Osmedeus – Fully automated offensive security framework for reconnaissance and vulnerability scanning

admin
Posted by admin October 19, 2020

Osmedeus – Fully automated offensive security framework for reconnaissance and vulnerability scanning

Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.

Installation

git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh

This install only focuses on Kali Linux, check more install on the Usage page.

NOTE: You might need to do sudo su before installing or using this otherwise you might get issues with dependency problems.

Using Docker

Check out docker-osmedeus by mabnavarrete

How to use

If you have no idea what are you doing just type the command below or check out the Advanced Usage

./osmedeus.py -t example.com

Features

  • Subdomain Scan.
  • Subdomain TakeOver Scan.
  • Screenshot the target.
  • Basic recon like Whois, Dig info.
  • Web Technology detection.
  • IP Discovery.
  • CORS Scan.
  • SSL Scan.
  • Wayback Machine Discovery.
  • URL Discovery.
  • Headers Scan.
  • Port Scan.
  • Vulnerable Scan.
  • Separate workspaces to store all scan output and details logging.
  • REST API.
  • React Web UI.
  • Support Continuous Scan.
  • Slack notifications.
  • Easily view report from the command line.

Check this Documentation for more detail about each module.

Love Osmedeus? Back it!

If you love my tool and would like to support my work. Become a backer and you will appear here.

INSTALLATION

For Kali Linux

git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh

For *nix OS

Change default shell and package manager on top of the install file and you will be fine to run.

git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh

For MacOS

Install golang officially or use homebrew and nmap, masscan. Change default shell and package manager on top of the install file and you will be fine to run.

git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh

Using Docker

Check out docker-osmedeus by mabnavarrete for docker installation.

TL;DR

Run this command to pull the container and install Osmedeus.

Installation

docker run -d --net host --name osmedeus mablanco/osmedeus

Simple usage

docker exec -it osmedeus ./osmedeus.py --client -t example.com

or access container through bash then navigate to ~/ and you’re good to go.

docker exec -it osmedeus /bin/bash -i

Access the UI

Credentials by default will place in ~/.osmedeus/config.conf. Make sure to change the Remote API in the Configuration tab to your interface that you’re running docker.

Setup REST API server on the remote server

Open your tmux or whatever and run the API server persistence by using this command

python3 server/manage.py runserver

or

python3 server/manage.py runserver 0.0.0.0:8000

if you want to bind this server on other IP and port.

Run osmedeus client

Open your tmux or whatever and run on that machine too (recommendation)

./osmedeus -t example.com

or if you really want to run a client on your server just do

./osmedeus -t example.com --remote http://your_remote_ip:port

Check out sercurity concern to protect your server.

Osmedeus use Django authentication system to manage users and create a token.

You directly create a new user by using this command below.

python3 server/manage.py createsuperuser

These users also used to login on Web UI.

More at: https://j3ssie.github.io/Osmedeus/

Demo

# normal routine
./osmedeus.py -t example.com
./osmedeus.py -T list_of_target.txt

# normal routine but slow speed on all moddule
./osmedeus.py -t example.com --slow 'all'

# normal routine but exclude some modules
./osmedeus.py -t example.com -x 'linkfinding,dirb'

# direct mode examples
./osmedeus.py -m subdomain -t example.com
./osmedeus.py -m portscan -i "1.2.3.4/24"

./osmedeus.py -m "portscan,vulnscan" -i "1.2.3.4/24" -w result_folder

# direct list mode examples
./osmedeus.py -m portscan -I list_of_targets.txt
./osmedeus.py -m portscan,vulnscan -I list_of_targets.txt
./osmedeus.py -m screen -I list_of_targets.txt -w result_folder

# report mode
./osmedeus.py -t example.com --report list
./osmedeus.py -t example.com --report export
./osmedeus.py -t example.com --report sum
./osmedeus.py -t example.com --report short
./osmedeus.py -t example.com --report full

What to do next after doing recon? Check out my scanner Jaeles.

Disclaimer

Most of this tool done by the authors of the tool that are listed in CREDITS.md. I’m just put all the pieces together, plus some extra magic.

This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it’s your fault, and your fault only.

Credits

Please take a look at CREDITS.md

Changelog

Please take a look at CHANGELOG.md

Contributors

If you have some new ideas about this project, issue, feedback or found some valuable tool feel free to open an issue for just DM me via @j3ssiejjj.

Special thanks

Thanks to @gujjuboy10x00 for contributing so many awesome ideas to this tool.

Code Contributors

This project exists thanks to all the people who contribute. [Contribute].

Financial Contributors

Become a financial contributor and help us sustain our community. [Contribute]

Organizations

Support this project with your organization. Your logo will show up here with a link to your website. [Contribute]

Tags: