Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.
Installation
cd Osmedeus
./install.sh
This install only focuses on Kali Linux, check more install on the Usage page .
NOTE: You might need to do sudo su before installing or using this otherwise you might get issues with dependency problems.
Using Docker:
If you have no idea what are you doing just type the command below or check out the
Advanced Usage
./osmedeus.py -t example.com
Features
Subdomain Scan.
Subdomain TakeOver Scan.
Screenshot the target.
Basic recon like Whois, Dig info.
Web Technology detection.
IP Discovery.
CORS Scan.
SSL Scan.
Wayback Machine Discovery.
URL Discovery.
Headers Scan.
Port Scan.
Vulnerable Scan.
Separate workspaces to store all scan output and details logging.
REST API.
React Web UI.
Support Continuous Scan.
Slack notifications.
Easily view report from the command line.
INSTALLATION
For Kali Linux
git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh
For unix OS
Change default shell and package manager on top of the install file and you will be fine to run.
git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh
For MacOS
Install golang officially or use homebrew and nmap, masscan. Change default shell and package manager on top of the install file and you will be fine to run.
git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh
Using Docker
Check out docker-osmedeus by mabnavarrete for docker installation.
TL;DR
Run this command to pull the container and install Osmedeus.
Installation
docker run -d --net host --name osmedeus mablanco/osmedeus
Simple usage
docker exec -it osmedeus ./osmedeus.py --client -t example.com
or access container through bash then navigate to ~/ and you’re good to go.
docker exec -it osmedeus /bin/bash -i
Access the UI
Credentials by default will place in
~/.osmedeus/config.conf . Make sure to change the Remote API in the Configuration tab to your interface that you’re running docker.
Setup REST API server on the remote server
Open your tmux or whatever and run the API server persistence by using this command
python3 server/manage.py runserver
or
python3 server/manage.py runserver 0.0.0.0:8000
if you want to bind this server on other IP and port.
Run osmedeus client
Open your tmux or whatever and run on that machine too (recommendation)
./osmedeus -t example.com
or if you really want to run a client on your server just do
./osmedeus -t example.com --remote http://your_remote_ip:port
Check out sercurity concern to protect your server.
Osmedeus use Django authentication system to manage users and create a token.
You directly create a new user by using this command below.
python3 server/manage.py createsuperuser
These users also used to login on Web UI.
Example Commands
# normal routine
./osmedeus.py -t example.com
./osmedeus.py -T list_of_target.txt
# normal routine but slow speed on all moddule
./osmedeus.py -t example.com --slow 'all'
# normal routine but exclude some modules
./osmedeus.py -t example.com -x 'linkfinding,dirb'
# direct mode examples
./osmedeus.py -m subdomain -t example.com
./osmedeus.py -m portscan -i "1.2.3.4/24"
./osmedeus.py -m "portscan,vulnscan" -i "1.2.3.4/24" -w result_folder
# direct list mode examples
./osmedeus.py -m portscan -I list_of_targets.txt
./osmedeus.py -m portscan,vulnscan -I list_of_targets.txt
./osmedeus.py -m screen -I list_of_targets.txt -w result_folder
# report mode
./osmedeus.py -t example.com --report list
./osmedeus.py -t example.com --report export
./osmedeus.py -t example.com --report sum
./osmedeus.py -t example.com --report short
./osmedeus.py -t example.com --report full
No comments:
Post a Comment