Saturday, April 19, 2025
HomeComputer SecurityOsmedeus - Fully Automated Offensive Security Tool for Reconnaissance & Vulnerability Scanning

Osmedeus – Fully Automated Offensive Security Tool for Reconnaissance & Vulnerability Scanning

Published on

SIEM as a Service

Follow Us on Google News

Osmedeus is a fully automated tool that allows you to run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.

How to use

If you have no idea what are you doing just type the command below or check out the Advance Usage.

./osmedeus.py -t example.com

Installation in detail

For Kali Linux

git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh

For *nix OS

Check out default shell and package manager in the install and you will be fine

- Advertisement - Google News
git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh

For MacOS

Install golang official or using homebrew and nmap, masscan. Setup your GOPATH like in the install file and you’re good to run. Most of those tools are work fine on MacOS but to install massdns you gonna need to change options to install it from make to make nolinux in install.sh.

git clone https://github.com/j3ssie/Osmedeus
cd Osmedeus
./install.sh

This install only focus on Kali linux, check more install on Wiki page

Features

  • Subdomain Scan.
  •  Subdomain TakeOver Scan.
  •  Screenshot the target.
  •  Basic recon like Whois, Dig info.
  •  IP Discovery.
  •  CORS Scan.
  •  SSL Scan.
  •  Headers Scan.
  •  Port Scan.
  •  Vulnerable Scan.
  •  Separate workspaces to store all scan output and details logging.
  •  REST API.
  •  SPA Web UI.
  •  Slack notifications.

Osmedeus will run as a Quick Speed:

  • Subdomain Scanning
  • ScreenShot the target
  • Subdomain TakeOver Scanning
  • Scanning for CorsScan
  • Discovery IP space
  • SSL Scan
  • Port Scanning and Vulnerable Scan

List all module

./osmedeus.py -M

Using specific module

Scanning subdomain and Subdomain TakeOver

./osmedeus.py -m subdomain -t example.com

Screenshot the target

./osmedeus.py -m portscan -t example.com

Port Scan and Vulnerable Scan on the target

./osmedeus.py -m portscan -t example.com

Vulnerable Scan on the target

./osmedeus.py -m vuln -t example.com

Doing directory search on the target

./osmedeus.py -m dir -t example.com

Doing brute force on the service result from scanning service

./osmedeus.py -m brute -t example.com

Git repo scanning

./osmedeus.py -m git --git https://github.com/whatever/repo

Doing some stuff with Burp State file

./osmedeus.py -m burp -t example.com --burp yourburpstate.xml

Demo

Disclaimer

Most of this tool done by the authors of the tool that you can see in the module folder. I just put all the pieces together, plus some extra boring stuff that we don’t wanna do everyday.

This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it’s your fault, and your fault only.

Contribute

Please take a look at CONTRIBUTING.md

CREDITS

Please take a look at CREDITS.md

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

How SMBs Can Improve SOC Maturity With Limited Resources

Small and Medium-sized Businesses (SMBs) have become prime targets for cybercriminals, being three times...

How To Detect Obfuscated Malware That Evades Static Analysis Tools

Obfuscated malware presents one of the most challenging threats in cybersecurity today. As static...

How Security Analysts Detect and Prevent DNS Tunneling Attack In Enterprise Networks

DNS tunneling represents one of the most sophisticated attack vectors targeting enterprise networks today,...

How to Conduct a Cloud Security Assessment

Cloud adoption has transformed organizations' operations but introduces complex security challenges that demand proactive...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Critical AnythingLLM Vulnerability Exposes Systems to Remote Code Execution

A critical security flaw (CVE-2024-13059) in the open-source AI framework AnythingLLM has raised alarms across cybersecurity...

PoC Released for Linux Kernel Vulnerability Allowing Privilege Escalation

A security vulnerability, tracked as CVE-2024-53141, has recently come to light in the Linux kernel's...

Bubble.io 0-Day Flaw Lets Attackers Run Arbitrary Queries on Elasticsearch

A vulnerability in Bubble.io, a leading no-code development platform, has exposed thousands of applications...