漏洞扫描工具-osmedeus

osmedeus.org/

What is Osmedeus?

Osmedeus is a Workflow Engine for Offensive Security. It was designed to build a foundation with the capability and flexibility that allows you to build your own reconnaissance system and run it on a large number of targets.

📖 Documentation & FAQ

You can check out the documentation at docs.osmedeus.org and the Frequently Asked Questions at here for more information.

📦 Installation

NOTE that you need some essential tools like curl, wget, git, zip and login as root to start

Build the engine from the source

Make sure you installed golang >= v1.17

go install -v github.com/j3ssie/osmedeus@latest

Check out this page for more the install on other platforms and docker image.

🚀 Key Features of Osmedeus

  • Significantly speed up your recon process
  • Organize your scan results
  • Efficiently to customize and optimize your recon process
  • Seamlessly integrate with new public and private tools
  • Easy to scale across large number of targets
  • Easy to synchronize the results across many places

💡 Usage

# Scan Usage:
  osmedeus scan -f [flowName] -t [target]
  osmedeus scan -m [modulePath] -T [targetsFile]
  osmedeus scan -f /path/to/flow.yaml -t [target]
  osmedeus scan --threads-hold=30 -f cidr -t 1.2.3.4/24
  osmedeus scan -m /path/to/module.yaml -t [target] -l /tmp/log.log
  cat targets | osmedeus scan -f sample

# Practical Scan Usage:
  osmedeus scan -T list_of_targets.txt -W custom_workspaces
  osmedeus scan -t target.com -w workspace_name --debug
  osmedeus scan -f general -t sample.com
  osmedeus scan --tactic aggressive -f general -t sample.com
  osmedeus scan -f extensive -t sample.com -t another.com
  cat list_of_urls.txt | osmedeus scan -f urls
  osmedeus scan --threads-hold=30 -f cidr -t 1.2.3.4/24
  osmedeus scan -m ~/.osmedeus/core/workflow/test/dirbscan.yaml -t list_of_urls.txt
  osmedeus scan --wfFolder ~/custom-workflow/ -f your-custom-workflow -t list_of_urls.txt
  osmedeus scan --chunk --chunk-part 40 -c 2 -f cidr -t list-of-cidr.txt

# Queue Usage:
  osmedeus queue -Q /tmp/queue-file.txt -c 2
  osmedeus queue --add -t example.com -Q /tmp/queue-file.txt

# Provider Usage:
  osmedeus provider wizard
  osmedeus provider validate
  osmedeus provider build --token xxx --rebuild --ic
  osmedeus provider create --name 'sample'
  osmedeus provider health --debug
  osmedeus provider list
  osmedeus provider delete --id 34317111 --id 34317112

# Cloud Usage:
  osmedeus cloud -f [flowName] -t [target]
  osmedeus cloud -m [modulePath] -t [target]
  osmedeus cloud -c 5 -f [flowName] -T [targetsFile]
  osmedeus cloud --token xxx -c 5 -f [flowName] -T [targetsFile]
  osmedeus cloud --chunk -c 5 -f [flowName] -t [targetsFile]

# Utilities Usage:
  ## Health check utility
  osmedeus health
  osmedeus health git
  osmedeus health cloud
  osmedeus version --json
  ## Update utility
  osmedeus update
  osmedeus update --vuln
  osmedeus update --force --clean
  ## Other utilities
  osmedeus utils tmux ls
  osmedeus utils tmux logs -A -l 10
  osmedeus utils ps
  osmedeus utils ps --proc 'jaeles'
  osmedeus utils cron --cmd 'osmdeus scan -t example.com' --sch 60
  osmedeus utils cron --for --cmd 'osmedeus scan -t example.com'
  osmedeus utils workflow
  osmedeus config set --threads-hold=10

Check out this page for full usage and the Practical Usage to see how to use Osmedeus in a practical way.

💬 Community & Discussion

Join Our Discord server here

from 

https://github.com/j3ssie/Osmedeus

---------------------------------------------

Osmedeus 是一款开源的自动扫描漏洞的安全工具,包含一系列运行工具集,可以对目标进行侦察和漏洞扫描。遵守MIT开源协议。

主要功能:

    子域名扫描
    子域名接管扫描
    对目标截图
    基本侦察,如Whois,Dig信息
    Web技术检测
    IP扫描
    CORS扫描
    SSL扫描
    Header扫描
    端口扫描
    漏洞扫描
    分隔工作区以存储所有扫描输出和详细信息日志记录
    REST API
    Web UI
    支持连续扫描

https://github.com/j3ssie/Osmedeus

官网:https://docs.osmedeus.org/