Home / Unlabelled / GoLismero - The Web Knife

GoLismero - The Web Knife

GoLismero - The Web Knife

GoLismero an open source software framework for security testing. Even though it is currently geared towards web security, it can be expanded to other kinds of scans.

It can run their own security tests and manage a lot of well-known security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer...) take their results, feedback to the rest of tools and merge all of the results. And the best part about this is that all of this can be done automatically.

Features:

  • Real platform independence. Tested on Windows, Linux, *BSD and OS X.
  • No native library dependencies. All of the framework has been written in pure Python.
  • Good performance when compared with other frameworks written in Python and other scripting languages.
  • Very easy to use.
  • Plugin development is extremely simple.
  • The framework also collects and unifies the results of well-known tools: sqlmap, xsser, openvas, dnsrecon, theharvester...
  • Integration with standards: CWE, CVE and OWASP.
  • Designed for cluster deployment in mind.

Note: GoLismero doesn't require installation - only its dependencies do.

Here are step-by-step instructions to install GoLismero on different operating systems:

Debian/Ubuntu

This requires root privileges so you will be prompted for your password when you run the first command.
sudo bash
 apt-get install python2.7 python2.7-dev python-pip python-docutils git perl nmap sslscan
 cd /opt
 git clone https://github.com/golismero/golismero.git
 cd golismero
 pip install -r requirements.txt
 pip install -r requirements_unix.txt
 ln -s /opt/golismero/golismero.py /usr/bin/golismero
 exit

If you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, run the following commands:
mkdir ~/.golismero
 touch ~/.golismero/user.conf
 chmod 600 ~/.golismero/user.conf
 nano ~/.golismero/user.conf

At the editor, add the following sections to the file, as appropriate:
[shodan:Configuration]
 apikey = <INSERT YOUR SHODAN API KEY HERE>
 
 [openvas]
 host = <INSERT THE OPENVAS HOST HERE>
 user = <INSERT THE OPENVAS USERNAME HERE>
 *password = <INSERT THE OPENVAS PASSWORD HERE>
 
 [spiderfoot]
 url = <INSERT THE SPIDERFOOT URL HERE>


Mac OS X

First, install the Mac Ports.

Run the following commands (requires root privileges):
sudo -s
 easy_install-2.7 -U distribute
 easy_install install pip
 port install nmap sslscan
 cd /opt
 git clone https://github.com/golismero/golismero.git
 cd golismero
 pip install -r requirements.txt
 pip install -r requirements_unix.txt
 ln -s /opt/golismero/golismero.py /usr/bin/golismero
 exit

To integrate Shodan, or an OpenVAS server or a SpiderFoot server with GoLismero, follow the instructions mentioned in the Debian/Ubuntu installation (only if you have API keys).

FreeBSD 10-Release

Run the following commands (requires root privileges):
su -
 cd /root
 pkg update
 pkg install git
 pkg install python27
 ln -s /usr/local/bin/python2.7 /usr/local/bin/python
 pkg install databases/py-sqlite3
 pkg install nmap
 pkg install sslscan
 pkg install devel/py-pip
 mkdir /opt 2> /dev/null
 cd /opt
 git clone https://github.com/golismero/golismero.git
 cd golismero
 pip install -r requirements.txt
 pip install -r requirements_unix.txt
 ln -s /opt/golismero/golismero.py /usr/bin/golismero
 exit

If you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, follow the instructions mentioned in the Debian/Ubuntu installation.

Windows

On Windows, you'll have to install each tool separately. You can download them from here:
After installing the tools, open a console and run the following commands:
cd %HOME%
 git clone https://github.com/golismero/golismero.git
 cd golismero
 pip install -r requirements.txt

Finally, you may have to add the tools to the PATH environment variable so GoLismero can find them. You can also add GoLismero itself to the PATH.

If you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, create a new file called "user.conf" where you installed GoLismero and add the following sections to the file, as appropriate:
[shodan:Configuration]
 apikey = <INSERT YOUR SHODAN API KEY HERE>
 
 [openvas]
 host = <INSERT THE OPENVAS HOST HERE>
 user = <INSERT THE OPENVAS USERNAME HERE>
 *password = <INSERT THE OPENVAS PASSWORD HERE>
 
 [spiderfoot]
 url = <INSERT THE SPIDERFOOT URL HERE>


How To Use GoLismero

Here are some basic commands:

This command will launch GoLismero with all default options and show the report on standard output:
golismero scan <target>

If you omit the default command "scan" GoLismero is smart enough to figure out what you're trying to do, so this works too:
golismero <target>

You can also set a name for your audit with --audit-name:
golismero scan <target> --audit-name <name>

And you can produce reports in different file formats. The format is guessed from the file extension, and you can write as many files as you want:
golismero scan <target> -o <output file name>

GoLismero Shell Screenshot
Additionally, you can import results from other tools with the -i option. You can use -i several times to import multiple files.
golismero import nikto_output.csv nmap_output.xml -db database.db

This allows you to scan the target in one step, and generate the report later. For example, to scan without generating a report:
golismero scan <target> -db database.db -no

And then generate the report from the database at a later time (or from a different machine!):
golismero report report.html -db database.db

You can also specify multiple output files:
golismero report report.html report.txt report.rst -db example.db

GoLismero Command Prompt Screenshot

To display a list of available plugins:
golismero plugins

GoLismero Plugins Screenshot

You can also query more information about specific plugins:
golismero info <plugin>

GoLismero Plugin Details Screenshot

Use the -e option to enable only some specific plugins, and -d to disable plugins (you can use -e and -d many times):
golismero scan <target> -e <plugin>

You can also select multiple plugins using wildcards. For example, you can select all bruteforce plugins like this:
golismero scan <target> -e brute*

GoLismero Bruteforce Screenshot

Reports:

GoLismero currently produces reports on the console, in plain text files, in reStructured text format, and in HTML format. In all cases, the reports are self-contained in a single file for easier transport - that means the HTML report is a single .HTML file with everything bundled in, and you can just attach it to an email to send it to someone else.

If no output files are specified, GoLismero reports on the console by default. But you can choose both at the same time too! For example, let's write an HTML report and also see the output on the console, using the special filename "-":
golismero scan <target> -o - -o report.html

Here's what the HTML report summary looks like on Chrome:

GoLismero HTML Report Screenshot


Download GoLismero


Source: www.effecthacking.com
GoLismero - The Web Knife GoLismero - The Web Knife Reviewed by Anonymous on 3:10 PM Rating: 5

Tags