How to tell if a binary(executable) file or web application is built with Golang?

Problem:

Solutions:

Back in the DOS days. It is common to hack a PC game with HEX editors such as those provided by PC Tools or Norton Utilities. Tweaking the hex codes will allow you to sort of cheat, unlock certain weapons for your character in the game or view the propaganda messages hidden within certain computer viruses .

You will also get to see which compiler is used to compile the executable file. Vendors such as Borland and Microsoft like to put their own signatures hidden inside the executable file and only viewable with a hex editor.

Therefore,

IF you have access to the binary(executable) file, you can view the file with a hex editor. Golang compiler and linker does not strip debugging data by default. View the binary file with hex editor and search for this string

Go build ID:

An example : Go build ID: "c8b4e6187697d181ab4d510167d1feb41b92d3d8"

or you can use the cat and grep command as well.

>cat binaryfile | grep "Go"

If the binaryfile is compiled by Golang, you should be able to get this return string(empty result if it is not)

Binary file (standard input) matches

This is 100% confirmation that the binary is compiled by Golang compiler.

In Linux/Unix, execute the strings program on the binary file. For example :

>strings -20 binary | grep Go

should give you a list that look like this :

runtime.traceGoSysExit

runtime.traceGoSysBlock

time.(*Time).GobDecode

time.(*Time).GobEncode

runtime.cgoIsGoPointer

Again, this method will give you a 100% confirmation that the binary is compiled by Golang compiler.

How to check if the web application is build with Golang?

Hard to tell for now. Couple of known Golang web application that I know of use Nginx as web server. Therefore issuing curl -I command against the website address won't be able to help you much.

Also, running curl -I command against a simple bare bone Golang(version 1.6.2) webserver will return this :

HTTP/1.1 200 OK

Date: Thu, 28 Apr 2016 04:24:42 GMT

Content-Length: 11

Content-Type: text/plain; charset=utf-8

At this time of writing, the only way to be sure of that a website is built by Golang ...... is that the server name is Caddy.

Examples :

curl -I https://presuniv.com

HTTP/1.1 200 OK

Content-Length: 75

Content-Type: application/json

Date: Thu, 28 Apr 2016 04:42:41 GMT

Server: Caddy

curl -I https://caddyserver.com/

HTTP/1.1 200 OK

Content-Security-Policy: style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com; script-src https://sidecar.gitter.im https://www.google-analytics 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; img-src 'self' data: https:; font-src 'self' https: data: blob:; media-src 'self' https: data: blob:; connect-src 'self' https:; object-src 'none';

Last-Modified: Sat, 19 Mar 2016 20:13:51 GMT

Server: Caddy

Strict-Transport-Security: max-age=31536000

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-Xss-Protection: 1; mode=block

Date: Thu, 28 Apr 2016 04:44:31 GMT

Content-Type: text/html; charset=utf-8

Hope this helps!

References:

https://caddyserver.com/

How to tell if a binary(executable) file or web application is built with Golang?

By Adam Ng

Advertisement

Tutorials