Osmedeus – Fully automated offensive security framework for reconnaissance and vulnerability scanning

Osmedeus – Fully automated offensive security framework for reconnaissance and vulnerability scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.

osmedeus-architecture.png

Installation

git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh

This install only focuses on Kali Linux, check more install on the Usage page.

NOTE: You might need to do sudo su before installing or using this otherwise you might get issues with dependency problems.

Using Docker

Check out docker-osmedeus by mabnavarrete

How to use

If you have no idea what are you doing just type the command below or check out the Advanced Usage

./osmedeus.py -t example.com

Features

  • Subdomain Scan.
  • Subdomain TakeOver Scan.
  • Screenshot the target.
  • Basic recon like Whois, Dig info.
  • Web Technology detection.
  • IP Discovery.
  • CORS Scan.
  • SSL Scan.
  • Wayback Machine Discovery.
  • URL Discovery.
  • Headers Scan.
  • Port Scan.
  • Vulnerable Scan.
  • Separate workspaces to store all scan output and details logging.
  • REST API.
  • React Web UI.
  • Support Continuous Scan.
  • Slack notifications.
  • Easily view report from the command line.

Check this Documentation for more detail about each module.

Love Osmedeus? Back it!

If you love my tool and would like to support my work. Become a backer and you will appear here.

INSTALLATION

For Kali Linux

git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh

For *nix OS

Change default shell and package manager on top of the install file and you will be fine to run.

git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh

For MacOS

Install golang officially or use homebrew and nmap, masscan. Change default shell and package manager on top of the install file and you will be fine to run.

git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh

Using Docker

Check out docker-osmedeus by mabnavarrete for docker installation.

TL;DR

Run this command to pull the container and install Osmedeus.

Installation

docker run -d --net host --name osmedeus mablanco/osmedeus

Simple usage

docker exec -it osmedeus ./osmedeus.py --client -t example.com

or access container through bash then navigate to ~/ and you’re good to go.

docker exec -it osmedeus /bin/bash -i

Access the UI

Credentials by default will place in ~/.osmedeus/config.conf. Make sure to change the Remote API in the Configuration tab to your interface that you’re running docker.

Setup REST API server on the remote server

Open your tmux or whatever and run the API server persistence by using this command

python3 server/manage.py runserver

or

python3 server/manage.py runserver 0.0.0.0:8000

if you want to bind this server on other IP and port.

Run osmedeus client

Open your tmux or whatever and run on that machine too (recommendation)

./osmedeus -t example.com

or if you really want to run a client on your server just do

./osmedeus -t example.com --remote http://your_remote_ip:port

Check out sercurity concern to protect your server.

Osmedeus use Django authentication system to manage users and create a token.

You directly create a new user by using this command below.

python3 server/manage.py createsuperuser

These users also used to login on Web UI.