golismero

What is GoLISMERO?

GoLISMERO is a web spider is able to detect vulnerabilities and format results a very useful when starting a web audit.

It's for?

GoLISMERO is intended to be a first step when starting a web security audit.

Every time we face a new URL, would not it be great to have easily and quick all the links, forms with parameters, to detect possible URL vulnerable and in addition to being presented so that gives us an idea of ​​all points of entry where we could launch attacks? GoLISMERO lets us do all this.

Learning with examples

Remember: For execute GoLismero you need python 2.7.X or abobe.

Below are several examples and case studies, which are the best way to learn to use a security tool.

1. Getting all links and forms from a web, with all its parameters, extended format:

GoLISMERO.py –t google.com

1. Getting all links, on compact mode, and colorize output:

GoLISMERO.py –c –m –t google.com

1. Getting only links. Removing css, javascript, images and mails:

GoLISMERO.py --no-css--no-script --no-images --no-mail –c –A links –m –t google.com

Or, reduced format:

GoLISMERO.py –na –c –A links –m –t google.com

1. Getting only links with params and follow redirects (HTTP 302) and export results in HTML:

GoLISMERO.py –c –A links --follow –F html –o results.html –m –t google.com

And HTML generated code:

1. Getting all links, looking for potentially vulnerable URL and using an intermediate proxy to analyze responses. The URLs or vulnerable parameters are highlighted in red.

GoLISMERO.py –c –A links --follow -na –x –m –t terra.com

Check as ZAP Proxy capture request: