Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.
Installation
git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh
NOTE: You might need to do sudo su
before install or using this otherwise you might get issues with dependency problems.
Check out docker-osmedeus by mabnavarrete
How to use
If you have no idea what are you doing just type the command below or check out the Advanced Usage
"
"
./osmedeus.py -t example.com
Features
- Subdomain Scan.
- Subdomain TakeOver Scan.
- Screenshot the target.
- Basic recon like Whois, Dig info.
- Web Technology detection.
- IP Discovery.
- CORS Scan.
- SSL Scan.
- Wayback Machine Discovery.
- URL Discovery.
- Headers Scan.
- Port Scan.
- Vulnerable Scan.
- Seperate workspaces to store all scan output and details logging.
- REST API.
- React Web UI.
- Support Continuous Scan.
- Slack notifications.
- Easily view report from commnad line.
Check this Documentation for more detail about each module.
Demo
- normal routine
./osmedeus.py -t example.com
./osmedeus.py -T list_of_target.txt
- normal routine but slow speed on all moddule
./osmedeus.py -t example.com --slow 'all'
- normal routine but exclude some modules
./osmedeus.py -t example.com -x 'linkfinding,dirb'
- direct mode examples
./osmedeus.py -m subdomain -t example.com
./osmedeus.py -m portscan -i "1.2.3.4/24"
./osmedeus.py -m "portscan,vulnscan" -i "1.2.3.4/24" -w result_folder
- direct list mode examples
./osmedeus.py -m portscan -I list_of_targets.txt
./osmedeus.py -m portscan,vulnscan -I list_of_targets.txt
./osmedeus.py -m screen -I list_of_targets.txt -w result_folder
- report mode
./osmedeus.py -t example.com --report list
./osmedeus.py -t example.com --report export
./osmedeus.py -t example.com --report sum
./osmedeus.py -t example.com --report short
./osmedeus.py -t example.com --report full
Dark Mode
Osmedeus (this link opens in a new window) by j3ssie (this link opens in a new window)
Fully automated offensive security framework for reconnaissance and vulnerability scanning