software= "gomoz" author = "MEZGANI Ali handrix [@] gmail [.] com" version = "1.0.1" cvsversion = "Revision: 1.0" date = "Date: 2006" copyright = "Copyright (c) native labs" license="GPL" credits = "Thanks mam for support" url="http://groups.google.com/gomoz"

Gomoz is an open source Web Application Security Scanner developed by Native LABS. it has more than 5,000 Web include's Attack Signature database. Gomoz will test a web server in the shortest timespan possible, and produce deeply a pentest web intrusion. It's based on backdooring technics (c99, r57, others) to inject its own exec file via POST, also spawn a shell. Gomoz is developed with python.

Gomoz contains:

• port scanner : which checks a machine for open ports.
• http info : checks a web server for running application version.
• result saver : All result are saved under the most famous format (xml or sqlite)

• 4 scanning modes : Gomoz performs a multi-thread scan

  1- input scan : scan one url + one exploit
  2- single scan : scan one url + all exploits 3- global scan : scan all url + one exploits 4- massive scan : scan all urls + all exploits

name : is the name of a scan instance. Keyword : is a constant string in the included page, its important to determine if the web server are vulnerable. If the vulnerable server does not support GET methods so, backdooring servers is indispensible for running a console.