Wednesday 16 November 2016





Hello everyone ,
Today on the behalf of Legion group i would like to make a tutorial on GOLISMERO The Web Knife.


Actually one of my friend told me that,
"theharvester or golismero.py. Both of those tools are excellently written scripts for crawling domains for information that deserves mention".

This amazing method is used for Information-Gathering process/Security-testing/technique.



What is Golismero?


I was talking with one of my friend Gee4rce and he told me about this tool. He told me that Golismero is a collection of tools which are usually used seperately to scan for Vulnerabilities. In this Toolbox we have OpenVAS, (etc.) - all theese are vulnerability scanners. By using a vulnerability scanner, you automate the process of vulnerability scanning and mostly get the results back in a Report. Golismero combines some of the most powerfull OpenSource or free for use tools curently availible. With this, you have all these tools in one place, combined in Golismero.



Why Golismero?

I know your first question will be why we should use Golismero when we have some amazing tools for pentesting? Right?

So, my answer is simple:-

1. First one is of course that it is Opensource Tool/Framework.

2. Second one is as most of us this that their are many other tools are available in market that we can use, then you will love to hear that we can attach other tool [Like:-Nmap ,xsser , openvas, dnsrecon and theharvester]reports in this Golismero Framework .

3. This Framework is now available for all platforms , it doesn't matter if you are Windows , Linux or Mac user we can use it in any Operating System now. 

4. We don't need to download/install any other dependency except PYTHON dependency because it just need python to run.

5. It is also integrated with CVE and owasp so it will easy for us to use them now.

[For report's]



DOWNLOADING/INSTALLATION

Just follow these simple steps:-

1.apt-get install python2.7 python2.7-dev python-pip python-docutils git perl nmap sslscan

2.cd /opt

3.git clone https://github.com/golismero/golismero.git

4.cd golismero

5.pip install -r requirements.txt

6.pip install -r requirements_unix.txt

7.ln -s /opt/golismero/golismero.py /usr/bin/golismero 


Then just exit and we have done.

For More Info Go:- HERE

So, I am dividing this tutorial in 2 parts 1st one is this where i will just introduce this tool and in next tutorial i will Demonstrate on Live website.


USAGE OF GOLISMERO


So, 

Basic command is of course " -h "


golismero -h


A. 1st command is :- 

golismero scan <target>



Example:-"golismero.py scan http://www.example.com"

So now it will run with all default options and show the report on standard output.

B. 2nd command is:-


golismero scan <target> --audit-name <name>



We can also set a name for your audit using audit-name attribute

C. 3rd command is:-


golismero scan <target> -o <output file name>



We can produce reports in different file formats. Example in .html , .php or in .txt etc. and you can write as many files as you want.

D. 4th command is:-


golismero scan -i nmap_output.xml -o Report.html



We can Grab Nmap results scan all hosts found and write an HTML report.


Golismero Available plugins

To display the list of available plugins:

golismero plugins







See you in my next tutorial Friends


It took me 1 Hour to make this tutorial, But it will take only 1 sec. to leave a review/reply here. Please comment if you like this tutorial. 

:angel: Thanks :angel: 

8 comments

Please tell us if we have done anything wrong :) and please share our website if you like.