Osmedeus v1.4 releases: Automatic Reconnaisance and Scanning in Penetration Testing
Osmedeus
Automatic Reconnaissance and Scanning in Penetration Testing
What is Osmedeus?
It allows you to do boring stuff in Pentesting automatically like reconnaissance and scanning the target by run the collection of awesome tools.
Feature
- Subdomain Scan.
- Subdomain TakeOver Scan.
- Screenshot the target.
- Basic recon like Whois, Dig info.
- Web Technology detection.
- IP Discovery.
- CORS Scan.
- SSL Scan.
- Wayback Machine Discovery.
- URL Discovery.
- Headers Scan.
- Port Scan.
- Vulnerable Scan.
- Seperate workspaces to store all scan output and details logging.
- REST API.
- React Web UI.
- Support Continuous Scan.
- Slack notifications.
Available modules with list tool being used
- Subdomain Scanning
- Subdomain TakeOver Scanning
- Screenshot the target
- Port Scanning
- Vulnerable Scan and beautify html report
- Git repo scanning
- Doing some stuff with Burp State file
- Directory search
- Bruteforce services
- Wordlists
Changelog v1.4
- Adding new AssetFinding module powered mostly by tomnomnom.
- Direct mode (specific module) now very powerful Detail.
- Improve the API architecture, from now you can run multi targets without crash the routine.
- Improve main routine and add options for custom speed of the routine.
- Adding some security feature for the API.
- Improve search and sort from the UI.
- Fix a lot of bugs and refactoring a lot of things.
Installation
git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh
This install only focus on Kali Linux, check more install on Wiki page
Use
./osmedeus.py -t example.com
List all module
./osmedeus.py -M
Update
./osmedeus.py --update
Scanning subdomain and Subdomain TakeOver
./osmedeus.py -m subdomain -t example.com
Osmedeus will run these tools below
- amass
- subfinder
- gobuster for brute force domain
massdns for brute force domain- Join the result and unique it
Screenshot
./osmedeus.py -m portscan -t example.com
Osmedeus will run these tools below
- aquatone for screenshot and footprinting the target
Eyewithness for screenshot the target
Port Scan
./osmedeus.py -m portscan -t example.com ./osmedeus.py -m portscan -T list_target.txt
- massdns ptr script for create ip from list of domain for masscan
- masscan for quick portscanning
- nmap for more accurate result
- vulners nmap script for vulnerable scan based on version
- nmap-bootstrap for create beatify report
Vulnerable Scan
./osmedeus.py -m vuln -t example.com ./osmedeus.py -m vuln -T list_target.txt
- vulners nmap script for vulnerable scan based on version
- nmap-bootstrap for creating beatify report
Doing directory search on the target
./osmedeus.py -m dir -t example.com
Osmedeus will run these tools below
- dirhunt for discovery and spider the target
- dirsearch for common directory search
- gobuster for brute force directory
Brute-force Services
Brute-force the services from the result we got from the portscan module.
./osmedeus.py -m brute -t example.com
Osmedeus will run these tools below
- nmap to detect services
- brutespray for brute-force common password on the service
Note that if run this module directly it will scan the target from the beginning
Git repo scanning
Scanning the repo for sensitive data.
./osmedeus.py -m git --git https://github.com/whatever/repo
Osmedeus will run these tools below truffleHog for scanning repo
Scanning with Burp State file
Doing some stuff like link finding, SQL Injection scan from your burp state file.
./osmedeus.py -m burp -t example.com --burp yourburpstate.xml
Osmedeus will run these tools below
- linkfinder for finding URL
- sqlmap for scanning sqli in burp state
- SleuthQL for detect sqli in burp state
Demo
Copyright (C) 2018 j3ssie
Source: https://github.com/j3ssie/
