[원문: http://tools.kali.org/information-gathering/golismero]


정의

GoLismero is an open source framework for security testing. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans.


The most interesting features of the framework are:


Real platform independence. Tested on Windows, Linux, *BSD and OS X.

No native library dependencies. All of the framework has been written in pure Python.

Good performance when compared with other frameworks written in Python and other scripting languages.

Very easy to use.

Plugin development is extremely simple.

The framework also collects and unifies the results of well known tools: sqlmap, xsser, openvas, dnsrecon, theharvester

Integration with standards: CWE, CVE and OWASP.

Designed for cluster deployment in mind (not available yet).

 간략하게 golismero는 보안테스트를 위한 오픈소스 프레임워크이며 웹 사이트에 맞게 설계는 되어 있지만, 다른 종류의 스캔 방법에 대해 쉽게 확장할 수 있다.

제공하는 PDF를 보자. 이해가 훨씬 빠를 것이다.


- golismero는 파이썬 기반으로 되어 있다. 

- 리눅스, 윈도우, 맥 , BSD(Berkley Software Distribution) 등 다양한 OS에 적용 가능하다. 

- OpenVAS, nmap, SSLscan 등의 툴박스이다.

- 사용이 매우 쉽다.

- 위의 툴박스의 통합된 결과를 report형태로 볼 수 있다.


Usage


installing

- kali는 기본적으로 제공된다.

1)Debian/Ubuntu

$su

# apt-get install python2.7 python2.7-dev python-pip python-docutils git perl nmap sslscan

#cd /opt

#git clone https://github.com/golismero/golismero.git

#cd golismero

#pip install -r requirements.txt

#pip install -r requirements_unix.txt

#ln -s /opt/golismero/golismero.py /usr/bin/golismero

#exit

2)Mac OS

$sudo -s

#easy_install-2.7 -U distribute

#easy_install install pip

#port install nmap sslscan

#cd /opt

#git clone https://github.com/golismero/golismero.git

#cd golismero

#pip install -r requirements.txt

#pip install -r requirements_unix.txt

#ln -s /opt/golismero/golismero.py /usr/bin/golismero

#exit

3)window

cd %HOME%

git clone https://github.com/golismero/golismero.git

cd golismero

pip install -r requirements.txt


제공하는 pdf에는 간단한 사용법이 나와있다.

Quick scan을 해보자.

# golismero scan <target>

툴박스라더니 정말로 그렇다. 유심히 볼 것은 plugin이 disabled 된 것을 확인할 수 있다.

밑에 내용들은 추가를 안했지만 harvester, zone transfer 등을 수행한다.

plugin 목록을 확인해보자

#golismero plugins

엄청 많다...

Plugin list

-------------


-= Import plugins =-

csv_nikto:

    Import the results of a Nikto scan in CSV format.

csv_spiderfoot:

    Import the results of a SpiderFoot scan in CSV format.

xml_nmap:

    Import the results of an Nmap scan in XML format.

xml_openvas:

    Import the results of an OpenVAS scan in XML format.

xml_sslscan:

    Import the results of an SSLScan run in XML format.


-= Recon plugins =-

dns:

    DNS resolver plugin.

    Without it, GoLismero can't resolve domain names to IP addresses.

dns_malware:

    Detect if a domain has been potentially spoofed, hijacked.

exploitdb:

    Integration with Exploit-DB (http://www.exploit-db.com/)

    This plugin requires a working Internet connection to run.

fingerprint_web:

    Fingerprinter of web servers.

geoip:

    Geolocates IP addresses using online services.

    This plugin requires a working Internet connection to run.

punkspider:

    Integration with PunkSPIDER (http://punkspider.hyperiongray.com/)

    This plugin requires a working Internet connection to run.

robots:

    Analyzes robots.txt files and extracts their links.

shodan:

    Integration with Shodan: http://www.shodanhq.com/

    This plugin requires a working Internet connection to run.

spider:

    Web spider plugin.

    Without it, GoLismero can't crawl web sites.

spiderfoot:

    Integration with SpiderFoot: http://www.spiderfoot.net/

theharvester:

    Integration with theHarvester: https://github.com/MarioVilas/theHarvester/


-= Scan plugins =-

brute_directories:

    Tries to discover hidden folders by brute force:

    www.site.com/folder/ -> www.site.com/folder2 www.site.com/folder3 ...

brute_dns:

    Tries to find hidden subdomains by brute force.

brute_url_extensions:

    Tries to discover hidden files by brute force:

    www.site.com/index.php -> www.site.com/index.php.old

brute_url_permutations:

    Tries to discover hidden files by bruteforcing the extension:

    www.site.com/index.php -> www.site.com/index.php2

brute_url_predictables:

    Tries to discover hidden files at predictable locations.

    For example: (Apache) www.site.com/error_log

brute_url_prefixes:

    Tries to discover hidden files by bruteforcing prefixes:

    www.site.com/index.php -> www.site.com/~index.php

brute_url_suffixes:

    Tries to discover hidden files by bruteforcing suffixes:

    www.site.com/index.php -> www.site.com/index2.php

nikto:

    Integration with Nikto: https://www.cirt.net/nikto2

nmap:

    Integration with Nmap: http://nmap.org/

openvas:

    Integration with OpenVAS: http://www.openvas.org/

plecost:

    WordPress vulnerabilities analyzer, completely rewritten for GoLismero,

    based on the original idea of Plecost (https://code.google.com/p/plecost/)

    and their team: @ffranz and @ggdaniel

sslscan:

    Integration with SSLScan: http://sourceforge.net/projects/sslscan/

zone_transfer:

    Detects and exploits DNS zone transfer vulnerabilities.


-= Attack plugins =-

heartbleed:

    Test for the CVE-2014-0160 vulnerability (aka "heartbleed attack").

sqlmap:

    SQL Injection plugin, using SQLMap.

    Only retrieves the DB banner, does not exploit any vulnerabilities.

xsser:

    Integration with XSSer: http://xsser.sourceforge.net/


-= Report plugins =-

bson:

    BSON (Binary JSON) output for programmatic access.

csv:

    Writes reports in Comma Separated Values format.

html:

    Writes reports as offline web pages.

json:

    JSON output for programmatic access.

latex:

    Writes reports in LaTeX document format (.tex).

log:

    Extracts only the logs.

ltsv:

    Extracts only the logs, in labeled tab-separated values format.

msgpack:

    MessagePack output for programmatic access.

    See: http://msgpack.org/

odt:

    Writes reports in OpenOffice document format (.odt).

rst:

    Writes reports in reStructured Text format.

text:

    Writes plain text reports to a file or on screen.

xml:

    XML output for programmatic access.

yaml:

    YAML output for programmatic access.


-= UI plugins =-

console:

    Console user interface. This is the default.

disabled:

    Empty user interface. Used by some unit tests.

전에 shodan에 대해 소개를 했는데 shodan도 제공을 해준다.

(shodan 소개: http://kkn1220.tistory.com/68 참고)

#golismero info <plugins>

apikey가 없다.

vi /usr/share/golismero/golismero.conf에 추가해주면 된다.

[openvas]

host = localhost


[testing/scan/openvas]

user = admin

password = <your password>


[shodan:Configuration]

apikey = <your shodan key>


http://goo.gl/im2FLe for detailed instructions on setting up OpenVAS

http://www.shodanhq.com/account/register for a shodan API key


결과를 콘솔로만 보면 확인의 어려움이 있다. pdf에서 보면 알 수 있듯이 결과 report를 확인할 수 있다.

#golismero scan <target> -o <outputfile_name>

(https://github.com/golismero/golismero 발췌)

'해킹 > kali tools' 카테고리의 다른 글

[Information-Gathering22]hping3  (0) 2016.03.18
[Information-Gathering21]goofile  (0) 2016.03.18
[Information-Gathering19]fragrouter  (0) 2016.03.07
[Information-Gathering18]fierce  (0) 2016.03.07
[Information-Gathering17]exploitdb  (0) 2016.03.02

+ Recent posts