Osmedeus: Fully Automated Offensive Security Framework


Osmedeus: Fully Automated Offensive Security Framework

Osmedeus is a fully automated vulnerability scanner that analyses system, subdomain, and website to identify security holes. It is a useful security tool that can scan and take screenshots of the target.

Osmedeus: Fully Automated Offensive Security Framework Logo

Osmedeus: Open Source Web Reconnaissance and Vulnerability Scanner

Osmedeus is an open-source vulnerability scanner developed to protect your organization against imminent cyber-security threats. It combines the best of intranet and extranet surveillance. The tool has features that exceed most premium scanning and reconnaissance tools in the market.

It can be used to scan your target network and server for vulnerabilities. It features an impressive collection of tools such as web technology detection, IP discovery, and way back machine discovery. It can separate workspace to store all scan output and logging details. Finally, it supports a continuous scan and lets you view the scan report from the command line.

Furthermore, it is equipped with web technology detection, IP discovery, and way back machine discovery features. The application can separate workspace to store all scan output and details logging. Lastly, it can support a continuous scan and lets you view the scan report from the command line.

Osmedeus Architecture

Highlights:

If used well, Osmedeus can be a powerful and effective surveillance and vulnerability scanner. You can use it to gather information about the servers and identify the behavior patterns of the target. While this tool is designed to collect data from the web servers and for educational purposes, you should use it ethically and observe Cybersecurity law.

Features:

  • Subdomain Scan
  • Subdomain TakeOver Scan
  • Screenshot the target
  • Basic recon like Whois, Dig info
  • Web Technology detection
  • IP Discovery
  • CORS Scan
  • SSL Scan
  • Wayback Machine Discovery
  • URL Discovery
  • Headers Scan
  • Port Scan
  • Vulnerable Scan
  • Separate workspaces to store all scan output and details logging
  • REST API
  • React Web UI
  • Support Continuous Scan
  • Slack notifications
  • Easily view report from commanad line

Supported platforms:

  • Kali Linux, *nix OS, and macOS

Osmedeus install

Clone the repo, navigate to the working dir and run install script (recommended for Kali Linux users):

$ git clone https://github.com/j3ssie/Osmedeus 
$ cd Osmedeus
$ ./install.sh
Note – *nix OS and macOS users: before installing, ensure you change the package manager and default shell and then proceed to run.

Basic Usage

Use -hh to get a list of all available options/commands:

[*] Visit this page for complete usage: https://j3ssie.github.io/Osmedeus/

Basic Usage
===========   
python3 osmedeus.py -t <your_target> 
python3 osmedeus.py -T <list_of_targets>
python3 osmedeus.py -m <module> [-i <input>|-I <input_file>] [-t workspace_name]
python3 osmedeus.py --report <mode> -t <workspace> [-m <module>]

Advanced Usage 
============== 
[*] List all module
python3 osmedeus.py -M

[*] List all report mode
python3 osmedeus.py --report help

[*] Running with specific module
python3 osmedeus.py -t <result_folder> -m <module_name> -i <your_target>
   
[*] Example command 
python3 osmedeus.py -m subdomain -t example.com
python3 osmedeus.py -t example.com --slow "subdomain"
python3 osmedeus.py -t sample2 -m vuln -i hosts.txt
python3 osmedeus.py -t sample2 -m dirb -i /tmp/list_of_hosts.txt

Remote Options
============== 
--remote REMOTE       Remote address for API, (default: https://127.0.0.1:5000)
--auth AUTH           Specify authentication e.g: --auth="username:password"
                      See your config file for more detail (default: core/config.conf)

--client              just run client stuff in case you already ran the Django server before
 
More options
==============
--update              Update lastest from git 

-c CONFIG, --config CONFIG
                      Specify config file (default: core/config.conf)

-w WORKSPACE, --workspace WORKSPACE
                      Custom workspace folder

-f, --force           force to run the module again if output exists
-s, --slow  "all"
                      All module running as slow mode
-s, --slow  "subdomain"
                      Only running slow mode in subdomain module
  
--debug               Just for debug purpose
Documentation Box
Download Box