Commit 33190b8e authored by Devon Kearns's avatar Devon Kearns

Merge tag 'upstream/2.0-beta2+git20131205'

Upstream version 2.0-beta2+git20131205
parents 4a194823 7bb6dee4

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

GoLismero.py,14ea63df4b7e35232649a3c8c42ee9ea
api.py,01c72c030481ef2360fd6a427d9bbd06
argparse.py,650ba39c6bcac0839e696834682b6388
Admin/__init__.py,4ae85af1f32c428ea7e85a22cabcd6ac
Admin/ChangesGenerator.py,0535b310bae57653622d74354a419459
libs/checks.py,1e2d04f3118048b0ccf27efb405c8668
libs/Data.py,6ebda5ede9f06b12847aab2603f364e8
libs/fileresults.py,cee1c2a0c419852b13915ff1527208e3
libs/common_vars.csv,2853b17ba42330a082dc732425e868d7
libs/forms.py,179652a58f71487dd2ddf57cc5a37f03
libs/__init__.py,54504069dc830b2e269f0737463c5c65
libs/Links.py,976bc2ac7ae3eb8fb04be5ae67e278c3
libs/vulns.py,4b5c5ff3cdf4f7a32693326775b9080e
libs/io_functions.py,b92e40b460db42b3254615b3e47933e0
libs/io_net.py,dab1a589e3611d20bb5e557c0c1f9352
libs/updater.py,477e4116fbb354b13e7810b5796353cc
libs/spider.py,748dc74e054e2ce0e15faf536dcade62
libs/ntlm/des.py,388856296676bfb424bd1a8dc5ea629b
libs/ntlm/__init__.py,c85314d11128c9b5c1406b1a510b0aad
libs/ntlm/U32.py,c31fcec6261ffa3d61db09ac589e5831
libs/ntlm/des_data.py,4c4ab96a83d9a6ae52e9d8199ce51ee1
libs/ntlm/des_c.py,62efd0e20993f3529654695ec6aebc4c
libs/ntlm/HTTPNtlmAuthHandler.py,6e6ceb2b1294478a58c0ee684221e864
libs/ntlm/ntlm.py,1c22adf10c16dced89e19c54a17ac3af
bs4/dammit.py,710a751d00e221b5a513169e3c383d39
bs4/__init__.py,11940cb4095e47e02cc2466eff23ef70
bs4/testing.py,9dd7f3c9e009e49d058220a8286223ab
bs4/element.py,a7e6b07e01535c92fc3d8a5892af5747
bs4/builder/_html5lib.py,71dccc3a2deed055a8c6a5fd9d90159f
bs4/builder/__init__.py,8b8112f2f806fecf713b8e063b9a62cf
bs4/builder/_htmlparser.py,0dc30cf400b6e4a365a99a1637e16924
bs4/builder/_lxml.py,805362e937e0ede0cba21ee005a2b2ab
bs4/tests/test_html5lib.py,41cede1e87402a07fa6c18346a3c04f5
bs4/tests/test_tree.py,ddc337830b6af52df39d2039edbe94cb
bs4/tests/test_htmlparser.py,c69ed473562ba55f67fc36984eda573e
bs4/tests/test_docs.py,2693fe9ee1770b5278a990677a057890
bs4/tests/test_soup.py,4e33405d91066fe5acfc7082c5d1083f
bs4/tests/__init__.py,bf21bffcbff5972d84752e6517a9d277
bs4/tests/test_builder_registry.py,9306305e03a81e5fd472720c889ba9d6
bs4/tests/test_lxml.py,7be06e9a141207b53297d45ef1a3bd3d
Changelog
=========
2.0 beta 2
------------
- Integration with Nmap.
- Added IP address geolocation support.
- Added 22 new vulnerability types to the data model.
- Now vulnerabilities may be categorized using the following standards:
* Bugtraq ID
* CERT Advisory
* CAPEC
* CVE
* CWE
* OSVDB
* Secunia Advisory
* Security Tracker ID
* CERT Vulnerability Note
* ISS X-Force ID
- Added NIST CPE database.
- Added reStructured Text output format.
- Improvements to the command line UI and text reports, including Bash autocompletion support.
- Many improvements and internal refactoring that won't show :)
- Bugfixes!
2.0 beta 1
------------
- Complete rewrite since version 1.6.3.
- Integration with OpenVAS and Nikto.
- Shown at OWASP Open Source Security Showcase in AppSec 2013: https://appsec.eu/program/open-source-security-showcase/
#!/usr/bin/python2.7
'''
GoLISMERO - Simple web analisis
Copyright (C) 2011 Daniel Garcia | dani@estotengoqueprobarlo.es
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
'''
import argparse
from libs.updater import *
from libs.io_functions import *
from api import *
from sys import exit
import textwrap
__version__ = "0.2"
__prog__ = "GoLISMERO"
__examples__ = '''
Examples:
- GoLISMERO.py -t site.com -c
- GoLISMERO.py -t site.com -c -A links -x
- GoLISMERO.py -t site.com -m -c -A links -o results.html -F html -x
- GoLISMERO.py -t site.com -c -A links -o wfuzz_script.sh -F wfuzz
- GoLISMERO.py -t site.com -A links --no-css --no-script --no-images --no-mail -c -x
or GoLISMERO.py -t site.com -A links -nc -ns -ni -nm
or GoLISMERO.py -t site.com -A links --no-all
or GoLISMERO.py -t site.com -A links -na
For more examples you can see EXAMPLES.txt
'''
# Parameters
PARAMETERS=cParams()
def Credits():
print ""
print "%s - The Web Knife." % (__prog__)
print ""
print "Daniel Garcia Garcia - dani@iniqua.com | dani@estotengoqueprobarlo.es"
print ""
#
# Comienzo del programa
#
if __name__ == '__main__':
Credits()
#En caso de que se haya introducido una pagina, navegamos a esta URL e iniciamos el proceso de investigacion
parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter, epilog=__examples__)
parser.add_argument('-R', action='store', dest='recursivity', help='recursivity level of spider. Default=0', default = 0)
parser.add_argument('-t', action='store', dest='target', help='target web site.')
parser.add_argument('-o', action='store', dest='output', help='output file.', default = None)
parser.add_argument('-F', action='store', dest='format', help='output format. "scripting" is perfect to combine with awk,cut,grep.... default=text', choices = ['text','html','csv','xml','scripting','wfuzz'], default = 'text')
parser.add_argument('-A', action='store', dest='scan', help='Scan only forms, only links or both. Default=all', choices = ['all','forms','links'], default = 'all')
parser.add_argument('-V', action='store_true', help='Show version.')
parser.add_argument('-c', action='store_true', help='colorize output. Default=No')
parser.add_argument('-x','--search-vulns', action='store_true', help='looking url potentially dangerous and bugs. As default not selected')
parser.add_argument('-m','--compat-mode', action='store_true', help='show results as compact format. As default not selected.')
parser.add_argument('-na','--no-all', action='store_true', help='implies no-css, no-script, no-images and no-mail. As default not selected.')
parser.add_argument('-nc','--no-css', action='store_true', help='don\'t get css links. As default not selected.')
parser.add_argument('-ns','--no-script', action='store_true', help='don\'t get script links. As default not selected.')
parser.add_argument('-ni','--no-images', action='store_true', help='don\'t get images links. As default not selected.')
parser.add_argument('-nm','--no-mail', action='store_true', help='don\'t get mails (mailto: tags). As default not selected.')
parser.add_argument('-nl','--no-unparam-links', action='store_true', help='don\'t get links that have not parameters. As default not selected.')
parser.add_argument('-l','--long-summary', action='store_true', help='detailed summary of process. As default not selected.')
parser.add_argument('-us','--http-auth-user', action='store', dest='http_auth_user', help='set http authenticacion user. As default is empty.', default = None)
parser.add_argument('-ps','--http-auth-pass', action='store', dest='http_auth_pass', help='set http authenticacion pass. As default not empty.', default = None)
parser.add_argument('-C','--cookie', action='store', dest='cookie', help='set custom cookie. As default is empty.', default = None)
parser.add_argument('-P','--proxy', action='store', dest='proxy', help='set proxy, as format: IP:PORT. As default is empty.', default = None)
parser.add_argument('-U','--update', action='store_true', help='update Golismero.')
parser.add_argument('-f','--finger', action='store', dest='finger', help='fingerprint web aplication. As default not selected. (not implemented yet) ', default = None)
parser.add_argument('--follow', action='store_true', help='follow redirect. As default not redirect.')
P = parser.parse_args()
if P.update is True:
print "[i] Updating..."
update()
print ""
exit(0)
# Asociamos variable globales
PARAMETERS.RECURSIVITY = P.recursivity
PARAMETERS.OUTPUT_FILE = P.output
PARAMETERS.TARGET = P.target
PARAMETERS.SHOW_TYPE = P.scan
PARAMETERS.SUMMARY= P.long_summary
PARAMETERS.COLOR = P.c
PARAMETERS.OUTPUT_FILE = P.output
PARAMETERS.OUTPUT_FORMAT = P.format
PARAMETERS.IS_NCSS = P.no_css
PARAMETERS.IS_NJS = P.no_script
PARAMETERS.IS_NIMG = P.no_images
PARAMETERS.IS_NMAIL = P.no_mail
PARAMETERS.PROXY = P.proxy
PARAMETERS.COOKIE = P.cookie
PARAMETERS.AUTH_USER = P.http_auth_user
PARAMETERS.AUTH_PASS = P.http_auth_pass
PARAMETERS.IS_N_PARAMS_LINKS = P.no_unparam_links
PARAMETERS.COMPACT = P.compat_mode
PARAMETERS.FOLLOW = P.follow
PARAMETERS.VERSION = P.V
PARAMETERS.VULNS = P.search_vulns
# Mostrar version
if PARAMETERS.VERSION is True:
print "%s version is '%s'" % (__prog__, __version__)
print ""
exit(0)
# Marcamos todos los "no"
if P.no_all is True:
PARAMETERS.IS_NCSS = True
PARAMETERS.IS_NJS = True
PARAMETERS.IS_NIMG = True
PARAMETERS.IS_NMAIL = True
try:
GoLISMERO_Main(PARAMETERS)
except IOError,e:
print ""
print str(e)
print ""
sys.exit(1)
# Mostrar resultados
ShowScreenResults(PARAMETERS)
What's GoLismero 2.0?
=====================
GoLismero is an open source framework for security testing. It's currently geared towards web security, but it can easily be expanded to other kinds of scans.
The most interesting features of the framework are:
- Real platform independence. Tested on Windows, Linux, *BSD and OS X.
- No native library dependencies. All of the framework has been written in pure Python.