{ "info": { "author": "GoLismero team", "author_email": "golismero.project@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Console", "Intended Audience :: Information Technology", "License :: OSI Approved :: GNU General Public License v2 (GPLv2)", "Operating System :: OS Independent", "Programming Language :: Python :: 2.7", "Topic :: Security" ], "description": "### This repository contains the unstable development version.\n### For the stable version go to: https://github.com/golismero/golismero

\n\n---\n\nWhat's GoLismero?\n=================\n\nGoLismero is an open source framework for security testing. It's currently geared towards web security, but it can easily be expanded to other kinds of scans.\n\nThe most interesting features of the framework are:\n\n- Real platform independence. Tested on Windows, Linux, *BSD and OS X.\n- No native library dependencies. All of the framework has been written in pure Python.\n- Good performance when compared with other frameworks written in Python and other scripting languages.\n- Very easy to use.\n- Plugin development is extremely simple.\n- The framework also collects and unifies the results of well known tools: sqlmap, xsser, openvas, dnsrecon, theharvester...\n- Integration with standards: CWE, CVE and OWASP.\n- Designed for cluster deployment in mind (not available yet).\n\nInstalling\n==========\n\nStrictly speaking, GoLismero doesn't require installation - only its dependencies do. So if you want to use it on a system where you don't have root privileges, you can ask the system administrator to install them for you, and just run the \"git checkout\" command on your home folder.\n\nThe following are step-by-step instructions to install GoLismero on different operating systems:\n\nDebian/Ubuntu\n-------------\n\nThe following commands will download and install GoLismero on your system. This requires root privileges, so you will be prompted for your password when you run the first command.\n\n```\nsudo bash\napt-get install python2.7 python2.7-dev python-pip python-docutils git perl nmap sslscan\ncd /opt\ngit clone https://github.com/golismero/golismero.git\ncd golismero\npip install -r requirements.txt\npip install -r requirements_unix.txt\nln -s /opt/golismero/golismero.py /usr/bin/golismero\nexit\n```\n\nIf you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, run the following commands:\n\n```\nmkdir ~/.golismero\ntouch ~/.golismero/user.conf\nchmod 600 ~/.golismero/user.conf\nnano ~/.golismero/user.conf\n```\n\nAt the editor, add the following sections to the file, as appropriate:\n\n```\n[shodan:Configuration]\napikey = \n\n[openvas]\nhost = \nuser = \n*password = \n\n[spiderfoot]\nurl = \n```\n\nMac OS X\n--------\n\nFirst of all, on Mac we'll need to install the [Mac Ports](http://www.macports.org/install.php).\n\nAfter doing that, run the following commands to download and install GoLismero on your system. This requires root privileges, so you will be prompted for your password when you run the first command.\n\n```\nsudo -s\neasy_install-2.7 -U distribute\neasy_install install pip\nport install nmap sslscan\ncd /opt\ngit clone https://github.com/golismero/golismero.git\ncd golismero\npip install -r requirements.txt\npip install -r requirements_unix.txt\nln -s /opt/golismero/golismero.py /usr/bin/golismero\nexit\n```\n\nIf you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, run the following commands:\n\n```\nmkdir ~/.golismero\ntouch ~/.golismero/user.conf\nchmod 600 ~/.golismero/user.conf\nnano ~/.golismero/user.conf\n```\n\nAt the editor, add the following sections to the file, as appropriate:\n\n```\n[shodan:Configuration]\napikey = \n\n[openvas]\nhost = \nuser = \n*password = \n\n[spiderfoot]\nurl = \n```\n\nFreeBSD 10-Release\n------------------\n\nThe following commands will download and install GoLismero on your system. This requires root privileges, so you will be prompted for your password when you run the first command.\n\n```\nsu -\ncd /root\npkg update\npkg install git\npkg install python27\nln -s /usr/local/bin/python2.7 /usr/local/bin/python\npkg install databases/py-sqlite3\npkg install nmap\npkg install sslscan\npkg install devel/py-pip\nmkdir /opt 2> /dev/null\ncd /opt\ngit clone https://github.com/cr0hn/golismero.git\ncd golismero\npip install -r requirements.txt\npip install -r requirements_unix.txt\nln -s /opt/golismero/golismero.py /usr/bin/golismero\nexit\n```\n\nIf you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, run the following commands:\n\n```\nmkdir ~/.golismero\ntouch ~/.golismero/user.conf\nchmod 600 ~/.golismero/user.conf\nnano ~/.golismero/user.conf\n```\n\nAt the editor, add the following sections to the file, as appropriate:\n\n```\n[shodan:Configuration]\napikey = \n\n[openvas]\nhost = \nuser = \n*password = \n\n[spiderfoot]\nurl = \n```\n\nWindows\n-------\n\nOn Windows, you'll have to install each tool separately. You can download them from here:\n- [Python 2.7](http://python.org/download/releases/2.7.6/)\n- [Git](https://code.google.com/p/msysgit/downloads/list)\n- [Perl](http://www.perl.org/get.html#win32)\n- [Nmap](http://nmap.org/download.html#windows)\n- [SSLScan](https://code.google.com/p/sslscan-win/)\n\nSSLScan for Windows has a bug that causes crashes when writing XML output, which is the one required by GoLismero. The issue has been [unfixed since 2010](https://code.google.com/p/sslscan-win/issues/detail?id=2), so it's not likely to change soon, but there's a workaround: simply upgrade OpenSSL to a newer version. You can get an OpenSSL build from here: [Win32OpenSSL](https://slproweb.com/products/Win32OpenSSL.html).\n\nIt's usually a good idea to install Visual Studio 2008 SP1 as well. This enables the compilation of C extensions, which can speed up some Python modules.\n\nAfter installing the tools, open a console and run the following commands:\n\n```\ncd %HOME%\ngit clone https://github.com/golismero/golismero.git\ncd golismero\npip install -r requirements.txt\n```\n\nFinally, you may have to add the tools to the PATH environment variable so GoLismero can find them. You can also add GoLismero itself to the PATH.\n\nIf you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, create a new file called \"user.conf\" where you installed GoLismero and add the following sections to the file, as appropriate:\n\n```\n[shodan:Configuration]\napikey = \n\n[openvas]\nhost = \nuser = \n*password = \n\n[spiderfoot]\nurl = \n```\n\nQuick help\n==========\n\nUsing GoLismero is very easy. Below are some basic commands to start to using it:\n\nBasic usage\n-----------\n\nThis command will launch GoLismero with all default options and show the report on standard output:\n\n```golismero scan ```\n\nIf you omit the default command \"scan\" GoLismero is smart enough to figure out what you're trying to do, so this works too:\n\n```golismero ```\n\nYou can also set a name for your audit with --audit-name:\n\n```golismero scan --audit-name ```\n\nAnd you can produce reports in different file formats. The format is guessed from the file extension, and you can write as many files as you want:\n\n```golismero scan -o ```\n\n![Run example](https://raw.github.com/cr0hn/golismero/master/doc/screenshots/run_mac.png \"Run example\")\n\nAdditionally, you can import results from other tools with the -i option. You can use -i several times to import multiple files.\n\n```golismero import nikto_output.csv nmap_output.xml -db database.db```\n\nAll results are automatically stored in a database file. You can prevent this with the -nd option:\n\n```golismero -nd```\n\n![No database example](https://raw.github.com/cr0hn/golismero/master/doc/screenshots/no_db_mint.png \"No database example\")\n\nThis allows you to scan the target in one step, and generating the report later. For example, to scan without generating a report:\n\n```golismero scan -db database.db -no```\n\nAnd then generate the report from the database at a later time (or from a different machine!):\n\n```golismero report report.html -db database.db```\n\nYou can also specify multiple output files:\n\n```golismero report report.html report.txt report.rst -db example.db```\n\n![Report example](https://raw.github.com/cr0hn/golismero/master/doc/screenshots/report_win.png \"Report example\")\n\nAvailable plugins\n-----------------\n\nTo display the list of available plugins:\n\n```golismero plugins```\n\n![Plugin list example](https://raw.github.com/cr0hn/golismero/master/doc/screenshots/plugin_list_mac.png \"Plugin list example\")\n\nYou can also query more information about specific plugins:\n\n```golismero info ```\n\n![Plugin info example](https://raw.github.com/cr0hn/golismero/master/doc/screenshots/plugin_info_mint.png \"Plugin list example\")\n\nThe full plugin list is also available [online](http://golismero-project.com/doc/plugin_list/index.html).\n\nSelect a specific plugin\n------------------------\n\nUse the -e option to enable only some specific plugins, and -d to disable plugins (you can use -e and -d many times):\n\n```golismero scan -e ```\n\nYou can also select multiple plugins using wildcards. For example, you can select all bruteforce plugins like this:\n\n```golismero scan -e brute*```\n\n![Run plugin example](https://raw.github.com/cr0hn/golismero/master/doc/screenshots/run_plugin_mac_2.png \"Run plugin example\")\n\nReporting and eye candy\n-----------------------\n\nGoLismero currently produces reports on the console, in plain text files, in reStructured text format and in HTML format. In all cases, the reports are self-contained in a single file for easier transport - that means the HTML report is a single .html file with everything bundled in, and you can just attach it in an email to send it to someone else.\n\nIf no output files are specified, GoLismero reports on the console by default. But you can choose both at the same time too! For example, let's write an HTML report and also see the output on the console, using the special filename \"-\":\n\n```golismero scan -o - -o report.html```\n\nHere's what the HTML report summary looks like on Chrome:\n\n![Report header](https://raw.github.com/cr0hn/golismero/master/doc/screenshots/report_chrome_header.png \"Report header\")\n\nThe table of contents, on Firefox:\n\n![Report table](https://raw.github.com/cr0hn/golismero/master/doc/screenshots/report_firefox_header.png \"Report table\")\n\nAnd the details for each vulnerability, on Internet Explorer:\n\n![Report details](https://raw.github.com/cr0hn/golismero/master/doc/screenshots/report_ie_detail.png \"Report details\")\n\nIt's also compatible with mobile devices, like for example an iPad:\n\n![Report summary on iPad](https://raw.github.com/cr0hn/golismero/master/doc/screenshots/report_ipad.png \"Report summary on iPad\")\n\nAs you surely noticed, the layout remains consistent across all platforms. The HTML report is completely self contained in a single .html file, making it very easy to share.\n\nPutting it all together\n-----------------------\n\nIn this example we'll put everything we've seen above into practice in a single command. We'll import results from an Nmap scan, run a scan of our own but using only the DNS analysis plugins, save the results in a database file of our choosing and produce reports in HTML and reStructured text format.\n\n```golismero -i nmap_output.xml -e dns* -db database.db -o report.rst -o report.html```\n\nNotice how the default \"scan\" command was omitted but GoLismero figured it out on its own.\n\nThis is how you'd do it if you want to break it into multiple commands instead:\n\n```\ngolismero import -db database.db nmap_output.xml\ngolismero scan -db database.db -e dns* -no\ngolismero report -db database.db report.rst report.html\n```\n\nNotice how the second command uses the \"-no\" switch to prevent the default console report from kicking in.\n\nWhat will be the next features?\n===============================\n\nThe next features of GoLismero will be:\n\n- Integration with Metasploit, w3af, ZAP and many other free tools.\n- Web UI. We all know true h4xx0rs only use the console, but sometimes drag&drop does come in handy. ;)\n- Export results in PDF and MS Word format, to keep the boss happy.\n- And more plugins of course!\n\nNot enough? Roll your own!\n==========================\n\nGoLismero is fully extensible through plugins, and that means you can always roll your own scripts, tailored to your specific needs, or using your favorite tools.\n\nYou can start from the [plugin API documentation](http://golismero-project.com/doc/plugin_developers/index.html), and move on to the [full specifications](http://golismero-project.com/doc/fulldoc/index.html) if you want to tinker with GoLismero's internals.\n\nMore step-by-step tutorials and howtos are coming soon!\n\nNeed help? Found a bug?\n=======================\n\nIf you have found a bug, you can report it using the Github issues system. You can also drop us an email (golismero.project@gmail.com) or find us on Twitter ([@golismero_pro](https://twitter.com/golismero_pro)).\n\nKnown bugs\n----------\n\nSome gotchas we already know about:\n* Control-C on Python generally doesn't work very well - it may show bogus errors on screen, but you can ignore them. If stopping GoLismero takes too long, try hitting Control-C twice for force shutdown. Even then, sometimes you just have to be a patient!\n* GoLismero seems to run slower on Windows than on Linux or Mac. It appears to be related to the Python standard multiprocessing module and the lack of fork() support on Windows.\n* This is not a bug, just a reminder: GoLismero by default creates a new database file on each run! You can disable the database creation with the -nd switch.\n\n[![githalytics.com alpha](https://cruel-carlota.pagodabox.com/bd520897a768ee38569775bdb8372b8a \"githalytics.com\")](http://githalytics.com/cr0hn/golismero)\n", "description_content_type": null, "docs_url": null, "download_url": "https://github.com/golismero/golismero/archive/master.zip", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/golismero", "keywords": null, "license": "GPL2", "maintainer": null, "maintainer_email": null, "name": "golismero", "package_url": "https://pypi.org/project/golismero/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/golismero/", "project_urls": { "Download": "https://github.com/golismero/golismero/archive/master.zip", "Homepage": "https://github.com/golismero" }, "release_url": "https://pypi.org/project/golismero/2.0.3-1/", "requires_dist": null, "requires_python": null, "summary": "GoLismero: The web knife. GoLismero is an open source framework for security testing.It's currently geared towards web security, but it can easily be expanded to other kinds of scans.", "version": "2.0.3-1" }, "last_serial": 998691, "releases": { "2.0.3": [ { "comment_text": "", "digests": { "md5": "d57a9dad7202d13bd30c5d0ecec9410d", "sha256": "ee5d5659f7872db157753db10dd9196c8f1159741dc02d8f49c2cf896c101259" }, "downloads": -1, "filename": "golismero-2.0.3-py2.7.egg", "has_sig": false, "md5_digest": "d57a9dad7202d13bd30c5d0ecec9410d", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 11105, "upload_time": "2014-02-11T20:12:32", "url": "https://files.pythonhosted.org/packages/e8/e9/a0e7094745abb9965e52e39f7bf7986c41bf36be7c3d4629fa0b154be790/golismero-2.0.3-py2.7.egg" }, { "comment_text": "", "digests": { "md5": "df7a6c3f2d5027a88ffd9eb1e0501432", "sha256": "f1f94c0757e24b90583f25a2ee5e5ff64a3cdac6cd1ea9e5af55451ba72d536f" }, "downloads": -1, "filename": "golismero-2.0.3.tar.gz", "has_sig": false, "md5_digest": "df7a6c3f2d5027a88ffd9eb1e0501432", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20035915, "upload_time": "2014-02-12T16:31:43", "url": "https://files.pythonhosted.org/packages/ce/4d/a3a3b2aed1937b501b06a424dec3435c3dbe1d016b2e3493c483b0b65942/golismero-2.0.3.tar.gz" } ], "2.0.3-1": [ { "comment_text": "", "digests": { "md5": "e4e029f832c20c746074a17ea8182730", "sha256": "a0e5a1fbd8e8ffb357a6a2c4ad822ef1519d9d2d8944632e71f150854c6a5559" }, "downloads": -1, "filename": "golismero-2.0.3-1.tar.gz", "has_sig": false, "md5_digest": "e4e029f832c20c746074a17ea8182730", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20027137, "upload_time": "2014-02-13T01:56:27", "url": "https://files.pythonhosted.org/packages/71/d2/b058126e64c9c661094cfef5a66c28483e8e4a6ff467099435b266cd966e/golismero-2.0.3-1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "e4e029f832c20c746074a17ea8182730", "sha256": "a0e5a1fbd8e8ffb357a6a2c4ad822ef1519d9d2d8944632e71f150854c6a5559" }, "downloads": -1, "filename": "golismero-2.0.3-1.tar.gz", "has_sig": false, "md5_digest": "e4e029f832c20c746074a17ea8182730", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20027137, "upload_time": "2014-02-13T01:56:27", "url": "https://files.pythonhosted.org/packages/71/d2/b058126e64c9c661094cfef5a66c28483e8e4a6ff467099435b266cd966e/golismero-2.0.3-1.tar.gz" } ] }