Osmedeus: Fully Automated Offensive Security Framework
Osmedeus is a fully automated vulnerability scanner that analyses system, subdomain, and website to identify security holes. It is a useful security tool that can scan and take screenshots of the target.
Osmedeus: Open Source Web Reconnaissance and Vulnerability Scanner
Osmedeus is an open-source vulnerability scanner developed to protect your organization against imminent cyber-security threats. It combines the best of intranet and extranet surveillance. The tool has features that exceed most premium scanning and reconnaissance tools in the market.
It can be used to scan your target network and server for vulnerabilities. It features an impressive collection of tools such as web technology detection, IP discovery, and way back machine discovery. It can separate workspace to store all scan output and logging details. Finally, it supports a continuous scan and lets you view the scan report from the command line.
Furthermore, it is equipped with web technology detection, IP discovery, and way back machine discovery features. The application can separate workspace to store all scan output and details logging. Lastly, it can support a continuous scan and lets you view the scan report from the command line.
Highlights:
Features:
- Subdomain Scan
- Subdomain TakeOver Scan
- Screenshot the target
- Basic recon like Whois, Dig info
- Web Technology detection
- IP Discovery
- CORS Scan
- SSL Scan
- Wayback Machine Discovery
- URL Discovery
- Headers Scan
- Port Scan
- Vulnerable Scan
- Separate workspaces to store all scan output and details logging
- REST API
- React Web UI
- Support Continuous Scan
- Slack notifications
- Easily view report from commanad line
Supported platforms:
- Kali Linux, *nix OS, and macOS
Osmedeus install
Clone the repo, navigate to the working dir and run install script (recommended for Kali Linux users):
$ git clone https://github.com/j3ssie/Osmedeus
$ cd Osmedeus
$ ./install.sh
Basic Usage
Use -hh to get a list of all available options/commands:
[*] Visit this page for complete usage: https://j3ssie.github.io/Osmedeus/
Basic Usage
===========
python3 osmedeus.py -t <your_target>
python3 osmedeus.py -T <list_of_targets>
python3 osmedeus.py -m <module> [-i <input>|-I <input_file>] [-t workspace_name]
python3 osmedeus.py --report <mode> -t <workspace> [-m <module>]
Advanced Usage
==============
[*] List all module
python3 osmedeus.py -M
[*] List all report mode
python3 osmedeus.py --report help
[*] Running with specific module
python3 osmedeus.py -t <result_folder> -m <module_name> -i <your_target>
[*] Example command
python3 osmedeus.py -m subdomain -t example.com
python3 osmedeus.py -t example.com --slow "subdomain"
python3 osmedeus.py -t sample2 -m vuln -i hosts.txt
python3 osmedeus.py -t sample2 -m dirb -i /tmp/list_of_hosts.txt
Remote Options
==============
--remote REMOTE Remote address for API, (default: https://127.0.0.1:5000)
--auth AUTH Specify authentication e.g: --auth="username:password"
See your config file for more detail (default: core/config.conf)
--client just run client stuff in case you already ran the Django server before
More options
==============
--update Update lastest from git
-c CONFIG, --config CONFIG
Specify config file (default: core/config.conf)
-w WORKSPACE, --workspace WORKSPACE
Custom workspace folder
-f, --force force to run the module again if output exists
-s, --slow "all"
All module running as slow mode
-s, --slow "subdomain"
Only running slow mode in subdomain module
--debug Just for debug purpose
