This tool allows you to map a web application and detect vulnerabilities of it.
Also you can manage a lot of security tools like OpenVas, Nikto, DNS recon, robot analyzer... and take their results merged in a single report automatically.
GoLismero has been tested on Windows, Linux, BSD and OS X and it doesn’t have library dependencies, you only need to have Python 2.7.5 installed.
It's really easy to install. Just execute the command below in your Linux machine.
git clone https://github.com/golismero/golismero.git
Also, this project has created a GoLismero VM (based in Kali Linux). You can download here: http://golismero-project.com/downloads/kali-golismero.ova
This VirtualBox Machine includes:
- OpenVAS installations pre-configured.
- VirtualBox tools.
- GoLismero updater.
- GoLismero stable and develop version.
We have a lot of options to set in order to run GoLismero. Have a look at the picture below. If you want more information about an option, just type this command.
python golismero.py --help
Like the one mentioned above, GoLismero can manage some well known applications like Nikto. With the command below, we can see all the plugins available to use.
python golismero.py --plugin-list
Here, I'm going to describe all plugins included with this tool.
-= Import plugins =-
- csv: Import the results of a Nikto scan in CSV format.
- xml: Import the results of an OpenVAS scan.
-= Recon plugins =-
- default_error_page: Identifies default error pages for most commonly used web servers.
- dns_analyzer: Tries to find hidden subdomains by enumerating them using the DNS protocol.
- dns_subdomains_bruteforcer: Tries to find hidden subdomains by brute force.
- dns_zone_transfer: Tries to make a DNS zone transfer.
- fingerprint_os: Fingerprinter of server operating systems.
- fingerprint_web: Fingerprinter of web servers.
- robots: Analyzes robots.txt files and extracts their links.
- spider: Web spider plugin. Without it, GoLismero can't crawl web sites.
- suspicious_url: Flags suspicious words in URLs.
- theharvester: Integration with theHarvester (https://code.google.com/p/theharvester/).
-= Scan plugins =-
- brute_directories: Tries to discover hidden folders by brute force: www.site.com/folder/ -> www.site.com/folder2 www.site.com/folder3 ...
- brute_extensions: Tries to discover hidden files by brute force: www.site.com/index.php -> www.site.com/index.php.old
- brute_permutations: Tries to discover hidden files by bruteforcing the extension: www.site.com/index.php -> www.site.com/index.php2
- brute_predictables: Tries to discover hidden files at predictable locations. For example: (Apache) www.site.com/error_log
- brute_prefixes: Tries to discover hidden files by bruteforcing prefixes: www.site.com/index.php -> www.site.com/~index.php
- brute_suffixes: Tries to discover hidden files by bruteforcing suffixes: www.site.com/index.php -> www.site.com/index2.php
- nikto: Run the Nikto scanner and import the results.
- openvas: Run the OpenVAS scanner and import the results
-= Report plugins =-
- html: Plugin to generate HTML reports.
- text: Creates text reports in files or on screen.
-= UI plugins =-
- console: Console user interface.
- disabled: Empty user interface.
Also you can create your own plugins. You can obtain more information about its plugin's API here.
If you want to know more details about some plugins you can get it typing --plugin-info plugin_name. Have a look at the commands and pictures below:
python golismero.py --plugin-info openvasIf you would like to integrate GoLismero with OpenVAS you should set the correct IP, port, user and password of your OpenVAS installation.
python golismero.py --plugin-info nikto
After this brief introduction of the GoLismero's details, I want to show you an example of how to work with this tool.
First of all, take care with this tool. If you launch it with the default options, the tool begins to search other subdomains and try to attack them. You might want to audit all your infraestructure and if it's your goal, that is ok, if not, use the "--forbid-subdomains" option.
Ok. Let's go.
sudo python golismero.py -d theharvester,openvas,dns* --forbid-subdomains --audit-name MyProject -o MyProject.html www.example.es
Details about this command:
- With "-d" option, we are telling to GoLismero that we don't want to use theharvester, openvas and the rest of plugins which begin with "dns".
- With "--forbid-subdomains" we avoid attacking other subdomains. We are going to focus in only one target.
- With "--audit-name MyProject" we are going to save the results in a database named MyProject.db.
- With "-o MyProject.html" we are going to generate a HTML report.
Note: If you want to set which plugins you want use instead of which plugins you don't want to use, you can use "-e" option.
When the scan is finished, just open the HTML report with your favourite web browser.
We can see the details of the report filtered by Vulnerability...
... or filtered by resource.
In my opinion GoLismero is a great tool which is currently growing.
The next features of GoLismero will be:
- Integration with Nmap, SQLMap, Metasploit and many other tools.
- Web UI.
- Export results in PDF format.