面向红队的, 高性能高度自由可拓展的自动化扫描引擎 | A highly controllable and extensionable automated scanning engine for red teams
2.1k
Stars
196
Forks
19
Open issues
3
Contributors
AI Analysis
Gogo is a high-performance automated reconnaissance and vulnerability scanning engine purpose-built for red team operations, supporting active/passive fingerprinting, nuclei POC integration, and heuristic scanning modes. It is specifically designed for network reconnaissance professionals and penetration testers who need fine-grained control over scanning behavior, minimal packet footprint, and DSL-based customization—not for general security scanning or non-specialized users.
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
Go-based reconnaissance scanner for red teams with tunable port configs, fingerprinting, and Nuclei PoC support.
Gogo is a Go-written automated scanning engine designed for penetration testers and red teamers. It focuses on port scanning, service fingerprinting, vulnerability PoC execution via Nuclei, and information extraction with emphasis on minimizing packet overhead and memory use. The project targets operators who need fine-grained control over scan behavior and scope. Real-world adoption remains modest but concentrated within Chinese security communities; adoption outside this region is not verified.
Created June 2022, Gogo emerged during the wider adoption of Go for security tooling. The project was positioned as an alternative to general-purpose scanners, emphasizing red team workflows and DSL-driven customization. A blog post introducing the project appeared in November 2022.
Stars grew to ~2,094 by mid-2026, with forks at 196 and recent weekly growth of 6 stars. The project has remained consistently active with a push on 2026-06-29, suggesting ongoing maintenance. Growth has been steady rather than explosive, reflecting adoption in a specialized segment rather than broad mainstream traction.
Adoption not verified beyond assumed use within Chinese red team communities. No public case studies, company endorsements, or documented large-scale deployments mentioned. The project appears in security tool aggregators and has generated discussion in Chinese security circles, but adoption outside that region and among enterprises is not evidenced.
Appears to be a modular Go application with pluggable port configuration (via tags and ranges), passive/active fingerprinting modes, Nuclei integration for PoC execution, and a DSL-driven workflow system. The README indicates minimal external dependencies ('纯原生go编写'—pure native Go). Heuristic scanning modes (smart, supersmart) suggest layered reconnaissance strategies. Exact implementation details cannot be verified from README alone.
Not documented in README. No mention of test suites, CI/CD pipelines, or testing methodology.
Recent push on 2026-06-29 (within 4 days of evaluation date 2026-07-03) indicates active maintenance. Steady star accumulation and fork count suggest continued interest. No evidence of abandonment or multi-month gaps in commits visible from metadata.
ADOPT IF: you are a red teamer or pentester who values minimal packet overhead, customizable workflows via DSL, and integrated fingerprinting + PoC execution in a single statically-linked binary, and you operate primarily in environments where Go can run (including legacy Windows). AVOID IF: you need broad, community-validated PoC libraries (Nuclei's public templates vastly exceed Gogo's), enterprise support, or cross-platform GUI tooling. MONITOR IF: you work in environments where Gogo's templates repository (chainreactors/templates) gains significant expansion, or if adoption in non-Chinese-speaking communities begins to materialize.
Independent dimensions
Mainstream potential
3/10
Technical importance
6/10
Adoption evidence
4/10
- Adoption outside Chinese-speaking security communities is not verified; language barrier (README and documentation primarily in Chinese) may limit discoverability and contribution.
- Ecosystem dependency on chainreactors/templates repository; if template maintenance slows, PoC coverage stagnates relative to rapidly-evolving public exploits.
- No visible test suite, CI/CD pipeline, or code review process documented; maintenance quality and security vetting opaqueness.
- Narrow specialization in red team workflows may limit appeal to enterprises seeking vendor-neutral, widely-audited scanning infrastructure.
- Integration with Nuclei (via 'neutron' fork) creates maintenance burden if upstream Nuclei changes significantly or this fork diverges.
Gogo will likely remain a stable, moderately-adopted tool within specialized red team and Chinese security operator communities. Mainstream enterprise adoption is unlikely without broader English documentation, public security audits, and template ecosystem growth beyond Chinese sources. The project will persist in maintenance mode with slow, steady growth.
Explore similar
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Language
- Go
- License
- GPL-3.0
- Last updated
- 6d ago
- Created
- 50mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Open issues
[warn] failed to compile template nginx: could not compile regex: (?x)nginx\/(\d+\.\d+\.\d+) error in start
使用-F命令获取.dat扫描结果无反应如何解决。
能否支持输入ip:port格式进行扫描
大佬们,虽然我还是阅读了使用文档并自己研究了一下,还是有些问题希望大佬们可以给我解疑
手动编译失败
Open pull requests
No open pull requests.
Top contributors
Similar repos
chainreactors/spray
Spray is a high-performance HTTP directory fuzzer written in Go, designed for...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
2.1k | +3 | Go | 8/10 | 6d ago |
|
|
1k | — | Go | 8/10 | 5d ago |
|
|
8.7k | — | HTML | 7/10 | 4mo ago |
|
|
10.7k | — | Go | 7/10 | 2d ago |
Nuclei is a PoC runner; Gogo wraps Nuclei (via 'neutron' fork) as one component within a broader scanner combining port enumeration, fingerprinting, and workflow orchestration. Nuclei dominates template sharing; Gogo adds infrastructure orchestration.
Gogo targets different use cases—speed, minimal packet overhead, and red team DSL customization over comprehensive vulnerability scoring. Nmap/Nessus are enterprise-oriented; Gogo is operator-centric.
Gogo is local/internal-network scanning; Shodan/Censys are passive internet-scale reconnaissance. Different problem domains.
Gogo focuses on scanning and fingerprinting; Metasploit provides post-exploitation. Gogo is more granular on enumeration; Metasploit is broader but heavier.
Gogo offers integrated fingerprinting, PoC, and DSL; Masscan is a raw port scanner. Gogo trades raw speed for higher-level orchestration.