Golismero tool running in Kali Linux for web reconnaissance

Golismero Cheatsheet

The Complete Web Security Testing Framework Reference

Basic Golismero Commands

Help Menu
golismero -h
Show the help message and exit.
Version Info
golismero -v
Show program’s version number and exit.
List Plugins
golismero --list-plugins
List all available plugins.
Plugin Info
golismero --plugin-info plugin_name
Show information about a specific plugin.
Update Plugins
golismero --update
Update all plugins from the online repositories.
Show Profiles
golismero --profiles
List all available scan profiles.

Scanning Techniques

Basic Scan
golismero scan http://example.com
Perform a basic scan on a target URL.
Multiple Targets
golismero scan http://example1.com http://example2.com
Scan multiple targets in one command.
Targets from File
golismero scan -i targets.txt
Scan targets listed in a file (one per line).
Scan with Profile
golismero scan --profile quick http://example.com
Use a predefined scan profile (quick, full, etc.).
Depth Limit
golismero scan --depth 2 http://example.com
Limit crawling depth (default is 5).
Max Pages
golismero scan --max-pages 50 http://example.com
Limit maximum number of pages to crawl.
Scan Timeout
golismero scan --max-time 3600 http://example.com
Set maximum scan time in seconds.
User Agent
golismero scan --user-agent "Custom Agent" http://example.com
Set custom user agent string.
Cookie Injection
golismero scan --cookie "name=value" http://example.com
Add cookies to all requests.
HTTP Auth
golismero scan --auth-user user --auth-pass pass http://example.com
Use HTTP Basic Authentication.
Proxy Settings
golismero scan --proxy http://proxy:8080 http://example.com
Use a proxy for all connections.

Plugin Management

Enable Plugins
golismero scan --enable-plugin spider --enable-plugin fingerprinter http://example.com
Enable specific plugins for the scan.
Disable Plugins
golismero scan --disable-plugin dos --disable-plugin brute http://example.com
Disable specific plugins for the scan.
Plugin Groups
golismero scan --plugin-group web http://example.com
Enable all plugins in a specific group.
Import Results
golismero import --plugin openvas results.xml
Import results from another tool using a plugin.
Custom Plugin
golismero scan --plugin-path /path/to/plugin http://example.com
Load a custom plugin from a specific path.

Important Plugins

Spider Plugin
golismero scan --enable-plugin spider http://example.com
Web spider/crawler to discover pages and resources.
Fingerprinting
golismero scan --enable-plugin fingerprinter http://example.com
Server and application fingerprinting.
SQL Injection
golismero scan --enable-plugin sqlmap http://example.com
SQL injection testing (requires sqlmap).
XSS Testing
golismero scan --enable-plugin xss http://example.com
Cross-site scripting vulnerability testing.
Brute Force
golismero scan --enable-plugin brute http://example.com
Brute force directories and files.
SSL Testing
golismero scan --enable-plugin ssl http://example.com
SSL/TLS configuration testing.

Report Generation

HTML Report
golismero scan -o report.html http://example.com
Generate an HTML report.
Text Report
golismero scan -o report.txt http://example.com
Generate a plain text report.
XML Report
golismero scan -o report.xml http://example.com
Generate an XML report.
JSON Report
golismero scan -o report.json http://example.com
Generate a JSON report.
Multiple Reports
golismero scan -o report.html -o report.xml http://example.com
Generate multiple report formats at once.
Report Verbosity
golismero scan -o report.html --verbose http://example.com
Include more details in the report.
Report Only Vulnerabilities
golismero scan -o report.html --only-vulns http://example.com
Only include vulnerabilities in the report.
Colorized Output
golismero scan --color http://example.com
Enable colorized console output.
Quiet Mode
golismero scan --quiet http://example.com
Suppress all non-essential output.

Advanced Techniques

Parallel Scans
golismero scan --pool-size 5 http://example.com
Set number of parallel processes (default is 3).
Performance Tuning
golismero scan --max-connections 10 --max-slaves 3 http://example.com
Control connection and slave process limits.
Session Management
golismero scan --session session_file.db http://example.com
Save/restore scan session to/from file.
Resume Scan
golismero scan --resume session_file.db
Resume an interrupted scan from session file.
Audit Mode
golismero audit --pentest http://example.com
Run in penetration testing mode.
API Mode
golismero api
Start in API mode for remote control.
Debug Mode
golismero scan --debug http://example.com
Enable debug output.
Dry Run
golismero scan --dry-run http://example.com
Simulate scan without making actual requests.
Custom Config
golismero scan --config myconfig.conf http://example.com
Use custom configuration file.

Tool Integration

Import Nmap Results
golismero import nmap_output.xml
Import results from Nmap scan.
Import OpenVAS Results
golismero import --plugin openvas openvas_report.xml
Import results from OpenVAS scan.
Import w3af Results
golismero import --plugin w3af w3af_output.xml
Import results from w3af scan.
Import Nessus Results
golismero import --plugin nessus nessus_report.nessus
Import results from Nessus scan.
Import Burp Results
golismero import --plugin burp burp_report.xml
Import results from Burp Suite.
Import Nikto Results
golismero import --plugin nikto nikto_output.txt
Import results from Nikto scan.
Import from File
golismero import -i targets.txt
Import targets from a text file.
Export to SQLite
golismero dump -o results.db
Export results to SQLite database.
Load from SQLite
golismero load results.db
Load results from SQLite database.

Common Scan Combinations

Quick Security Audit
golismero scan --profile quick -o report.html http://example.com
Quick scan with HTML report.
Full Penetration Test
golismero audit --pentest --enable-plugin all -o full_report.html http://example.com
Comprehensive penetration test with all plugins.
Web Application Test
golismero scan --plugin-group web --cookie "sessionid=123" -o web_report.html http://example.com
Focused web application test with session cookie.
Network Infrastructure Test
golismero scan --plugin-group network -o network_report.html 192.168.1.0/24
Network infrastructure vulnerability assessment.

Similar Posts

Leave a Reply