Osmedeus - A Workflow Engine for Offensive Security
NOTE that you need some essential tools like
curl, wget, git, zip
and login as root to start
bash -c "$(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh)"
bash -c "$(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install-macos.sh)"
Check out this page for more the install on other platforms
# Practical Usage:
osmedeus scan -f [flowName] -t [target]
osmedeus scan -f [flowName] -T [targetsFile]
osmedeus scan -f /path/to/flow.yaml -t [target]
osmedeus scan -m /path/to/module.yaml -t [target] --params 'port=9200'
osmedeus scan -m /path/to/module.yaml -t [target] -l /tmp/log.log
cat targets | osmedeus scan -f sample
## Start a simple scan with default 'general' flow
osmedeus scan -t sample.com
## Start a scan directly with a module with inputs as a list of http domains like this https://sub.example.com
osmedeus scan -m ~/osmedeus-base/workflow/direct-module/dirbscan.yaml -t http-file.txt
## Start a general scan but exclude some of the module
osmedeus scan -t sample.com -x screenshot -x spider
## Start a simple scan with other flow
osmedeus scan -f vuln -t sample.com
## Scan for CIDR with file contains CIDR with the format '1.2.3.4/24'
osmedeus scan -f cidr -t list-of-cidrs.txt
osmedeus scan -f cidr -t '1.2.3.4/24' # this will auto convert the single input to the file and run
## Directly run the vuln scan and directory scan on list of domains
osmedeus scan -f vuln-and-dirb -t list-of-domains.txt
## Directly run the general but without subdomain enumeration scan on list of domains
osmedeus scan -f domains -t list-of-domains.txt
## Use a custom wordlist
osmedeus scan -t sample.com -p 'wordlists={{.Data}}/wordlists/content/big.txt' -p 'fthreads=40'
## Scan list of targets
osmedeus scan -T list_of_targets.txt
## Get target from a stdin and start the scan with 2 concurrency
cat list_of_targets.txt | osmedeus scan -c 2
## Start the scan with your custom workflow folder
osmedeus scan --wfFolder ~/custom-workflow/ -f your-custom-workflow -t sample.com
# Example Commands:
osmedeus scan -t target.com
osmedeus scan -T list_of_targets.txt -W custom_workspaces
osmedeus scan -t target.com -w workspace_name --debug
osmedeus scan -f single -t www.sample.com
osmedeus scan -f ovuln-T list_of_target.txt
osmedeus scan -m ~/osmedeus-base/workflow/test/dirbscan.yaml -t list_of_urls.txt
osmedeus health
ls ~/.osmedeus/storages/summary/ | osmedeus scan -m ~/osmedeus-base/workflow/test/dirbscan.yaml
ls ~/.osmedeus/storages/summary/ | osmedeus scan -m ~/osmedeus-base/workflow/test/busting.yaml -D
# Start Web UI at https://<your-instance-machine>:8000/ui/
osmedeus server
# login with credentials from `~/.osmedeus/config.yaml`
# Delete workspace
osmedeus config delete -w workspace_name
# Utils Commands
osmedeus utils tmux ls
osmedeus utils tmux logs -A -l 10
osmedeus utils ps
osmedeus utils ps --proc 'jaeles'
osmedeus utils cron --cmd 'osmdeus scan -t example.com' --sch 60
osmedeus utils cron --for --cmd 'osmedeus scan -t example.com'
docker run -it j3ssie/osmedeus:latest scan -t example.com
Check this page for more docker usage
Join Our Discord server here
Check out for a couple of donation methods here to get a premium package
Osmedeus
is made with ♥ by @j3ssiejjj and it is released under the MIT license.