Skip to content
Galileo - Web Application Audit Framework
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
core
data first commit May 19, 2018
lib Use print() function in both Python 2 and Python 3 Oct 8, 2018
modules first commit May 19, 2018
LICENSE.txt first commit May 19, 2018
README.md
VERSION first commit May 19, 2018
galileo.py
requirements.txt first commit May 19, 2018
screen.png
screen2.png Add files via upload May 20, 2018

README.md

Galileo - Web Application Audit Framework

python version licence

Galileo is an open source penetration testing tool for web application, which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.

Screenshots

screen

Installation

$ git clone https://github.com/m4ll0k/Galileo.git galileo
$ cd galileo

Install requirements

$ python2 -m pip install -r requirements.txt

or

$ apt-get install python-pysocks

For windows

$ python2 -m pip install pysocks

Run

$ python2 galileo.py

Usage

Set global options:

galileo #> set
  Set A Context-Specific Variable To A Value
  ------------------------------------------
  - Usage: set <option> <value>
  - Usage: set COOKIE phpsess=hacker_test


  Name        Current Value                            Required  Description
  ----------  -------------                            --------  -----------
  PAUTH                                                no        Proxy auth credentials (user:pass)
  PROXY                                                no        Set proxy (host:port)
  REDIRECT    True                                     no        Set redirect
  THREADS     5                                        no        Number of threads
  TIMEOUT     5                                        no        Set timeout
  USER-AGENT  Mozilla/5.0 (X11; Ubuntu; Linux x86_64)  yes       Set user-agent
  VERBOSITY   1                                        yes       Verbosity level (0 = minimal,1 = verbose)

Search module:

galileo #> search disclosure
[+] Searching for 'disclosure'...

  Disclosure
  ----------
    disclosure/code
    disclosure/creditcard
    disclosure/email
    disclosure/privateip

Show modules:

galileo #> show modules

  Bruteforce
  ----------
    bruteforce/auth_brute
    bruteforce/backup_brute
    bruteforce/file_dir_brute

  Disclosure
  ----------
    disclosure/code
    disclosure/creditcard
    disclosure/email
    disclosure/privateip

  Exploits
  --------
    exploits/shellshock

  Fingerprint
  -----------
    fingerprint/cms
    fingerprint/framework
    fingerprint/server

  Injection
  ---------
    injection/os_command_injection
    injection/sql_injection

  Scanner
  -------
    scanner/asp_trace

  Tools
  -----
    tools/socket

Use module:

galileo #> use bruteforce/backup_brute
galileo bruteforce(backup_brute) #> 

Set module options

galileo bruteforce(backup_brute) #> show options

  Name      Current Value  Required  Description
  --------  -------------  --------  -----------
  EXTS                     no        Set backup extensions
  HOST                     yes       The target address
  METHOD    GET            no        HTTP method
  PORT      80             no        The target port
  URL_PATH  /              no        The target URL path
  WORDLIST                 yes       Common directory wordlist

galileo bruteforce(backup_brute) #> set HOST www.xxxxxxx.com
HOST => www.xxxxxxx.com
galileo bruteforce(backup_brute) #> set WORDLIST /home/m4ll0k/Desktop/all.txt
WORDLIST => /home/m4ll0k/Desktop/all.txt

Run:

galileo bruteforce(backup_brute) #> run

run

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.