GoLismero包装说明

GoLismero是安全性测试的开源框架。它是目前面向网络的安全性,但它可以很容易地扩展到其他类型的扫描。

该框架的最有趣的特点是:

  • 真正的平台独立性。经测试在Windows,Linux,* BSD和OS X.
  • 没有机库的依赖关系。所有的框架的已被写入在纯Python。
  • 当写在Python和其他脚本语言等框架比较不错的表现。
  • 使用非常简单。
  • 插件的开发是非常简单的。
  • 该框架还收集和统一的知名工具的结果:一个SqlMap,xsser,openvas,dnsrecon,theharvester
  • 集成有标准:CWE,CVE和OWASP。
  • 专为集群部署记(尚未公布)。

资料来源:https://github.com/golismero/golismero
GoLismero首页 | 卡利GoLismero回购

  • 作者:丹尼尔·加西亚
  • 许可:GPL第二版

包含在golismero软件包工具

golismero - Web应用程序映射
root@kali:~# golismero -h

/----------------------------------------------\
| GoLismero 2.0.0b3 - The Web Knife            |
| Contact: golismero.project<@>gmail.com       |
|                                              |
| Daniel Garcia Garcia a.k.a cr0hn (@ggdaniel) |
| Mario Vilas (@Mario_Vilas)                   |
\----------------------------------------------/

usage: golismero.py COMMAND [TARGETS...] [--options]

  SCAN:
    Perform a vulnerability scan on the given targets. Optionally import
    results from other tools and write a report. The arguments that follow may
    be domain names, IP addresses or web pages.

  PROFILES:
    Show a list of available config profiles. This command takes no arguments.

  PLUGINS:
    Show a list of available plugins. This command takes no arguments.

  INFO:
    Show detailed information on a given plugin. The arguments that follow are
    the plugin IDs. You can use glob-style wildcards.

  REPORT:
    Write a report from an earlier scan. This command takes no arguments.
    To specify output files use the -o switch.

  IMPORT:
    Import results from other tools and optionally write a report, but don't
    scan the targets. This command takes no arguments. To specify input files
    use the -i switch.

  DUMP:
    Dump the database from an earlier scan in SQL format. This command takes no
    arguments. To specify output files use the -o switch.

  UPDATE:
    Update GoLismero to the latest version. Requires Git to be installed and
    available in the PATH. This command takes no arguments.

examples:

  scan a website and show the results on screen:
    golismero.py scan http://www.example.com

  grab Nmap results, scan all hosts found and write an HTML report:
    golismero.py scan -i nmap_output.xml -o report.html

  grab results from OpenVAS and show them on screen, but don't scan anything:
    golismero.py import -i openvas_output.xml

  show a list of all available configuration profiles:
    golismero.py profiles

  show a list of all available plugins:
    golismero.py plugins

  show information on all bruteforcer plugins:
    golismero.py info brute_*

  dump the database from a previous scan:
    golismero.py dump -db example.db -o dump.sql

golismero用法示例

运行漏洞扫描(扫描)对输入文件(-i /root/port80.xml)的目标,将输出保存到文件(-o SUB1-port80.html):

root@kali:~# golismero scan -i /root/port80.xml -o sub1-port80.html