Osmedeus - A Workflow Engine for Offensive Security
Osmedeus is a Workflow Engine for Offensive Security. It was designed to build a foundation with the capability and flexibility that allows you to build your own reconnaissance system and run it on a large number of targets.
You can check out the documentation at docs.osmedeus.org and the Frequently Asked Questions at here for more information.
NOTE that you need some essential tools like
curl, wget, git, zipand login as root to start
bash <(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh)bash <(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install-macos.sh)Check out this page for more the install on other platforms
# Practical Usage:
osmedeus scan -f [flowName] -t [target]
osmedeus scan -f [flowName] -T [targetsFile]
osmedeus scan -f /path/to/flow.yaml -t [target]
osmedeus scan -m /path/to/module.yaml -t [target] --params 'port=9200'
osmedeus scan -m /path/to/module.yaml -t [target] -l /tmp/log.log
cat targets | osmedeus scan -f sample
## Start a simple scan with default 'general' flow
osmedeus scan -t sample.com
## Start a scan directly with a module with inputs as a list of http domains like this https://sub.example.com
osmedeus scan -m ~/osmedeus-base/workflow/direct-module/dirbscan.yaml -t http-file.txt
## Start a general scan but exclude some of the module
osmedeus scan -t sample.com -x screenshot -x spider
## Start a simple scan with other flow
osmedeus scan -f vuln -t sample.com
## Scan for CIDR with file contains CIDR with the format '1.2.3.4/24'
osmedeus scan -f cidr -t list-of-cidrs.txt
osmedeus scan -f cidr -t '1.2.3.4/24' # this will auto convert the single input to the file and run
## Directly run the vuln scan and directory scan on list of domains
osmedeus scan -f vuln-and-dirb -t list-of-domains.txt
## Directly run the general but without subdomain enumeration scan on list of domains
osmedeus scan -f domains -t list-of-domains.txt
## Use a custom wordlist
osmedeus scan -t sample.com -p 'wordlists={{.Data}}/wordlists/content/big.txt' -p 'fthreads=40'
## Scan list of targets
osmedeus scan -T list_of_targets.txt
## Get target from a stdin and start the scan with 2 concurrency
cat list_of_targets.txt | osmedeus scan -c 2
## Start the scan with your custom workflow folder
osmedeus scan --wfFolder ~/custom-workflow/ -f your-custom-workflow -t sample.com
# Example Commands:
osmedeus scan -t target.com
osmedeus scan -T list_of_targets.txt -W custom_workspaces
osmedeus scan -t target.com -w workspace_name --debug
osmedeus scan -f single -t www.sample.com
osmedeus scan -f ovuln-T list_of_target.txt
osmedeus scan -m ~/osmedeus-base/workflow/test/dirbscan.yaml -t list_of_urls.txt
osmedeus health
ls ~/.osmedeus/storages/summary/ | osmedeus scan -m ~/osmedeus-base/workflow/test/dirbscan.yaml
ls ~/.osmedeus/storages/summary/ | osmedeus scan -m ~/osmedeus-base/workflow/test/busting.yaml -D
# Start Web UI at https://<your-instance-machine>:8000/ui/
osmedeus server
# login with credentials from `~/.osmedeus/config.yaml`
# Delete workspace
osmedeus config delete -w workspace_name
# Utils Commands
osmedeus utils tmux ls
osmedeus utils tmux logs -A -l 10
osmedeus utils ps
osmedeus utils ps --proc 'jaeles'
osmedeus utils cron --cmd 'osmdeus scan -t example.com' --sch 60
osmedeus utils cron --for --cmd 'osmedeus scan -t example.com'Check out this page for full usage and the Practical Usage to see how to use Osmedeus in a practical way.
docker run -it j3ssie/osmedeus:latest scan -t example.comCheck this page for more docker usage
Join Our Discord server here
Special Thanks to all authors of the binaries tool that's being used in the Workflow at THANKS.md
Osmedeus is made with ♥ by @j3ssiejjj and it is released under the MIT license.