...
 
Commits (22)

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

#!/usr/bin/python
'''
GoLISMERO - Simple web analisis
Copyright (C) 2011 Daniel Garcia | dani@estotengoqueprobarlo.es
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
'''
#
# Genera el fichero de cambios de todos los ficheros del directorio donde se ejecuta
#
import os
import sys
import csv
import md5
def generate():
fileList = []
rootdir = os.curdir
# Obtencion de todos los ficheros .py y .csv
for root, subFolders, files in os.walk(rootdir):
#folderCount += len(subFolders)
for file in files:
spt = file.split(".")
ext = spt[len(spt) - 1 ] # obtenemos la extension del fichero
if ext == "py" or ext == "csv": # filtramos por extension
f = os.path.join(root,file)
fileList.append(f.replace("./",""))
# creacion del fichero de cambios
f_changes = csv.writer(open("Admin/changes.dat","w"))
# para cada fichero creamos una fila
m_md5 = md5.new()
for f in fileList:
# Nombre del fichero
filename = f
# firma
m_md5.update(filename)
firma = m_md5.hexdigest()
f_changes.writerow([filename,firma])
if __name__ == '__main__':
print ""
print "ChangesGenerator- File changes maker"
print ""
print "Daniel Garcia Garcia - dani@estotengoqueprobarlo.es"
print "http://www.estotengoqueprobarlo.es"
print ""
print ""
print "[i] Obtieniendo listado de directorios"
generate()
print "[i] Fichero creado correctamente"
print ""
\ No newline at end of file
GoLismero.py,14ea63df4b7e35232649a3c8c42ee9ea
api.py,01c72c030481ef2360fd6a427d9bbd06
argparse.py,650ba39c6bcac0839e696834682b6388
Admin/__init__.py,4ae85af1f32c428ea7e85a22cabcd6ac
Admin/ChangesGenerator.py,0535b310bae57653622d74354a419459
libs/checks.py,1e2d04f3118048b0ccf27efb405c8668
libs/Data.py,6ebda5ede9f06b12847aab2603f364e8
libs/fileresults.py,cee1c2a0c419852b13915ff1527208e3
libs/common_vars.csv,2853b17ba42330a082dc732425e868d7
libs/forms.py,179652a58f71487dd2ddf57cc5a37f03
libs/__init__.py,54504069dc830b2e269f0737463c5c65
libs/Links.py,976bc2ac7ae3eb8fb04be5ae67e278c3
libs/vulns.py,4b5c5ff3cdf4f7a32693326775b9080e
libs/io_functions.py,b92e40b460db42b3254615b3e47933e0
libs/io_net.py,dab1a589e3611d20bb5e557c0c1f9352
libs/updater.py,477e4116fbb354b13e7810b5796353cc
libs/spider.py,748dc74e054e2ce0e15faf536dcade62
libs/ntlm/des.py,388856296676bfb424bd1a8dc5ea629b
libs/ntlm/__init__.py,c85314d11128c9b5c1406b1a510b0aad
libs/ntlm/U32.py,c31fcec6261ffa3d61db09ac589e5831
libs/ntlm/des_data.py,4c4ab96a83d9a6ae52e9d8199ce51ee1
libs/ntlm/des_c.py,62efd0e20993f3529654695ec6aebc4c
libs/ntlm/HTTPNtlmAuthHandler.py,6e6ceb2b1294478a58c0ee684221e864
libs/ntlm/ntlm.py,1c22adf10c16dced89e19c54a17ac3af
bs4/dammit.py,710a751d00e221b5a513169e3c383d39
bs4/__init__.py,11940cb4095e47e02cc2466eff23ef70
bs4/testing.py,9dd7f3c9e009e49d058220a8286223ab
bs4/element.py,a7e6b07e01535c92fc3d8a5892af5747
bs4/builder/_html5lib.py,71dccc3a2deed055a8c6a5fd9d90159f
bs4/builder/__init__.py,8b8112f2f806fecf713b8e063b9a62cf
bs4/builder/_htmlparser.py,0dc30cf400b6e4a365a99a1637e16924
bs4/builder/_lxml.py,805362e937e0ede0cba21ee005a2b2ab
bs4/tests/test_html5lib.py,41cede1e87402a07fa6c18346a3c04f5
bs4/tests/test_tree.py,ddc337830b6af52df39d2039edbe94cb
bs4/tests/test_htmlparser.py,c69ed473562ba55f67fc36984eda573e
bs4/tests/test_docs.py,2693fe9ee1770b5278a990677a057890
bs4/tests/test_soup.py,4e33405d91066fe5acfc7082c5d1083f
bs4/tests/__init__.py,bf21bffcbff5972d84752e6517a9d277
bs4/tests/test_builder_registry.py,9306305e03a81e5fd472720c889ba9d6
bs4/tests/test_lxml.py,7be06e9a141207b53297d45ef1a3bd3d
Changelog
=========
2.0 beta 3
------------
- Integration with SSLScan, SQLMap, XSSer, Shodan and PunkSPIDER.
- Completely rewritten HTML report.
- New report formats: OpenOffice, LaTeX, JSON, BSON, XML, YAML, MsgPack.
- Many improvements to the reports and the vulnerability descriptions.
- Fixes and improvements to the OpenVAS plugin.
- Added vulnerability standards:
* Exploit-DB ID
* Microsoft Bulletin ID
* Microsoft Knowledge Base ID
* Nessus Plugin ID
- And bugfixes and usual ;)
Also, say hello to our new team members @rrequero and @jekkay! :)
2.0 beta 2
------------
- Integration with Nmap.
- Added IP address geolocation support.
- Added 22 new vulnerability types to the data model.
- Now vulnerabilities may be categorized using the following standards:
* Bugtraq ID
* CERT Advisory
* CAPEC
* CVE
* CWE
* OSVDB
* Secunia Advisory
* Security Tracker ID
* CERT Vulnerability Note
* ISS X-Force ID
- Added reStructured Text output format.
- Improvements to the command line UI and text reports, including Bash autocompletion support.
- Many improvements and internal refactoring that won't show :)
- Bugfixes!
2.0 beta 1
------------
- Complete rewrite since version 1.6.3.
- Integration with OpenVAS and Nikto.
- Shown at OWASP Open Source Security Showcase in AppSec 2013: https://appsec.eu/program/open-source-security-showcase/
#!/usr/bin/python2.7
'''
GoLISMERO - Simple web analisis
Copyright (C) 2011 Daniel Garcia | dani@estotengoqueprobarlo.es
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
'''
import argparse
from libs.updater import *
from libs.io_functions import *
from api import *
from sys import exit
import textwrap
__version__ = "0.2"
__prog__ = "GoLISMERO"
__examples__ = '''
Examples:
- GoLISMERO.py -t site.com -c
- GoLISMERO.py -t site.com -c -A links -x
- GoLISMERO.py -t site.com -m -c -A links -o results.html -F html -x
- GoLISMERO.py -t site.com -c -A links -o wfuzz_script.sh -F wfuzz
- GoLISMERO.py -t site.com -A links --no-css --no-script --no-images --no-mail -c -x
or GoLISMERO.py -t site.com -A links -nc -ns -ni -nm
or GoLISMERO.py -t site.com -A links --no-all
or GoLISMERO.py -t site.com -A links -na
For more examples you can see EXAMPLES.txt
'''
# Parameters
PARAMETERS=cParams()
def Credits():
print ""
print "%s - The Web Knife." % (__prog__)
print ""
print "Daniel Garcia Garcia - dani@iniqua.com | dani@estotengoqueprobarlo.es"
print ""
#
# Comienzo del programa
#
if __name__ == '__main__':
Credits()
#En caso de que se haya introducido una pagina, navegamos a esta URL e iniciamos el proceso de investigacion
parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter, epilog=__examples__)
parser.add_argument('-R', action='store', dest='recursivity', help='recursivity level of spider. Default=0', default = 0)
parser.add_argument('-t', action='store', dest='target', help='target web site.')
parser.add_argument('-o', action='store', dest='output', help='output file.', default = None)
parser.add_argument('-F', action='store', dest='format', help='output format. "scripting" is perfect to combine with awk,cut,grep.... default=text', choices = ['text','html','csv','xml','scripting','wfuzz'], default = 'text')
parser.add_argument('-A', action='store', dest='scan', help='Scan only forms, only links or both. Default=all', choices = ['all','forms','links'], default = 'all')
parser.add_argument('-V', action='store_true', help='Show version.')
parser.add_argument('-c', action='store_true', help='colorize output. Default=No')
parser.add_argument('-x','--search-vulns', action='store_true', help='looking url potentially dangerous and bugs. As default not selected')
parser.add_argument('-m','--compat-mode', action='store_true', help='show results as compact format. As default not selected.')
parser.add_argument('-na','--no-all', action='store_true', help='implies no-css, no-script, no-images and no-mail. As default not selected.')
parser.add_argument('-nc','--no-css', action='store_true', help='don\'t get css links. As default not selected.')
parser.add_argument('-ns','--no-script', action='store_true', help='don\'t get script links. As default not selected.')
parser.add_argument('-ni','--no-images', action='store_true', help='don\'t get images links. As default not selected.')
parser.add_argument('-nm','--no-mail', action='store_true', help='don\'t get mails (mailto: tags). As default not selected.')
parser.add_argument('-nl','--no-unparam-links', action='store_true', help='don\'t get links that have not parameters. As default not selected.')
parser.add_argument('-l','--long-summary', action='store_true', help='detailed summary of process. As default not selected.')
parser.add_argument('-us','--http-auth-user', action='store', dest='http_auth_user', help='set http authenticacion user. As default is empty.', default = None)
parser.add_argument('-ps','--http-auth-pass', action='store', dest='http_auth_pass', help='set http authenticacion pass. As default not empty.', default = None)
parser.add_argument('-C','--cookie', action='store', dest='cookie', help='set custom cookie. As default is empty.', default = None)
parser.add_argument('-P','--proxy', action='store', dest='proxy', help='set proxy, as format: IP:PORT. As default is empty.', default = None)
parser.add_argument('-U','--update', action='store_true', help='update Golismero.')
parser.add_argument('-f','--finger', action='store', dest='finger', help='fingerprint web aplication. As default not selected. (not implemented yet) ', default = None)
parser.add_argument('--follow', action='store_true', help='follow redirect. As default not redirect.')
P = parser.parse_args()
if P.update is True:
print "[i] Updating..."
update()
print ""
exit(0)
# Asociamos variable globales
PARAMETERS.RECURSIVITY = P.recursivity
PARAMETERS.OUTPUT_FILE = P.output
PARAMETERS.TARGET = P.target
PARAMETERS.SHOW_TYPE = P.scan
PARAMETERS.SUMMARY= P.long_summary
PARAMETERS.COLOR = P.c
PARAMETERS.OUTPUT_FILE = P.output
PARAMETERS.OUTPUT_FORMAT = P.format
PARAMETERS.IS_NCSS = P.no_css
PARAMETERS.IS_NJS = P.no_script
PARAMETERS.IS_NIMG = P.no_images
PARAMETERS.IS_NMAIL = P.no_mail
PARAMETERS.PROXY = P.proxy
PARAMETERS.COOKIE = P.cookie
PARAMETERS.AUTH_USER = P.http_auth_user
PARAMETERS.AUTH_PASS = P.http_auth_pass
PARAMETERS.IS_N_PARAMS_LINKS = P.no_unparam_links
PARAMETERS.COMPACT = P.compat_mode
PARAMETERS.FOLLOW = P.follow
PARAMETERS.VERSION = P.V
PARAMETERS.VULNS = P.search_vulns
# Mostrar version
if PARAMETERS.VERSION is True:
print "%s version is '%s'" % (__prog__, __version__)
print ""
exit(0)
# Marcamos todos los "no"
if P.no_all is True:
PARAMETERS.IS_NCSS = True
PARAMETERS.IS_NJS = True
PARAMETERS.IS_NIMG = True
PARAMETERS.IS_NMAIL = True
try:
GoLISMERO_Main(PARAMETERS)
except IOError,e:
print ""
print str(e)
print ""
sys.exit(1)
# Mostrar resultados
ShowScreenResults(PARAMETERS)
This diff is collapsed.
This diff is collapsed.
Roadmap
=======
Plugins
-------
- LFI/RFI: https://github.com/cr0hn/golismero/issues/215
- Password bruteforcer: https://github.com/cr0hn/golismero/issues/211
- SSI scan: https://github.com/cr0hn/golismero/issues/207
- Wapiti: https://github.com/cr0hn/golismero/issues/187
- Inguma: https://github.com/cr0hn/golismero/issues/180
- Nimbostratus: https://github.com/cr0hn/golismero/issues/174
- Wordpress: https://github.com/cr0hn/golismero/issues/130
- GWT: https://github.com/cr0hn/golismero/issues/109
- Metasploit: https://github.com/cr0hn/golismero/issues/91
- ZAP Proxy: https://github.com/cr0hn/golismero/issues/81
- Directory listing: https://github.com/cr0hn/golismero/issues/36
- SQLMap (improvements): https://github.com/cr0hn/golismero/issues/10
#!/usr/bin/python
'''
GoLISMERO - Simple web analisis
Copyright (C) 2011 Daniel Garcia | dani@estotengoqueprobarlo.es
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
'''
from xml.dom.minidom import parse
from libs.io_net import *
from libs.io_functions import *
from libs.checks import *
from libs.spider import *
from libs.Data import *
from libs.vulns import *
class GoLink:
'''
Store link info and parameters
'''
url = None
params = []
class GoLinkParam:
'''
Store info for each simple links
'''
name = None
value = None
class GoForm:
'''
Store form info as name, action and method. Also include params, if it have.
'''
name = None
action = None
method = None
params = []
class GoFormParam:
'''
Store params for each form
'''
name = None
value = None
type = None
class GoFingerprint:
'''
Store fingerprint info.
'''
probability = None
framework = None
class GoLISMERO_DATA:
'''
This class store info loaded from xml results generated for GoLISMERO
'''
site = None
links = []
forms = []
fingerprint = None
def __str__(self):
R = ""
try:
R += self.site + "\n"
# Links
for i in self.links:
url = i.url
if url is None:
url = "unknown"
R += "|=" + url + "\n"
if i.params is not None and len(i.params) > 0:
for p in i.params:
name = p.name
value = p.value
if name == None:
name = "unknown"
if value == None:
value = "unknown"
R += "|--" + name + "=" + value + "\n"
# Forms
for f in self.forms:
name = f.name