Osmedeus

Automatic Reconnaissance and Scanning in Penetration Testing

What is Osmedeus?

It allows you to do boring stuff in Pentesting automatically like reconnaissance and scanning the target by run the collection of awesome tools.

Available modules with list tool being used

• Subdomain Scanning
  • amass
  • subfinder
  • massdns
• Subdomain TakeOver Scanning
  • subjack
  • SubOver
• Screenshot the target
  • aquatone
  • EyeWitness
• Port Scanning
  • masscan
  • nmap
• Vulnerable Scan and beautify html report
  • nmap-vulners
  • nmap-bootstrap-xsl
• Git repo scanning
  • truffleHog
  • gitrob
• Doing some stuff with Burp State file
  • sqlmap
  • SleuthQL
  • LinkFinder
• Directory search
  • dirhunt
  • dirsearch
  • gobuster
• Bruteforce services
  • brutespray
• Wordlists
  • domain
  • web-content

Changelog v1.2

• Fix a lot of bugs.
• Improve API architecture.
• Adding JWT token for API.
• Update new Web UI powered by atlaskit.
• Adding more tools and features.

Installation

git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh

This install only focus on Kali Linux, check more install on Wiki page

Use

./osmedeus.py -t example.com

List all module

./osmedeus.py -M

Update

./osmedeus.py --update

Scanning subdomain and Subdomain TakeOver

./osmedeus.py -m subdomain -t example.com

Osmedeus will run these tools below

• amass
• subfinder
• gobuster for brute force domain
• massdns for brute force domain
• Join the result and unique it

Screenshot

./osmedeus.py -m portscan -t example.com

Osmedeus will run these tools below

• aquatone for screenshot and footprinting the target
• Eyewithness for screenshot the target

Port Scan

./osmedeus.py -m portscan -t example.com
./osmedeus.py -m portscan -T list_target.txt

• massdns ptr script for create ip from list of domain for masscan
• masscan for quick portscanning
• nmap for more accurate result
• vulners nmap script for vulnerable scan based on version
• nmap-bootstrap for create beatify report

Vulnerable Scan

./osmedeus.py -m vuln -t example.com
./osmedeus.py -m vuln -T list_target.txt

• vulners nmap script for vulnerable scan based on version
• nmap-bootstrap for creating beatify report

Doing directory search on the target

./osmedeus.py -m dir -t example.com

Osmedeus will run these tools below

• dirhunt for discovery and spider the target
• dirsearch for common directory search
• gobuster for brute force directory

Brute-force Services

Brute-force the services from the result we got from the portscan module.

./osmedeus.py -m brute -t example.com

Osmedeus will run these tools below

• nmap to detect services
• brutespray for brute-force common password on the service

Note that if run this module directly it will scan the target from the beginning

Git repo scanning

Scanning the repo for sensitive data.

./osmedeus.py -m git --git https://github.com/whatever/repo

Osmedeus will run these tools below truffleHog for scanning repo

Scanning with Burp State file

Doing some stuff like link finding, SQL Injection scan from your burp state file.

./osmedeus.py -m burp -t example.com --burp yourburpstate.xml

Osmedeus will run these tools below

• linkfinder for finding URL
• sqlmap for scanning sqli in burp state
• SleuthQL for detect sqli in burp state

Tutorial

Demo

Copyright (C) 2018 j3ssie 

Source: https://github.com/j3ssie/