0P3N Blog Blog Post
Ready to Start Your Career?
Create Free Account
By: spiritedwolf
March 31, 2017

GOLISMERO Framework - The Web Knife

By: spiritedwolf
March 31, 2017
By: spiritedwolf
March 31, 2017

Hello Everyone,

Today on the behalf of Legion group I would like to make a tutorial on GOLISMERO The Web Knife.
Actually one of my friends told me that, "theharvester or golismero.py. Both of those tools are excellently written scripts for crawling domains for information that deserves mention".

This amazing method is used for Information-Gathering process/Security-testing/technique.

What is Golismero?

I was talking with one of my friend Gee4rce and he told me about this tool. He told me that Golismero is a collection of tools which are usually used seperately to scan for Vulnerabilities. In this Toolbox we have OpenVAS, (etc.) - all theese are vulnerability scanners. By using a vulnerability scanner, you automate the process of vulnerability scanning and mostly get the results back in a Report. Golismero combines some of the most powerfull OpenSource or free for use tools curently availible. With this, you have all these tools in one place, combined in Golismero.

Why Golismero?

I know your first question will be why we should use Golismero when we have some amazing tools for pentesting? Right?

So, my answer is simple:-
1. First is of course that it is Opensource Tool/Framework.
2. Second, is as most of us know this, their are many other tools are available in market that we can use, then you will love to hear that we can attach other tools like: Nmap, xsser, openvas, dnsrecon and theharvester]reports in this Golismero Framework.
3. This Framework is now available for all platforms, it doesn't matter if you are Windows, Linux or Mac user we can use it in any Operating System now.
4. We don't need to download/install any other dependency except PYTHON dependency because it just needs python to run.

5. It is also integrated with CVE and OWASP so it will easy for us to use them now.[For report's]

DOWNLOADING/INSTALLATION

Just follow these simple steps:

1.apt-get install python2.7 python2.7-dev python-pip python-docutils git perl nmap sslscan

2.cd /opt

3.git clone https://github.com/golismero/golismero.git

4.cd golismero

5.pip install -r requirements.txt

6.pip install -r requirements_unix.txt

7.ln -s /opt/golismero/golismero.py /usr/bin/golismero 

Then just exit and we have done.

For More Info Go: HERE

So, I am dividing this tutorial into 2 parts. The 1st one is this. I will just introduce this tool, and in next tutorial, I will Demonstrate on Live website.

USAGE OF GOLISMERO

So, Basic command is of course " -h "

golismero -h

A. 1st command is:

golismero scan <target>

Example:-"golismero.py scan http://www.example.com"

So now it will run with all default options and show the report on standard output.

B. 2nd command is:-

golismero scan <target> --audit-name <name>

We can also set a name for your audit using audit-name attribute

C. 3rd command is:-

golismero scan <target> -o <output file name>

We can produce reports in different file formats. Example in .html , .php or in .txt etc. and you can write as many files as you want.

D. 4th command is:-

golismero scan -i nmap_output.xml -o Report.html

We can Grab Nmap results scan all hosts found and write an HTML report.

Golismero Available plugins

To display the list of available plugins:

golismero plugins

See you in my next tutorial Friends

It took me 1 Hour to make this tutorial, But it will take only 1 sec. to leave a review/reply here. Please comment if you like this tutorial. 

Please subscribe my channel:- https://www.youtube.com/c/Pentestingwithspirit

Please Like/Follow me on Facebook:-https://facebook.com/Pentestingwithspirit

Please Follow me on twitter:-https://twitter.com/spirit3113

Join me here:-https://crackingforums.net/member.php?action=register&referrer=45

Do you like to write about your infosec knowledge, skills, opinions, or exploits?

Blog Icon

Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry

Create Free Account