3. What's GoLismero?
• GoLismero, The Web Knife is an open source
framework for security testing.
• It's currently geared towards web security, but
it can easily be expanded to other kinds of
scans.
• Developers:
Daniel Garcia and Mario Vilas
4. Features
• Real platform independence. Tested on Windows, Linux, *BSD
and OS X
• No native library dependencies. All framework has been
written in pure Python
• Good performance
• Very easy to use
• Plugin development is extremely simple
• Collects and unifies the results of well known tools: sqlmap,
xsser, openvas, dnsrecon, theharvester...
• Integration with standards: CWE, CVE and OWASP
• Design for cluster deployment in near future
5. Commands
• Scan a website
golismero scan <target>
• You can omit the default command "scan"
golismero <target>
• You can also set a name for your audit with --
audit-name
golismero scan <target> --audit-name <name>
6. • To display the list of available plugins
golismero plugins
7. • To display the available profiles
golismero proflies
8. • To scan the target and generate database file
golismero scan <target> -db database.db -no
9. • And then generate the report from the
database
golismero report report.html -db database.db
10. Select a specific plugin
• Use the -e option to enable only some specific
plugins, and -d to disable plugins
golismero scan <target> -e <plugin>
11. Upcoming features
• Integration with Metasploit, w3af, ZAP and
many other free tools
• Web UI
• Export results in PDF and MS Word format
• And more plugins