Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/j3ssie/osmedeus
A Workflow Engine for Offensive Security
https://github.com/j3ssie/osmedeus
attack-surface attack-surface-management bug-bounty bugbounty go golang hacking hacking-tool information-gathering osint penetration-testing pentest-tool pentesting reconnaissance scanning security security-tools
Last synced: 2 days ago
JSON representation
A Workflow Engine for Offensive Security
- Host: GitHub
- URL: https://github.com/j3ssie/osmedeus
- Owner: j3ssie
- License: mit
- Created: 2018-11-10T04:17:18.000Z (about 6 years ago)
- Default Branch: main
- Last Pushed: 2024-05-27T04:29:10.000Z (7 months ago)
- Last Synced: 2024-10-29T15:34:03.412Z (about 1 month ago)
- Topics: attack-surface, attack-surface-management, bug-bounty, bugbounty, go, golang, hacking, hacking-tool, information-gathering, osint, penetration-testing, pentest-tool, pentesting, reconnaissance, scanning, security, security-tools
- Language: Go
- Homepage: https://osmedeus.org/
- Size: 27.9 MB
- Stars: 5,326
- Watchers: 133
- Forks: 879
- Open Issues: 18
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- Awesome-OSINT-For-Everything - Osmedeus - Osmedeus is a Workflow Engine for Offensive Security. It was designed to build a foundation with the capability and flexibility that allows you to build your own reconnaissance system and run it on a large number of targets. (Recon)
- awesome-golang-repositories - osmedeus
- awesome-hacking-lists - j3ssie/osmedeus - A Workflow Engine for Offensive Security (Go)
- StarryDivineSky - j3ssie/osmedeus
README
# Osmedeus Core Engine
Osmedeus - A Workflow Engine for Offensive Security
***
## 🔥 What is Osmedeus?
Osmedeus is a Workflow Engine for Offensive Security. It was designed to build a foundation with the capability and
flexibility that allows you to build your own reconnaissance system and run it on a large number of targets.## 📖 Documentation & FAQ
You can check out the documentation at [**docs.osmedeus.org**](https://docs.osmedeus.org) and the Frequently Asked
Questions at [**here**](https://docs.osmedeus.org/faq) for more information.## 📦 Installation
> NOTE that you need some essential tools like `curl, wget, git, zip` and login as **root** to start
```bash
bash <(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh)
```### Build the engine from the source
Make sure you installed `golang >= v1.17`
```bash
go install -v github.com/j3ssie/osmedeus@latest
```Check out [**this page**](https://docs.osmedeus.org/installation/) for more the install on other platforms and [**docker
image**](https://docs.osmedeus.org/installation/using-docker/).## 🚀 Key Features of Osmedeus
- [x] Significantly speed up your recon process
- [x] Organize your scan results
- [x] Efficiently to customize and optimize your recon process
- [x] Seamlessly integrate with new public and private tools
- [x] Easy to scale across large number of targets
- [x] Easy to synchronize the results across many places## 💡 Usage
```bash
# Example Scan Commands:
## Start a simple scan with default 'general' flow
osmedeus scan -t sample.com## Start a general scan but exclude some of the module
osmedeus scan -t sample.com -x screenshot -x spider## Start a scan directly with a module with inputs as a list of http domains like this https://sub.example.com
osmedeus scan -m content-discovery -t http-file.txt## Initiate the scan using a speed option other than the default setting
osmedeus scan -f vuln --tactic gently -t sample.com
osmedeus scan --threads-hold=10 -t sample.com
osmedeus scan -B 5 -t sample.com## Start a simple scan with other flow
osmedeus scan -f vuln -t sample.com
osmedeus scan -f extensive -t sample.com -t another.com
osmedeus scan -f urls -t list-of-urls.txt## Scan list of targets
osmedeus scan -T list_of_targets.txt
osmedeus scan -f vuln -T list-of-targets.txt## Performing static vulnerability scan and secret scan on a git repo
osmedeus scan -m repo-scan -t https://github.com/j3ssie/sample-repo
osmedeus scan -m repo-scan -t /tmp/source-code-folder
osmedeus scan -m repo-scan -T list-of-repo.txt## Scan for CIDR with file contains CIDR with the format '1.2.3.4/24'
osmedeus scan -f cidr -t list-of-ciders.txt
osmedeus scan -f cidr -t '1.2.3.4/24' # this will auto convert the single input to the file and run## Directly run on vuln scan and directory scan on list of domains
osmedeus scan -f domains -t list-of-domains.txt
osmedeus scan -f vuln-and-dirb -t list-of-domains.txt## Use a custom wordlist
osmedeus scan -t sample.com -p 'wordlists={{Data}}/wordlists/content/big.txt'## Use a custom wordlist
cat list_of_targets.txt | osmedeus scan -c 2## Start a normal scan and backup entire workflow folder to the backup folder
osmedeus scan --backup -f domains -t list-of-subdomains.txt## Start the scan with chunk inputs to review the output way more much faster
osmedeus scan --chunk --chunk-parts 20 -f cidr -t list-of-100-cidr.txt## Continuously run the scan on a target right after it finished
osmedeus utils cron --for --cmd 'osmedeus scan -t example.com'## Backing up all workspaces
ls ~/workspaces-osmedeus | osmedeus report compress# Scan Usage:
osmedeus scan -f [flowName] -t [target]
osmedeus scan -m [modulePath] -T [targetsFile]
osmedeus scan -f /path/to/flow.yaml -t [target]
osmedeus scan -m /path/to/module.yaml -t [target] --params 'port=9200'
osmedeus scan -m /path/to/module.yaml -t [target] -l /tmp/log.log
osmedeus scan --tactic aggressive -m module -t [target]
cat targets | osmedeus scan -f sample# Practical Scan Usage:
osmedeus scan -T list_of_targets.txt -W custom_workspaces
osmedeus scan -t target.com -w workspace_name --debug
osmedeus scan -f general -t sample.com
osmedeus scan --tactic aggressive -f general -t sample.com
osmedeus scan -f extensive -t sample.com -t another.com
cat list_of_urls.txt | osmedeus scan -f urls
osmedeus scan --threads-hold=15 -f cidr -t 1.2.3.4/24
osmedeus scan -m ~/.osmedeus/core/workflow/test/dirbscan.yaml -t list_of_urls.txt
osmedeus scan --wfFolder ~/custom-workflow/ -f your-custom-workflow -t list_of_urls.txt
osmedeus scan --chunk --chunk-part 40 -c 2 -f cidr -t list-of-cidr.txt💡 For full help message, please run: osmedeus --hh or osmedeus scan --hh
📖 Documentation can be found here: https://docs.osmedeus.org
```Check out [**this page**](https://docs.osmedeus.org/installation/usage/) for full usage and the [**Practical Usage**](https://docs.osmedeus.org/installation/practical-usage/) to see how to use Osmedeus in a practical way.
## 💬 Community & Discussion
Join Our Discord server [here](https://discord.gg/mtQG2FQsYA)
## 💎 Donation & Sponsor
Check out for a couple of donation methods here to get a premium package
## License
`Osmedeus` is made with ♥ by [@j3ssiejjj](https://twitter.com/j3ssiejjj) and it is released under the MIT license.