GoLismero包装说明
GoLismero是安全性测试的开源框架。它是目前面向网络的安全性,但它可以很容易地扩展到其他类型的扫描。
该框架的最有趣的特点是:
- 真正的平台独立性。经测试在Windows,Linux,* BSD和OS X.
- 没有机库的依赖关系。所有的框架的已被写入在纯Python。
- 当写在Python和其他脚本语言等框架比较不错的表现。
- 使用非常简单。
- 插件的开发是非常简单的。
- 该框架还收集和统一的知名工具的结果:一个SqlMap,xsser,openvas,dnsrecon,theharvester
- 集成有标准:CWE,CVE和OWASP。
- 专为集群部署记(尚未公布)。
资料来源:https://github.com/golismero/golismero
GoLismero首页 | 卡利GoLismero回购
- 作者:丹尼尔·加西亚
- 许可:GPL第二版
包含在golismero软件包工具
golismero - Web应用程序映射
[email protected]:~# golismero -h
/----------------------------------------------\
| GoLismero 2.0.0b3 - The Web Knife |
| Contact: golismero.project<@>gmail.com |
| |
| Daniel Garcia Garcia a.k.a cr0hn (@ggdaniel) |
| Mario Vilas (@Mario_Vilas) |
\----------------------------------------------/
usage: golismero.py COMMAND [TARGETS...] [--options]
SCAN:
Perform a vulnerability scan on the given targets. Optionally import
results from other tools and write a report. The arguments that follow may
be domain names, IP addresses or web pages.
PROFILES:
Show a list of available config profiles. This command takes no arguments.
PLUGINS:
Show a list of available plugins. This command takes no arguments.
INFO:
Show detailed information on a given plugin. The arguments that follow are
the plugin IDs. You can use glob-style wildcards.
REPORT:
Write a report from an earlier scan. This command takes no arguments.
To specify output files use the -o switch.
IMPORT:
Import results from other tools and optionally write a report, but don't
scan the targets. This command takes no arguments. To specify input files
use the -i switch.
DUMP:
Dump the database from an earlier scan in SQL format. This command takes no
arguments. To specify output files use the -o switch.
UPDATE:
Update GoLismero to the latest version. Requires Git to be installed and
available in the PATH. This command takes no arguments.
examples:
scan a website and show the results on screen:
golismero.py scan http://www.example.com
grab Nmap results, scan all hosts found and write an HTML report:
golismero.py scan -i nmap_output.xml -o report.html
grab results from OpenVAS and show them on screen, but don't scan anything:
golismero.py import -i openvas_output.xml
show a list of all available configuration profiles:
golismero.py profiles
show a list of all available plugins:
golismero.py plugins
show information on all bruteforcer plugins:
golismero.py info brute_*
dump the database from a previous scan:
golismero.py dump -db example.db -o dump.sql
golismero用法示例
运行漏洞扫描(扫描)对输入文件(-i /root/port80.xml)的目标,将输出保存到文件(-o SUB1-port80.html):
[email protected]:~# golismero scan -i /root/port80.xml -o sub1-port80.html