在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称:golismero/golismero开源软件地址:https://github.com/golismero/golismero开源编程语言:Python 76.1%开源软件介绍:What's GoLismero?GoLismero is an open source framework for security testing. It's currently geared towards web security, but it can easily be expanded to other kinds of scans. The most interesting features of the framework are:
InstallingStrictly speaking, GoLismero doesn't require installation - only its dependencies do. So if you want to use it on a system where you don't have root privileges, you can ask the system administrator to install them for you, and just run the "git checkout" command on your home folder. The following are step-by-step instructions to install GoLismero on different operating systems: Debian/UbuntuThe following commands will download and install GoLismero on your system. This requires root privileges, so you will be prompted for your password when you run the first command.
If you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, run the following commands:
At the editor, add the following sections to the file, as appropriate:
Mac OS XFirst of all, on Mac we'll need to install the Mac Ports. After doing that, run the following commands to download and install GoLismero on your system. This requires root privileges, so you will be prompted for your password when you run the first command.
If you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, run the following commands:
At the editor, add the following sections to the file, as appropriate:
FreeBSD 10-ReleaseThe following commands will download and install GoLismero on your system. This requires root privileges, so you will be prompted for your password when you run the first command.
If you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, run the following commands:
At the editor, add the following sections to the file, as appropriate:
WindowsOn Windows, you'll have to install each tool separately. You can download them from here: Nikto is already bundled with GoLismero, but it requires the Cygwin version of Perl to run, since the native version can't handle Unix paths. You can download if from here: Cygwin. SSLScan for Windows has a bug that causes crashes when writing XML output, which is the one required by GoLismero. The issue has been unfixed since 2010, so it's not likely to change soon, but there's a workaround: simply upgrade OpenSSL to a newer version. You can get an OpenSSL build from here: Win32OpenSSL. It's usually a good idea to install Visual Studio 2008 SP1 as well. This enables the compilation of C extensions, which can speed up some Python modules. After installing the tools, open a console and run the following commands:
Finally, you may have to add the tools to the PATH environment variable so GoLismero can find them. You can also add GoLismero itself to the PATH. If you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, create a new file called "user.conf" where you installed GoLismero and add the following sections to the file, as appropriate:
Quick helpUsing GoLismero is very easy. Below are some basic commands to start to using it: Basic usageThis command will launch GoLismero with all default options and show the report on standard output:
If you omit the default command "scan" GoLismero is smart enough to figure out what you're trying to do, so this works too:
You can also set a name for your audit with --audit-name:
And you can produce reports in different file formats. The format is guessed from the file extension, and you can write as many files as you want:
Additionally, you can import results from other tools with the -i option. You can use -i several times to import multiple files.
This allows you to scan the target in one step, and generate the report later. For example, to scan without generating a report:
And then generate the report from the database at a later time (or from a different machine!):
You can also specify multiple output files:
Available pluginsTo display the list of available plugins:
You can also query more information about specific plugins:
The full plugin list is also available online. Select a specific pluginUse the -e option to enable only some specific plugins, and -d to disable plugins (you can use -e and -d many times):
You can also select multiple plugins using wildcards. For example, you can select all bruteforce plugins like this:
Reporting and eye candyGoLismero currently produces reports on the console, in plain text files, in reStructured text format and in HTML format. In all cases, the reports are self-contained in a single file for easier transport - that means the HTML report is a single .html file with everything bundled in, and you can just attach it in an email to send it to someone else. If no output files are specified, GoLismero reports on the console by default. But you can choose both at the same time too! For example, let's write an HTML report and also see the output on the console, using the special filename "-":
Here's what the HTML report summary looks like on Chrome: The table of contents, on Firefox: And the details for each vulnerability, on Internet Explorer: It's also compatible with mobile devices, like for example an iPad: As you surely noticed, the layout remains consistent across all platforms. The HTML report is completely self contained in a single .html file, making it very easy to share. Putting it all togetherIn this example we'll put everything we've seen above into practice in a single command. We'll import results from an Nmap scan, run a scan of our own but using only the DNS analysis plugins, save the results in a database file of our choosing and produce reports in HTML and reStructured text format.
Notice how the default "scan" command was omitted but GoLismero figured it out on its own. This is how you'd do it if you want to break it into multiple commands instead:
Notice how the second command uses the "-no" switch to prevent the default console report from kicking in. What will be the next features?The next features of GoLismero will be:
Not enough? Roll your own!GoLismero is fully extensible through plugins, and that means you can always roll your own scripts, tailored to your specific needs, or using your favorite tools. You can start from the plugin API documentation, and move on to the full specifications if you want to tinker with GoLismero's internals. More step-by-step tutorials and howtos are coming soon! Need help? Found a bug?If you have found a bug, you can report it using the Github issues system. You can also drop us an email ([email protected]) or find us on Twitter (@golismero_pro). Known bugsSome gotchas we already know about:
|
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论