Scribd
Upload
744 views9 pages

Golismero Cheat Sheet

Golismero is an open source framework for security testing that allows users to perform vulnerability scans, import results from other tools, and generate reports; it includes many plugins for tasks like reconnaissance, scanning, and reporting and supports integrating with other tools and APIs; the document provides documentation on using Golismero's commands and options as well as examples of common usage scenarios.

Uploaded by

Javier Ruiz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
744 views9 pages

Golismero Cheat Sheet

Golismero is an open source framework for security testing that allows users to perform vulnerability scans, import results from other tools, and generate reports; it includes many plugins for tasks like reconnaissance, scanning, and reporting and supports integrating with other tools and APIs; the document provides documentation on using Golismero's commands and options as well as examples of common usage scenarios.

Uploaded by

Javier Ruiz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

#Golismero

[--volatile-cache] [-a

Cheat

PLUGIN:KEY=VALUE] [-e PLUGIN] [-d PLUGIN] [--max-

Sheet

concurrent N] [--plugin-timeout N]
#Jason Soto <www.jsitech.com>

[--plugins-folder PATH]
COMMAND [TARGET [TARGET ...]]

#GoLismero is an open source framework for security


testing. It's currently geared towards web security

#Syntax

#available commands

SCAN:
Perform a vulnerability scan on the given
targets. Optionally import

golismero.py [-h] [--help] [-f FILE] [--config


FILE] [--user-config FILE] [-p NAME] [--ui-mode
MODE] [-v] [-q] [--color]

results from other tools and write a report.


The arguments that follow may
be domain names, IP addresses or web pages.

[--no-color] [--audit-name
NAME] [-db DATABASE] [-nd] [-i FILENAME] [-ni] [-o
FILENAME] [-no] [--full] [--brief]
[--allow-subdomains] [--forbidsubdomains] [--parent] [-np] [-r DEPTH] [--followredirects] [--no-follow-redirects]

RESCAN:
Same as SCAN, but previously run tests are
repeated. If the database is
new, this command is identical to SCAN.

[--follow-first] [--no-followfirst] [--max-connections MAX_CONNECTIONS] [-l


MAX_LINKS] [-pu USER] [-pp PASS]
[-pa ADDRESS] [-pn PORT] [-cookie COOKIE] [--user-agent USER_AGENT] [--cookie-

PROFILES:
Show a list of available config profiles. This
command takes no arguments.

file FILE] [--persistent-cache]


PLUGINS:

Show a list of available plugins. This command


takes no arguments.
LOAD:
Load a database dump from an earlier scan in
INFO:
Show detailed information on a given plugin.
The arguments that follow are

SQL format. This command takes


no arguments. To specify input files use the -i
switch.

the plugin IDs. You can use glob-style


wildcards.
UPDATE:
Update GoLismero to the latest version.
REPORT:
Write a report from an earlier scan. This
command takes no arguments.

Requires Git to be installed and


available in the PATH. This command takes no
arguments.

To specify output files use the -o switch.


#positional arguments
IMPORT:
Import results from other tools and optionally
write a report, but don't

COMMAND

action to perform

TARGET

zero or more arguments,

meaning depends on command

scan the targets. This command takes no


arguments. To specify input files
use the -i switch.

#optional arguments
-h

show this help message and

exit
DUMP:
Dump the database from an earlier scan in SQL

--help
exit

format. This command takes no


arguments. To specify output files use the -o
switch.

#main options

show this help message and

-f FILE, --file FILE

load a list of targets from

a plain text file

write the results of the


audit to this file (use - for stdout)

--config FILE

global configuration file

-no, --no-output

do not output the results

--user-config FILE

per-user configuration file

--full

produce fully detailed

-p NAME, --profile NAME


profile to use
--ui-mode MODE

UI mode

-v, --verbose

increase output verbosity

-q, --quiet

suppress text output

--color

use colors in console

--brief

report only the highlights

#network options
--allow-subdomains

include subdomains in the

target scope

output
--no-color

reports

suppress colors in console

--forbid-subdomains

do not include subdomains

in the target scope

output

--parent

include parent folders in

the target scope


-np, --no-parent

#audit options
--audit-name NAME

customize the audit name

-db DATABASE, --audit-db DATABASE

folders in the target scope


-r DEPTH, --depth DEPTH
maximum spidering depth

specify a database filename


-nd, --no-db

do not store the results in

(use "infinite" for no limit)


--follow-redirects

a database
-i FILENAME, --input FILENAME

-ni, --no-input

do not read results from

external tools

follow redirects

--no-follow-redirects
do not follow redirects

read results from external


tools right before the audit

do not include parent

--follow-first

always follow a redirection

on the target URL itself


--no-follow-first

don't treat a redirection

on a target URL as a special case


--max-connections MAX_CONNECTIONS
#report options
-o FILENAME, --output FILENAME

maximum number of
concurrent connections per host

-l MAX_LINKS, --max-links MAX_LINKS


maximum number of links to
analyze (0 => infinite)

disable a plugin
--max-concurrent N
to run concurrently

-pu USER, --proxy-user USER


HTTP proxy username
-pp PASS, --proxy-pass PASS

--plugin-timeout N

-pa ADDRESS, --proxy-addr ADDRESS


HTTP proxy address
-pn PORT, --proxy-port PORT
HTTP proxy port number

timeout in seconds for the

execution of a plugin
--plugins-folder PATH
cheacustomize the location

HTTP proxy password

--cookie COOKIE

maximum number of plugins

of the plugins
#Example
#Show Available Plugins
$ ./golismero.py plugins

set cookie for requests

--user-agent USER_AGENT
set a custom user agent or
'random' value
--cookie-file FILE

load a cookie from file

#Available Plugins

--persistent-cache

use a persistent network

#Import plugins

cache [default]
--volatile-cache

use a volatile network


csv_nikto:

cache

Import the results of a Nikto scan in CSV


format.
#plugin options:
-a PLUGIN:KEY=VALUE, --plugin-arg
csv_spiderfoot:

PLUGIN:KEY=VALUE
pass an argument to a

Import the results of a SpiderFoot scan in CSV


format.

plugin
-e PLUGIN, --enable-plugin PLUGIN
enable a plugin
-d PLUGIN, --disable-plugin PLUGIN

xml_nmap:

Import the results of an Nmap scan in XML


format.

Integration with Exploit-DB


(http://www.exploit-db.com/)
This plugin requires a working Internet
connection to run.

xml_openvas:
Import the results of an OpenVAS scan in XML
format.

fingerprint_web:
Fingerprinter of web servers.

xml_sslscan:
Import the results of an SSLScan run in XML
format.

geoip:
Geolocates IP addresses using online services.
This plugin requires a working Internet
connection to run.

#Recon plugins
punkspider:
dns:
DNS resolver plugin.
Without it, GoLismero can't resolve domain

Integration with PunkSPIDER


(http://punkspider.hyperiongray.com/)
This plugin requires a working Internet

names to IP addresses.

connection to run.

dns_malware:

robots:

Detect if a domain has been potentially

Analyzes robots.txt files and extracts their

spoofed, hijacked.

links.

exploitdb:

shodan:

Integration with Shodan:


http://www.shodanhq.com/
This plugin requires a working Internet

brute_dns:
Tries to find hidden subdomains by brute force.

connection to run.
brute_url_extensions:
spider:
Web spider plugin.
Without it, GoLismero can't crawl web sites.

spiderfoot:
Integration with SpiderFoot:
http://www.spiderfoot.net/

Tries to discover hidden files by brute force:


www.site.com/index.php ->
www.site.com/index.php.old

brute_url_permutations:
Tries to discover hidden files by bruteforcing
the extension:
www.site.com/index.php ->
www.site.com/index.php2

theharvester:
Integration with theHarvester:
https://github.com/MarioVilas/theHarvester/

brute_url_predictables:
Tries to discover hidden files at predictable
locations.

#Scan plugins

brute_directories:
Tries to discover hidden folders by brute
force:
www.site.com/folder/ -> www.site.com/folder2
www.site.com/folder3 ...

For example: (Apache) www.site.com/error_log

brute_url_prefixes:
Tries to discover hidden files by bruteforcing
prefixes:
www.site.com/index.php ->
www.site.com/~index.php

sslscan:
brute_url_suffixes:
Tries to discover hidden files by bruteforcing

Integration with SSLScan:


http://sourceforge.net/projects/sslscan/

suffixes:
www.site.com/index.php ->
www.site.com/index2.php

zone_transfer:
Detects and exploits DNS zone transfer
vulnerabilities.

nikto:
Integration with Nikto:
https://www.cirt.net/nikto2

#Attack plugins

nmap:

heartbleed:

Integration with Nmap: http://nmap.org/

Test for the CVE-2014-0160 vulnerability (aka


"heartbleed attack").

openvas:
Integration with OpenVAS:
http://www.openvas.org/

sqlmap:
SQL Injection plugin, using SQLMap.
Only retrieves the DB banner, does not exploit
any vulnerabilities.

plecost:
WordPress vulnerabilities analyzer, completely
rewritten for GoLismero,
based on the original idea of Plecost
(https://code.google.com/p/plecost/)

xsser:
Integration with XSSer:
http://xsser.sourceforge.net/

and their team: @ffranz and @ggdaniel


#Report plugins

Extracts only the logs, in labeled tabseparated values format.


bson:
BSON (Binary JSON) output for programmatic
access.

msgpack:
MessagePack output for programmatic access.
See: http://msgpack.org/

csv:
Writes reports in Comma Separated Values
format.

odt:
Writes reports in OpenOffice document format
(.odt).

html:
Writes reports as offline web pages.
rst:
Writes reports in reStructured Text format.
json:
JSON output for programmatic access.
text:
Writes plain text reports to a file or on
latex:

screen.

Writes reports in LaTeX document format (.tex).


xml:
log:

XML output for programmatic access.

Extracts only the logs.


yaml:
ltsv:

YAML output for programmatic access.

$./golismero.py info theharvester


#UI plugins

$./golismero.py info plecost


$./golismero.py info brute*

console:
Console user interface. This is the default.

#Scan using specific plugins


$./golismero.py scan [domain] -e <plugin>
$./golismero.py scan example.com -e plecost

disabled:
Empty user interface. Used by some unit tests.

$./golismero.py scan example.com -e plecost -e


theharvester

#Examples

#Scan using multiple plugins with wildcard

#scan a website and show the results on screen:

$./golismero scan example.com -e brute*

$./golismero.py scan http://www.example.com


#Scanning and generating a HTML report
#grab Nmap results, scan all hosts found and write

$././golismero.py scan example.com -o example.html

an HTML report:
$./golismero.py scan -i nmap_output.xml -o
report.html

#dump the database from a previous scan:


$./golismero.py dump -db example.db -o dump.sql

#grab results from OpenVAS and show them on screen,


but don't scan anything:

#Add Shodan API Key to Golismero

$./golismero.py import -i openvas_output.xml

$mkdir ~/.golismero
$nano ~/.golismero/user.conf
[shodan:Configuration]

#show information on plugins:


$./golismero.py info [plugin_name]

apikey = <INSERT YOUR SHODAN API KEY HERE>

You might also like