Golismero

Description

GoLismero is an open source framework for security testing. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans. It can run their own security tests and manage a lot of well known security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer…) take their results, feedback to the rest of tools and merge all of results. And all of this automatically.

Usage

Syntax

golismero [-h] [-R RECURSIVITY] [-t TARGET] [-o OUTPUT] [-F {text,html,csv,xml,scripting,wfuzz}] [-A {all,forms,links}] [-V] [-c] [-x] [-m] [-na] [-nc] [-ns] [-ni] [-nm] [-nl] [-l] [-us HTTP_AUTH_USER] [-ps HTTP_AUTH_PASS] [-C COOKIE] [-P PROXY] [-U] [-f FINGER] [–follow]

Options

optional arguments:
  -h, --help            show this help message and exit
  -R RECURSIVITY        recursivity level of spider. Default=0
  -t TARGET             target web site.
  -o OUTPUT             output file.
  -F {text,html,csv,xml,scripting,wfuzz}
                        output format. "scripting" is perfect to combine with
                        awk,cut,grep.... default=text
  -A {all,forms,links}  Scan only forms, only links or both. Default=all
  -V                    Show version.
  -c                    colorize output. Default=No
  -x, --search-vulns    looking url potentially dangerous and bugs. As default
                        not selected
  -m, --compat-mode     show results as compact format. As default not
                        selected.
  -na, --no-all         implies no-css, no-script, no-images and no-mail. As
                        default not selected.
  -nc, --no-css         don't get css links. As default not selected.
  -ns, --no-script      don't get script links. As default not selected.
  -ni, --no-images      don't get images links. As default not selected.
  -nm, --no-mail        don't get mails (mailto: tags). As default not
                        selected.
  -nl, --no-unparam-links
                        don't get links that have not parameters. As default
                        not selected.
  -l, --long-summary    detailed summary of process. As default not selected.
  -us HTTP_AUTH_USER, --http-auth-user HTTP_AUTH_USER
                        set http authenticacion user. As default is empty.
  -ps HTTP_AUTH_PASS, --http-auth-pass HTTP_AUTH_PASS
                        set http authenticacion pass. As default not empty.
  -C COOKIE, --cookie COOKIE
                        set custom cookie. As default is empty.
  -P PROXY, --proxy PROXY
                        set proxy, as format: IP:PORT. As default is empty.
  -U, --update          update Golismero.
  -f FINGER, --finger FINGER
                        fingerprint web aplication. As default not selected.
                        (not implemented yet)
  --follow              follow redirect. As default not redirect.

Example

cyborg@cyborg:/usr/share/golismero$ sudo cp /usr/bin/golismero /usr/share/golismero/


cyborg@cyborg:/usr/share/golismero$ sudo golismero -t  http://google.com  -o result.txt

GoLISMERO - The Web Knife.

Daniel Garcia Garcia - [email protected] | [email protected]


[ http://google.com ]

  Links
  =====
  [L1] /search
  [L2] /images/branding/product/ico/googleg_lodp.ico
  [L3] /?hl=en&tab=w8
        | hl = en
        | hl = 
        | tab = w8
        | tab = 
        | Raw:
        | hl=en&hl=&tab=w8&tab=
  [L4] /mail/?tab=wm
        | tab = wm
        | tab = 
        | Raw:
        | tab=wm&tab=
  [L5] /?tab=wo
        | tab = wo
        | tab = 
        | Raw:
        | tab=wo&tab=
  [L6] /preferences
  [L7] /ServiceLogin?hl=en&continue=http://www.google.co.in/%3Fgfe_rd%3Dcr%26ei%3Did8MVr7JFqnG8Ae65owQ
        | hl = en
        | hl = 
        | continue = http://www.google.co.in/%3Fgfe_rd%3Dcr%26ei%3Did8MVr7JFqnG8Ae65owQ
        | continue = 
        | Raw:
        | hl=en&hl=&continue=http://www.google.co.in/%3Fgfe_rd%3Dcr%26ei%3Did8MVr7JFqnG8Ae65owQ&continue=
  [L8] /chrome/browser/
  [L9] /advanced_search
  [L10] /language_tools
  [L11] /intl/en/ads/
  [L12] /104205742743787718296
  [L13] /intl/en/about.html
  [L14] /intl/en/policies/privacy/
  [L15] /intl/en/policies/terms/
  [L16] /images/icons/product/chrome-48.png
  [L17] /logos/doodles/2015/annie-besants-168th-birthday-5735648329728000-hp.jpg


  Forms
  =====
  [F1] f
      | Method: GET
      | Target: /search
      | ---------------
      | [hidden] ie = ISO-8859-1
      | [hidden] hl = en-IN
      | [hidden] source = hp
      | [hidden] biw = 
      | [hidden] bih = 
      | [No info] q = 
      | [submit] btnG = Google Search
      | [submit] btnI = I'm Feeling Lucky
      | [hidden] gbv = 1
      | ---------------
      | Raw:
        ie=ISO-8859-1&hl=en-IN&source=hp&biw=&bih=&q=&btnG=Google Search&btnI=I'm Feeling Lucky&gbv=1 

Total links: 17
Total Forms: 1

cyborg@cyborg:/usr/share/golismero$ cat result.txt 

[ http://google.com ]

  Links
  =====
  [1] /search
  [2] /images/branding/product/ico/googleg_lodp.ico
  [3] /?hl=en&tab=w8.......
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?