Osmedeus is a workflow engine for offensive security that allows you to build and run reconnaissance systems on various targets (including domains, URLs, CIDRs, and GitHub repositories). Its design goal is to establish a solid foundation and have the ability to automatically adapt and run to perform reconnaissance tasks.
Project repository (written in Go language):
Reference documentation:
Installation
linux
bash <(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh)
After installation, check if it was successful by running the command:
osmedeus health
To view its default workflow:
There are also built-in work modules:
macos
bash <(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install-macos.sh)
Use case
- Start the web interface
osmedeus server
The account password is configured in ~/.osmedeus/config.yaml, once in the backend:
As an example, it will generate a final command for you, which can also be executed directly in the terminal:
osmedeus scan -f general -t xxxx.com
Conclusion
Overall, this tool is quite good, essentially combining the strengths of many tools to automate vulnerability discovery. Even if we don't use it for automated penetration testing work, it is a valuable resource for learning and reference. The integrated small tools are worth trying, as one of them may become a valuable asset in your arsenal.