Golismero是一款开源的Web扫描器,它不但自带不少的安全测试工具,而且还可导入分析市面流行的扫描工具的结果,比如Openvas,Wfuzz, SQLMap, DNS recon等,并自动分析。Golismero采用插件形式的框架结构,由纯python编写,并集成了许多开源的安全工具,可以运行在Windows,Linux, BSD,OS X等系统上,几乎没有系统依赖性,唯一的要求就是python的版本不低于2.7,其官网是:http://golismero-project.com。
a. ImportPlugin(导入插件)
b. TestingPlugin(测试插件)
c. ReportPlugin(报表插件)
d. UIPlugin(界面插件)
+ golismero.api.plugin._InformationPlugin + golismero.api.plugin.Plugin +Object
x.__init__(...) initializes x; see help(type(x)) for signature
check_params(options, *audits)
options (OrchestratorConfig) – Orchestrator settings.audits (AuditConfig) – Audit settings.Raises: AttributeError – A critical configuration option is missing.ValueError – A configuration option has an incorrect value.TypeError – A configuration option has a value of a wrong type.Exception – An error occurred while validating the settings.
Callback method to receive data to be processed.This is the most important method of a plugin. Here’s where most of the logic resides.[Parameters]: info (Data) – Data to be processed.
Callback method to receive control messages to be processed.Parameters: message (Message) – incoming message to processReturns: Shared plugin state variables.
Return type: PluginState
Plugins can call this method to tell the user of the current progress of whatever the plugin is doing.Warning Do not override this method!Note This method may not be supported in future versions of GoLismero.Parameters: progress (float | None) – Progress percentage [0, 100] as a float, or None to indicate progress can’t be measured.
[Core]Name = Logtime UI[Documentation]Description = Show time plugin runs in console.Author = GoLismero project teamVersion = 0.1Website = http://www.freebuf.comCopyright = Copyright (C) 2011-2013 GoLismero ProjectLicense = GNU Public License
#!/usr/bin/env python# -*- coding: utf-8 -*-__license__ = """"""from golismero.api.audit import get_audit_countfrom golismero.api.config import Configfrom golismero.api.data import Datafrom golismero.api.plugin import UIPlugin, get_plugin_infofrom golismero.main.console import Console, colorizefrom golismero.messaging.codes import MessageType, MessageCode, MessagePriorityimport timeclass LogTimePlugin(UIPlugin): """ This demo shows how to write a UI plugin to melismero, it will show how long each plugin runs, more infos plz refer to the following links. http://www.freebuf.com """ #---------------------------------------------------------------------- def __init__(self): """ we init a dictionary to record the time when plugins start and stop {"pluginname1":{'start':12123123,'stop':999999}, "pluginname2":{'start':12123123,'stop':999999},} """ self._logplugindic={} #-------------------------------------------------------------------------- def check_params(self, options, *audits): """ Usually, we just judge the audits whether 'audit' is empty. But you have check the input arguments if your plugin requires them. """ if not audits: raise ValueError("No targets selected!") #-------------------------------------------------------------------------- def recv_info(self, info): """ Process the data if you wanna handle them. As we just wanna log the time when plugin start/stop, so we don't care about the detailed info about the data 'info' """ pass #-------------------------------------------------------------------------- def recv_msg(self, message): # Process status messages if message.message_type == MessageType.MSG_TYPE_STATUS: plugin_name = message.plugin_name if not plugin_name: return if message.message_code == MessageCode.MSG_STATUS_PLUGIN_BEGIN: nowtimesec=time.time() self._logplugindic[plugin_name]=dict(start=nowtimesec) elif message.message_code == MessageCode.MSG_STATUS_PLUGIN_END: nowtimesec=time.time() try: self._logplugindic[plugin_name]['stop']=nowtimesec # we do something about 'self._logplugindic' # .... # now , i just print how long plugin runs showplugname = get_plugin_info(plugin_name).display_name if not showplugname: showplugname = plugin_name if not self._logplugindic[plugin_name] or not self._logplugindic[plugin_name]['start']: text = "[#] Plugin '%s' runs for ... i don't know " % (showplugname) else: runtime = self._logplugindic[plugin_name]['stop']-self._logplugindic[plugin_name]['start'] text = "[#] Plugin '%s' runned for %d seconds" % (showplugname, runtime) except: text = "[#] Error occurs" Console.display(text)
执行python golismero.py –plugin-list,看看我们的插件是否被识别出来,执行结果如下:
/----------------------------------------------/| GoLismero 2.0.0b1 - The Web Knife || Contact: golismero.project<@>gmail.com || || Daniel Garcia Garcia a.k.a cr0hn (@ggdaniel) || Mario Vilas (@Mario_Vilas) |/----------------------------------------------/------------- Plugin list--------------= Import plugins =-…………………………………………………….<此处省略N多>-= UI plugins =-console: Console user interface.disabled: Empty user interface.logtime: Show time plugin runs in console
python golismero –ui-mode logtime ww.jike521.com -o result.html
/----------------------------------------------/| GoLismero 2.0.0b1 - The Web Knife || Contact: golismero.project<@>gmail.com || || Daniel Garcia Garcia a.k.a cr0hn (@ggdaniel) || Mario Vilas (@Mario_Vilas) |/----------------------------------------------/GoLismero started at 2013-09-16 16:41:21.146000[#] Plugin 'Suspicious URL' runned for 4 seconds[#] Plugin 'OS fingerprinting plugin' runned for 58 seconds[#] Plugin 'theHarvester' runned for 61 seconds[#] Plugin 'Web Spider' runned for 65 seconds[#] Plugin 'OS fingerprinting plugin' runned for 65 seconds[#] Plugin 'Robots.txt Analyzer' runned for 65 seconds[#] Plugin 'Web Server fingerprinting plugin' runned for 67 seconds[#] Plugin 'DNS zone transfer' runned for 82 seconds[#] Plugin 'DNS zone transfer' runned for 83 seconds[#] Plugin 'DNS analyzer' runned for 84 seconds[#] Plugin 'theHarvester' runned for 85 seconds[#] Plugin 'DNS analyzer' runned for 85 seconds[#] Plugin 'DNS subdomain bruteforcer' runned for 473 seconds[#] Plugin 'DNS subdomain bruteforcer' runned for 503 seconds[#] Plugin 'Default Error page finder' runned for 2 seconds[#] Plugin 'Bruteforce permutations discovery' runned for 0 seconds[#] Plugin 'Bruteforce file extensions discovery' runned for 0 seconds[#] Plugin 'Bruteforce suffixes discovery' runned for 1 seconds[#] Plugin 'Bruteforce prefixes discovery' runned for 1 seconds[#] Plugin 'Bruteforce directories discovery' runned for 2 seconds[#] Plugin 'Nikto' runned for 2 seconds[#] Plugin 'OpenVAS' runned for 2 seconds[#] Plugin 'Bruteforce predictables discovery' runned for 5 seconds
显然,Golismero只能支持单个UI插件,无法同时支持多个UI插件,导致无法支持多路UI输出。最典型的缺陷就是如果将其改造成分布式的部署结构,我们开发一个向统计服务器推送当前状态显示的UIPlugin,又有个和用户交互的UIPlugin时,那么这两个UI Plugin是无法同时启动的
- 01-11全球最受赞誉公司揭晓:苹果连续九年第一
- 12-09罗伯特·莫里斯:让黑客真正变黑
- 12-09谁闯入了中国网络?揭秘美国绝密黑客小组TA
- 12-09警示:iOS6 惊现“闪退”BUG
- 03-08消息称微软开发内部AI推理模型,或将成为Op
- 03-08美国法院驳回马斯克请求,未阻止OpenAI转型
- 03-08饿了么成立即时配送算法专家委员会 持续全局
- 03-08长安汽车:预计今年底长安飞行汽车将完成试
- 03-08谷歌推出虚拟试穿、AR美妆新功能