Gomoz is a project mainly written in PHP and PYTHON, based on the GPL-3.0 license.
Web application scanner
software= "gomoz" author = "MEZGANI Ali handrix [@] gmail [.] com" version = "1.0.1" cvsversion = "Revision: 1.0" date = "Date: 2006" copyright = "Copyright (c) native labs" license="GPL" credits = "Thanks mam for support" url="http://groups.google.com/gomoz"
Gomoz is an open source Web Application Security Scanner developed by Native LABS. it has more than 5,000 Web include's Attack Signature database. Gomoz will test a web server in the shortest timespan possible, and produce deeply a pentest web intrusion. It's based on backdooring technics (c99, r57, others) to inject its own exec file via POST, also spawn a shell. Gomoz is developed with python.
Gomoz contains:
4 scanning modes : Gomoz performs a multi-thread scan
1- input scan :
scan one url + one exploit
2- single scan :
scan one url + all exploits
3- global scan :
scan all url + one exploits
4- massive scan :
scan all urls + all exploits
name : is the name of a scan instance. Keyword : is a constant string in the included page, its important to determine if the web server are vulnerable. If the vulnerable server does not support GET methods so, backdooring servers is indispensible for running a console.