Osmedeus is a workflow engine for offensive security that allows you to build and run reconnaissance systems on various targets (including domains, URLs, CIDR, and GitHub repositories). Its design goal is to establish a solid foundation and have the ability to automatically adapt and run to perform reconnaissance tasks.
Project repository (written in Go language):
Reference documentation:
Installation
linux
bash <(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh)
After installation, check if it was successful by running the command:
osmedeus health
Check if it was installed successfully and its default workflow:
There are also built-in work modules:
macos
bash <(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install-macos.sh)
Use Case
- Start the web interface
osmedeus server
The account password is configured in ~/.osmedeus/config.yaml. After entering the backend:
As an example, it will generate a final command for you, which can also be executed directly in the terminal:
osmedeus scan -f general -t xxxx.com
Conclusion
Overall, this tool is quite good, essentially combining the strengths of various tools to automate vulnerability discovery. It has done a lot of work for this goal. Even if we don't use it for automated penetration testing, it is still a very good learning reference material. The integrated small tools are worth trying, maybe one of them will become a member of your arsenal.