PYTHON [ Galileo – Open Source Web Application Auditing Framework ] - Intech Network

Intech Network

Ethical-Hacking & penetration testing & network security assessments

11/26/2018

Home Python PYTHON [ Galileo – Open Source Web Application Auditing Framework ]

PYTHON [ Galileo – Open Source Web Application Auditing Framework ]


Galileo – Open Source Web Application Auditing Framework


Galileo is a free web application auditing framework that can perform various penetration testing tasks, such as information gathering, fingerprinting, bruteforcing, injection test,  and exploiting  vulnerabilities.  Galileo uses different modules to perform these tasks.  The modules can be divided into following categories.

  • Bruteforce

  • Disclosure

  • Fingerprint

  • Injection

  • Scanner

  • Tools

  • Exploitation

Bruteforce modules can be used to bruteforce the credentials. Disclosure modules can find information like credit card data, private IPs, emails, and source code. Fingerprinting modules can gather information about Content Management System (CMS), frameworks, and servers. Injection modules can check the OS command and SQL injection vulnerabilities in the target web application. Exploitation module can exploit the errors like shellshock vulnerabilities.

Galileo Installation

Galileo can be cloned from Github repository as follows.

git clone https://github.com/m4ll0k/Galileo.git galileo

Galileo cloning

To install the requirements, follow the following commands.

cd galileo

python2 -m pip install -r requirements.txt

Galileo Working

To run Galileo, simply type the following command in the terminal.

python2 galileo.py

The command loads list of modules categories, as shown in the following screenshot.

Galileo menu

In order to view list of modules, use the following command.

show modules

To use the desired module, type its name in the following format.

use <module name>

For example, to use fingerprint/server module, type the following command.

use fingerprint/server

In order to define the target web application, we need to use the set parameters. The available set parameters can be seen by typing set help command in the terminal.

set variables

To define the target web application, we need to use set HOST parameter in the following format.

set HOST <target web application>

To execute the selected module, simply type run in the command line.

run

The module runs and displays the results on the screen as shown below.

We can use all the modules in the same way. For instance, to use the SQL injection, we can use the injection/sq_injection module in the following format

use injection/sql_injection set HOST <target web application> run

If the target web application is vulnerable, the module responds with the backend Database Management System (DBMS) information.

sql injection attack


Tags
Author Image

About Unknown
Templatesyard is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design. The main mission of templatesyard is to provide the best quality blogger templates which are professionally designed and perfectlly seo optimized to deliver best result for your blog.

Posted by at
Tags

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)