So what is this tool all about?

Golismero is an open source framework, used for mapping web applications and finding vulnerabilities. The tool is designed to be used by penetration testers and red teamers to aid in finding web application flaws by bringing together a number of other pen testing tools. The tool is a huge timesaver since it takes the donkeywork out of running other tools individually.

Golismero is written in Python with no dependency on native libraries. The tool is supported by all major operating systems including Windows, Linux, and Mac OS X.

How can it be installed?

cloning golismero

In Linux, Golismero can be installed using the following commands. Installation details for other operating systems are available here.

sudo bash

apt-get install python2.7 python2.7-dev python-pip python-docutils git perl nmap sslscan

cd /opt

git clone

cd golismero

pip install -r requirements.txt

pip install -r requirements_unix.txt

ln -s /opt/golismero/ /usr/bin/golismero


Let’s see the tool in action

The important Golismero commands include SCAN, RESCAN, PROFILES, PLUGINS, INFO, REPORT, DUMP, LOAD, IMPORT, and UPDATE. The SCAN command is used to find the vulnerabilities in the target web application. For instance, the following command can be used to find flaws in the target website.

READ  Macy’s acquires minority stake in tech retailer b8ta

Golismero scan

The audit can be given a name using the following command.

golismero scan < target url here > --audit-name

Similarly, the file name and file extension can also be provided to tell the tool to save the report in the desired format using the following command.

golismero scan < target url here > --audit-name

Golismero can be integrated with other security tools like Open Vas, DNS recon, and Nikto. The integration allows merging of the reports from these tools into a single report. The IMPORT command is used to import the results from other tools. For example, to import the results from Nikto tool into Golismero, the following command can be used. The results are automatically stored into a database file.

python import -i nikto_output.csv -i nmap_output.xml -db database.db

Upcoming Features

The coming features of Golismero include the integration of the tool with other security tools like Metasploit, ZAP, and SQLMap. Web UI, more plugins, and PDF format results are part of the future release plan of the tool.

Download the tool from here

What Bunny rating does it get?

We have decided to give this tool a very respectable bunny rating of 4/5 bunnies

If you would like to learn more about ethical hacking and such techniques, we have an exclusive course with a 90% discount HERE
Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.
The following two tabs change content below.

I am a cyber-security enthusiast. I am more focused on network security, cloud security, data-driven security, and advanced cryptography. Contact me at [email protected]