What is Osmedeus?
Osmedeus is a Workflow Engine for Offensive Security. It was designed to build a foundation with the capability and flexibility that allows you to build your own reconnaissance system and run it on a large number of targets.
📖 Documentation & FAQ
You can check out the documentation at docs.osmedeus.org and the Frequently Asked Questions at here for more information.
📦 Installation
NOTE that you need some essential tools like
curl, wget, git, zip
and login as root to start
bash <(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh)
Build the engine from the source
Make sure you installed golang >= v1.17
go install -v github.com/j3ssie/osmedeus@latest
Check out this page for more the install on other platforms and docker image.
🚀 Key Features of Osmedeus
- Significantly speed up your recon process
- Organize your scan results
- Efficiently to customize and optimize your recon process
- Seamlessly integrate with new public and private tools
- Easy to scale across large number of targets
- Easy to synchronize the results across many places
💡 Usage
# Scan Usage:
osmedeus scan -f [flowName] -t [target]
osmedeus scan -m [modulePath] -T [targetsFile]
osmedeus scan -f /path/to/flow.yaml -t [target]
osmedeus scan --threads-hold=30 -f cidr -t 1.2.3.4/24
osmedeus scan -m /path/to/module.yaml -t [target] -l /tmp/log.log
cat targets | osmedeus scan -f sample
# Practical Scan Usage:
osmedeus scan -T list_of_targets.txt -W custom_workspaces
osmedeus scan -t target.com -w workspace_name --debug
osmedeus scan -f general -t sample.com
osmedeus scan --tactic aggressive -f general -t sample.com
osmedeus scan -f extensive -t sample.com -t another.com
cat list_of_urls.txt | osmedeus scan -f urls
osmedeus scan --threads-hold=30 -f cidr -t 1.2.3.4/24
osmedeus scan -m ~/.osmedeus/core/workflow/test/dirbscan.yaml -t list_of_urls.txt
osmedeus scan --wfFolder ~/custom-workflow/ -f your-custom-workflow -t list_of_urls.txt
osmedeus scan --chunk --chunk-part 40 -c 2 -f cidr -t list-of-cidr.txt
# Queue Usage:
osmedeus queue -Q /tmp/queue-file.txt -c 2
osmedeus queue --add -t example.com -Q /tmp/queue-file.txt
# Provider Usage:
osmedeus provider wizard
osmedeus provider validate
osmedeus provider build --token xxx --rebuild --ic
osmedeus provider create --name 'sample'
osmedeus provider health --debug
osmedeus provider list
osmedeus provider delete --id 34317111 --id 34317112
# Cloud Usage:
osmedeus cloud -f [flowName] -t [target]
osmedeus cloud -m [modulePath] -t [target]
osmedeus cloud -c 5 -f [flowName] -T [targetsFile]
osmedeus cloud --token xxx -c 5 -f [flowName] -T [targetsFile]
osmedeus cloud --chunk -c 5 -f [flowName] -t [targetsFile]
# Utilities Usage:
## Health check utility
osmedeus health
osmedeus health git
osmedeus health cloud
osmedeus version --json
## Update utility
osmedeus update
osmedeus update --vuln
osmedeus update --force --clean
## Other utilities
osmedeus utils tmux ls
osmedeus utils tmux logs -A -l 10
osmedeus utils ps
osmedeus utils ps --proc 'jaeles'
osmedeus utils cron --cmd 'osmdeus scan -t example.com' --sch 60
osmedeus utils cron --for --cmd 'osmedeus scan -t example.com'
osmedeus utils workflow
osmedeus config set --threads-hold=10
Check out this page for full usage and the Practical Usage to see how to use Osmedeus in a practical way.
💬 Community & Discussion
Join Our Discord server here
from
https://github.com/j3ssie/Osmedeus
---------------------------------------------
Osmedeus 是一款开源的自动扫描漏洞的安全工具,包含一系列运行工具集,可以对目标进行侦察和漏洞扫描。遵守MIT开源协议。
主要功能:
子域名扫描
子域名接管扫描
对目标截图
基本侦察,如Whois,Dig信息
Web技术检测
IP扫描
CORS扫描
SSL扫描
Header扫描
端口扫描
漏洞扫描
分隔工作区以存储所有扫描输出和详细信息日志记录
REST API
Web UI
支持连续扫描