Dynamic Analysis of Android Apps
Ralph Meier
These Features are available with Go for Penetration Testing Tools
Go is often referred to as Golang, this is due to the domain of the programming language: golang.org. The Go project was started in 2007 by Robert Griesemer, Ken Thompson and Rob Pike. In 2009 they presented the Go programming language, the concept and their ideas behind it. The first stable version Go 1 was released three years later in March 2012. Originally, Go was created out of dissatisfaction with other programming languages like C++ or Java regarding topics like cluster and cloud computing but also scalable network services.
Go is strongly based on C syntax, but like Java it has a garbage collector. The main goals in the development of Go were: Supporting concurrency with native language elements, easy handling of large code bases, and achieving high translation speed.
Object orientation is possible in Go, but not through classes and their inheritance, but through the use of interfaces and mixins.
package main import "fmt" func main() { fmt.Println("Hello World") }
A Go project is compiled with the go build
command. This compiles all packages and dependencies into one binary. go build
supports a wide range of target systems. After executing a single command, a binary for the desired platform is ready. Thus, it is easy to build a binary for Windows 10 64-bit on macOS. To do this, the build command must be given the information GOOS
(target operating system) and GOARCH
(target architecture). There are three different types, whereby only the first variant works with Go 1.16:
1. Via the command line:
GOOS="windows" GOARCH="amd64" go build hello.go
2. By a comment in the code:
// +build windows,amd64
3. By a special format in the file name:
hello_windows_amd64.go
Cross-compilation is nothing new in itself, but very convenient and easy to implement in Go.
Go, besides being an easy way to create binaries for other platforms, also has a way for fast and easy implementation of concurrency, called goroutines. Compared to normal threads, goroutines require much less resources to create.
To create a goroutine, you call the desired function with a go
in front of it, it is that simple. In the case of moving the print of Hello World to its own function, it would look like this:
func hello() { fmt.Println("Hello World") }
Calling the hello()
function using go hello()
. By so-called channels goroutines can communicate and be synchronized.
The fuzzing module was released for beta testers at the beginning of June this year. Fuzzing is a method to find errors, crashes and other peculiarities of applications by automatically adjusting inputs. By using fuzzing, test coverage can be increased and existing security vulnerabilities can be discovered.
Go offers many advantages, especially the ease of adding concurrency and the speed itself, which can be crucial in penetration testing. If curiosity and interest are now aroused in you, we may recommend the book Black Hat Go. Go looks very promising, so I will follow it.
Our experts will get in contact with you!
Ralph Meier
Ralph Meier
Ralph Meier
Ralph Meier
Our experts will get in contact with you!