So what is this tool all about?
Golismero is an open source framework, used for mapping web applications and finding vulnerabilities. The tool is designed to be used by penetration testers and red teamers to aid in finding web application flaws by bringing together a number of other pen testing tools. The tool is a huge timesaver since it takes the donkeywork out of running other tools individually.
Golismero is written in Python with no dependency on native libraries. The tool is supported by all major operating systems including Windows, Linux, and Mac OS X.
How can it be installed?
In Linux, Golismero can be installed using the following commands. Installation details for other operating systems are available here.
sudo bash
apt-get install python2.7 python2.7-dev python-pip python-docutils git perl nmap sslscan
cd /opt
git clone https://github.com/golismero/golismero.git
cd golismero
pip install -r requirements.txt
pip install -r requirements_unix.txt
ln -s /opt/golismero/golismero.py /usr/bin/golismero
exit
Let’s see the tool in action
The important Golismero commands include SCAN, RESCAN, PROFILES, PLUGINS, INFO, REPORT, DUMP, LOAD, IMPORT, and UPDATE. The SCAN command is used to find the vulnerabilities in the target web application. For instance, the following command can be used to find flaws in the target website.
Golismero scan <target url here>
The audit can be given a name using the following command.
golismero scan < target url here > --audit-name <audit name here>
Similarly, the file name and file extension can also be provided to tell the tool to save the report in the desired format using the following command.
golismero scan < target url here > --audit-name <file name with extension here>
Upcoming Features
What Bunny rating does it get?
