Offensive Security Tool: Osmedeus

Reading Time: 3 Minutes

Offensive Security Tool: Osmedeus

GitHub Link

Osmedeus Core Engine

Osmedeus – A Workflow Engine for Offensive Security

Osmedeus by J3ssie, is a Workflow Engine for Offensive Security. It was designed to build a foundation with the capability and flexibility that allow you to automatic your reconnaissance methodology on a large number of targets.

Performing Bug Bounty or Pentesting against huge companies with many indexed pages requires a special technique, experienced bug bounty hunters create their own methodologies that consist of the way they think of building a tool with speed, less false positives and more accurate results done in the way its coded. This tool, automated all these techniques and lets you focus on the findings and results which is what goes down to at the end. It combines some of the most used bug bounty tools into one whole workflow automated system ready to go! The Engine has successfully found a tremendous number of security vulnerabilities in many big companies out there with its unique reconnaissance methodology such as: Google, Microsoft, Starbucks, Apple, Netflix, PayPal and many more!

Features

This latest V4 Release written in GO brings outstanding new features such as:

-Better Architecture
-Faster, Stable and More Flexible
-Easier to Customize and Extend
-Auto Clean Junk Output and Backup
-Cloud Distributed Scans
-Synchronize data across machines

See Also: iOS malware can fake iPhone shut downs to snoop on camera, microphone

Installation

| NOTE that you need some essential tools like curl, wget, git, zip and login as root to start

bash -c “$(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh)”

Build the engine

Make sure you installed golang >= v1.17

mkdir -p $GOPATH/src/github.com/j3ssie
git clone –depth=1 https://github.com/j3ssie/osmedeus $GOPATH/src/github.com/j3ssie/osmedeus
cd $GOPATH/src/github.com/j3ssie/osmedeus
make build

See Also: Complete Offensive Security and Ethical Hacking Course

Usage

# Practical Usage:
osmedeus scan -f [flowName] -t [target]
osmedeus scan -f [flowName] -T [targetsFile]
osmedeus scan -f /path/to/flow.yaml -t [target]
osmedeus scan -m /path/to/module.yaml -t [target] –params ‘port=9200’
osmedeus scan -m /path/to/module.yaml -t [target] -l /tmp/log.log
cat targets | osmedeus scan -f sample

# Example Commands:
osmedeus scan -t target.com
osmedeus scan -T list_of_targets.txt -W custom_workspaces
osmedeus scan -t target.com -w workspace_name –debug
osmedeus scan -f single -t www.sample.com
osmedeus scan -f ovuln-T list_of_target.txt
osmedeus scan -m ~/osmedeus-base/workflow/test/dirbscan.yaml -t list_of_urls.txt
osmedeus health
ls ~/.osmedeus/storages/summary/ | osmedeus scan -m ~/osmedeus-base/workflow/test/dirbscan.yaml
ls ~/.osmedeus/storages/summary/ | osmedeus scan -m ~/osmedeus-base/workflow/test/busting.yaml -D

# Start Web UI at https://localhost:8000/ui/
osmedeus server
# login with credentials from `~/.osmedeus/config.yaml`

# Delete workspace
osmedeus config delete -w workspace_name

See Also: Hacking stories – Rafael Núñez (aka RaFa), hacking NASA with the hacking group: World of Hell