Web Application Vulnerability Scanner – Golismero

Web Application Vulnerability Scanner – Golismero

Web Application Security Scanner is a software program which performs automatic black box testing on a web application and identifies security vulnerabilities. Scanners do not access the source code, they only perform functional testing and try to find security vulnerabilities.

Golismero is an open source framework, used for mapping web applications and finding vulnerabilities. The tool is designed to be used by penetration testers and red teamers to aid in finding web application flaws by bringing together a number of other pen testing tools. The tool is a huge timesaver since it takes the donkeywork out of running other tools individually.

Golismero is written in Python with no dependency on native libraries. The tool is supported by all major operating systems including Windows, Linux, and Mac OS X.



Web Application


Web application generally at the hit list of hackers and different hackers use different technique to find the bug (vulnerability) on web application to get the root access or to steal some information. Web application vulnerabilities like SQL-injection and cross site scripting are dangerous for web but as a penetration tester you need to test the security of a web application first step to hack or secure is to map the over all infrastructure, so golismero is wonderful tool that play the role to do this.





-Map a web aplication.

-Show all links and forms params as confortable format.

-Save results with some formats: text, cvs, html, raw (for parsing with bash script) and wfuzz script.

-Detect common vulnerabilites of web application.

-Filter web information retaining only what is important.

-Many other features you can find very useful.




How can it be installed?


In Linux, Golismero can be installed using the following commands. Installation details for other operating systems are available here.

sudo bash

apt-get install python2.7 python2.7-dev python-pip python-docutils git perl nmap sslscan

cd /opt

git clone https://github.com/golismero/golismero.git

cd golismero

pip install -r requirements.txt

pip install -r requirements_unix.txt

ln -s /opt/golismero/golismero.py /usr/bin/golismero





Tool in action:

The important Golismero commands include SCAN, RESCAN, PROFILES, PLUGINS, INFO, REPORT, DUMP, LOAD, IMPORT, and UPDATE. The SCAN command is used to find the vulnerabilities in the target web application. For instance, the following command can be used to find flaws in the target website.


Golismero scan <target url here>

The audit can be given a name using the following command.

golismero scan < target url here > –audit-name <audit name here>

Similarly, the file name and file extension can also be provided to tell the tool to save the report in the desired format using the following command.

golismero scan < target url here > –audit-name <file name with extension here>


Golismero can be integrated with other security tools like Open Vas, DNS recon, and Nikto. The integration allows merging of the reports from these tools into a single report. The IMPORT command is used to import the results from other tools. For example, to import the results from Nikto tool into Golismero, the following command can be used. The results are automatically stored into a database file.





Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in WAS 

Certification in WAPT 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

AWS Training  

VMware Training 


Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Other Location for Online Courses: