websites as well as subdomains
• cameradar: Tool to discover open Real-Time Streaming Protocol (RTSP) hosts, find out information about the streaming device as well as launch attacks against it
• Merlin: Command and control server and agent for all platforms that can be compiled to with go build

Conclusion

Go offers many advantages, especially the ease of adding concurrency and the speed itself, which can be crucial in penetration testing. If curiosity and interest are now aroused in you, we may recommend the book Black Hat Go. Go looks very promising, so I will follow it.

About the Author

Ralph Meier completed an apprenticeship as an application developer, with a focus on web development with Java, at a major Swiss bank and then completed a Bachelor of Science in Computer Science UAS Zurich at the ZHAW School of Engineering. His primary task is doing security-related analysis of web applications and services. (ORCID 0000-0002-3997-8482)

Links

• https://github.com/Ne0nd0g/merlin
• https://github.com/OJ/gobuster
• https://github.com/OWASP/Amass
• https://github.com/Ullaakut/cameradar
• https://golang.org
• https://nostarch.com/blackhatgo