Golismero adalah sebuah tools yang digunakan sebagai salah satu alat untuk security testing, biasaya digunakan untuk web vulnerability scanner, namun bisa di expand ke beberapa jenis scan.
Adapun hal yang menarik dari golismero adalah :
- Real Plafform Indepence, baik windows, linux, BSD, OS X, degenerate dari Bahasa pemrograma phyton, jika dibandingkan dengan aplikasi sejenis yang dibangun dengan phyton, golismero dapat dikatakan yang bagus dari sisi performance nya.
- Mudah digunakan
- Mengumpulkan dan menyatukan hasil dari tools lainnya misalnya sqlmap, xsser, openvas, dnsrecon, theharvester
- Dapat di integrasikan dengan CWE, CVE, dan OWASP
Tools dapat di download di www.golismero.com , setelah kita install hasilnya kira kira seperti ini ( kebetulan saya menggunakan kali linux sebagai OS saya) :
root@kali:~# golismero -h
GoLISMERO – The Web Knife.
Daniel Garcia Garcia – dani@iniqua.com | dani@estotengoqueprobarlo.es
usage: golismero [-h] [-R RECURSIVITY] [-t TARGET] [-o OUTPUT]
[-F {text,html,csv,xml,scripting,wfuzz}]
[-A {all,forms,links}] [-V] [-c] [-x] [-m] [-na] [-nc] [-ns]
[-ni] [-nm] [-nl] [-l] [-us HTTP_AUTH_USER]
[-ps HTTP_AUTH_PASS] [-C COOKIE] [-P PROXY] [-U] [-f FINGER]
[–follow]
optional arguments:
-h, –help show this help message and exit
-R RECURSIVITY recursivity level of spider. Default=0
-t TARGET target web site.
-o OUTPUT output file.
-F {text,html,csv,xml,scripting,wfuzz}
output format. “scripting” is perfect to combine with
awk,cut,grep…. default=text
-A {all,forms,links} Scan only forms, only links or both. Default=all
-V Show version.
-c colorize output. Default=No
-x, –search-vulns looking url potentially dangerous and bugs. As default
not selected
-m, –compat-mode show results as compact format. As default not
selected.
-na, –no-all implies no-css, no-script, no-images and no-mail. As
default not selected.
-nc, –no-css don’t get css links. As default not selected.
-ns, –no-script don’t get script links. As default not selected.
-ni, –no-images don’t get images links. As default not selected.
-nm, –no-mail don’t get mails (mailto: tags). As default not
selected.
-nl, –no-unparam-links
don’t get links that have not parameters. As default
not selected.
-l, –long-summary detailed summary of process. As default not selected.
-us HTTP_AUTH_USER, –http-auth-user HTTP_AUTH_USER
set http authenticacion user. As default is empty.
-ps HTTP_AUTH_PASS, –http-auth-pass HTTP_AUTH_PASS
set http authenticacion pass. As default not empty.
-C COOKIE, –cookie COOKIE
set custom cookie. As default is empty.
-P PROXY, –proxy PROXY
set proxy, as format: IP:PORT. As default is empty.
-U, –update update Golismero.
-f FINGER, –finger FINGER
fingerprint web aplication. As default not selected.
(not implemented yet)
–follow follow redirect. As default not redirect.
Examples:
– GoLISMERO.py -t site.com -c
– GoLISMERO.py -t site.com -c -A links -x
– GoLISMERO.py -t site.com -m -c -A links -o results.html -F html -x
– GoLISMERO.py -t site.com -c -A links -o wfuzz_script.sh -F wfuzz
– GoLISMERO.py -t site.com -A links –no-css –no-script –no-images –no-mail -c -x
or GoLISMERO.py -t site.com -A links -nc -ns -ni -nm
or GoLISMERO.py -t site.com -A links –no-all
or GoLISMERO.py -t site.com -A links -na
For more examples you can see EXAMPLES.txt
Contoh hasil yang bisa didapatkan ( kali ini yang saya jadikan target www.detik.com) adalah sebagai berikut :
root@kali:~# golismero -t www.detik.com
GoLISMERO – The Web Knife.
Daniel Garcia Garcia – dani@iniqua.com | dani@estotengoqueprobarlo.es
[ http://www.detik.com ]
Links
=====
[L1] /css/detik_frame_2013.css
[L2] /css/detik.footer_2013.css
[L3] /css/detik.topbar_2013.css
[L4] /css/detikads_2013.css
[L5] /css/detikcom.style_2013.css
[L6] /css/tmba.css
[L7] //cdn.detik.net.id/libs/dc/v1/css/nav.css
[L8] /javascript:void(0);
[L9] /urchin.js
[L10] //cdn.detik.net.id/libs/dc/v1/image/favicon_detikcom.png
[L11] /image/logodetikcom.png
[L12] /image/arrow_left.png
[L13] /image/arrow_right.png
[L14] //cnnindonesia.com/assets/bt/image/logo_cnn_white.png
[L15] //images.cnnindonesia.com/visual/2015/01/23/2efe39cc-2450-4692-acfb-10b1e820ab6f_169.jpg
[L16] /image/rss.gif
[L17] //pagead2.googlesyndication.com/pagead/show_ads.js
[L18] /image/logo_detikmag.png
[L19] /image/logo_mytrans.png
[L20] /image/logo_bot_1.gif
[L21] /image/logo_bot_2.gif
[L22] /js/detik.js
[L23] /js/detik.ads.controller_2013.js
[L24] /js/detik.controller_2013.js
Forms
=====
[F1] form unnamed
| Method: GET
| Target: http://search.detik.com/search?
| —————————————
| [text] query =
| [hidden] source = dcnav
| —————————————
| Raw:
query=&source=dcnav
Total links: 24
Total Forms: 1
Anda dapat mengexplorasi kemampuan lainnya dengan menggunakan parameter parameter mendukungnya. J
