Golismero tool running in Kali Linux for web reconnaissance

Golismero Cheatsheet

The Complete Web Security Testing Framework Reference

Basic Golismero Commands

Help Menu
golismero -h
Show the help message and exit.
Version Info
golismero -v
Show program’s version number and exit.
List Plugins
golismero --list-plugins
List all available plugins.
Plugin Info
golismero --plugin-info plugin_name
Show information about a specific plugin.
Update Plugins
golismero --update
Update all plugins from the online repositories.
Show Profiles
golismero --profiles
List all available scan profiles.

Scanning Techniques

Basic Scan
golismero scan http://example.com
Perform a basic scan on a target URL.
Multiple Targets
golismero scan http://example1.com http://example2.com
Scan multiple targets in one command.
Targets from File
golismero scan -i targets.txt
Scan targets listed in a file (one per line).
Scan with Profile
golismero scan --profile quick http://example.com
Use a predefined scan profile (quick, full, etc.).
Depth Limit
golismero scan --depth 2 http://example.com
Limit crawling depth (default is 5).
Max Pages
golismero scan --max-pages 50 http://example.com
Limit maximum number of pages to crawl.
Scan Timeout
golismero scan --max-time 3600 http://example.com
Set maximum scan time in seconds.
User Agent
golismero scan --user-agent "Custom Agent" http://example.com
Set custom user agent string.
Cookie Injection
golismero scan --cookie "name=value" http://example.com
Add cookies to all requests.
HTTP Auth
golismero scan --auth-user user --auth-pass pass http://example.com
Use HTTP Basic Authentication.
Proxy Settings
golismero scan --proxy http://proxy:8080 http://example.com
Use a proxy for all connections.

Plugin Management

Enable Plugins
golismero scan --enable-plugin spider --enable-plugin fingerprinter http://example.com
Enable specific plugins for the scan.
Disable Plugins
golismero scan --disable-plugin dos --disable-plugin brute http://example.com
Disable specific plugins for the scan.
Plugin Groups
golismero scan --plugin-group web http://example.com
Enable all plugins in a specific group.
Import Results
golismero import --plugin openvas results.xml
Import results from another tool using a plugin.
Custom Plugin
golismero scan --plugin-path /path/to/plugin http://example.com
Load a custom plugin from a specific path.

Important Plugins

Spider Plugin
golismero scan --enable-plugin spider http://example.com
Web spider/crawler to discover pages and resources.
Fingerprinting
golismero scan --enable-plugin fingerprinter http://example.com
Server and application fingerprinting.
SQL Injection
golismero scan --enable-plugin sqlmap http://example.com
SQL injection testing (requires sqlmap).
XSS Testing
golismero scan --enable-plugin xss http://example.com
Cross-site scripting vulnerability testing.
Brute Force
golismero scan --enable-plugin brute http://example.com
Brute force directories and files.
SSL Testing
golismero scan --enable-plugin ssl http://example.com
SSL/TLS configuration testing.

Report Generation

HTML Report
golismero scan -o report.html http://example.com
Generate an HTML report.
Text Report
golismero scan -o report.txt http://example.com
Generate a plain text report.
XML Report
golismero scan -o report.xml http://example.com
Generate an XML report.
JSON Report
golismero scan -o report.json http://example.com
Generate a JSON report.
Multiple Reports
golismero scan -o report.html -o report.xml http://example.com
Generate multiple report formats at once.
Report Verbosity
golismero scan -o report.html --verbose http://example.com
Include more details in the report.
Report Only Vulnerabilities
golismero scan -o report.html --only-vulns http://example.com
Only include vulnerabilities in the report.
Colorized Output
golismero scan --color http://example.com
Enable colorized console output.
Quiet Mode
golismero scan --quiet http://example.com
Suppress all non-essential output.

Advanced Techniques

Parallel Scans
golismero scan --pool-size 5 http://example.com
Set number of parallel processes (default is 3).
Performance Tuning
golismero scan --max-connections 10 --max-slaves 3 http://example.com
Control connection and slave process limits.
Session Management
golismero scan --session session_file.db http://example.com
Save/restore scan session to/from file.
Resume Scan
golismero scan --resume session_file.db
Resume an interrupted scan from session file.
Audit Mode
golismero audit --pentest http://example.com
Run in penetration testing mode.
API Mode
golismero api
Start in API mode for remote control.
Debug Mode
golismero scan --debug http://example.com
Enable debug output.
Dry Run
golismero scan --dry-run http://example.com
Simulate scan without making actual requests.
Custom Config
golismero scan --config myconfig.conf http://example.com
Use custom configuration file.

Tool Integration

Import Nmap Results
golismero import nmap_output.xml
Import results from Nmap scan.
Import OpenVAS Results
golismero import --plugin openvas openvas_report.xml
Import results from OpenVAS scan.
Import w3af Results
golismero import --plugin w3af w3af_output.xml
Import results from w3af scan.
Import Nessus Results
golismero import --plugin nessus nessus_report.nessus
Import results from Nessus scan.
Import Burp Results
golismero import --plugin burp burp_report.xml
Import results from Burp Suite.
Import Nikto Results
golismero import --plugin nikto nikto_output.txt
Import results from Nikto scan.
Import from File
golismero import -i targets.txt
Import targets from a text file.
Export to SQLite
golismero dump -o results.db
Export results to SQLite database.
Load from SQLite
golismero load results.db
Load results from SQLite database.

Common Scan Combinations

Quick Security Audit
golismero scan --profile quick -o report.html http://example.com
Quick scan with HTML report.
Full Penetration Test
golismero audit --pentest --enable-plugin all -o full_report.html http://example.com
Comprehensive penetration test with all plugins.
Web Application Test
golismero scan --plugin-group web --cookie "sessionid=123" -o web_report.html http://example.com
Focused web application test with session cookie.
Network Infrastructure Test
golismero scan --plugin-group network -o network_report.html 192.168.1.0/24
Network infrastructure vulnerability assessment.

This cheatsheet is for educational purposes only. Always ensure you have proper authorization before scanning any website or network.

Related Articles

Avatar photo

I'm passionate about technology, coding. I've been interested in computers since I was a kid. My favorite programming languages are python and JavaScript

Similar Posts

Leave a Reply