Tuesday, April 30, 2019

Fully Automate  Reconnaissance And Vulnerability Scanning with Osmedeus

Automation!

We require many tools for vulnerability scanning and information gathering of a target system in the field of pen-testing. And that's very time-consuming lots of work. 

What if we collect all the tools we need and automate them?

That what exactly Osmedeus tool does. Osmedeus is nothing but a collection of awesome tools required for vulnerability scanning and information gathering and automates the run of the tools. Osmedeus is a collection of 16 features and more features are coming soon! The creator is also working to give you the option for TOR access and proxy setting.

The best thing about this tool is it gives you both Web UI and console. If you don't like console as much as the pen-testers do, you can access the Web UI at 127.0.0.1/5000 if you are running it on a local machine. But if you're going to run Osmedeus server and client separately(Remote). You need to change The API URL in the configuration section in the Web UI.

Features:

⏩ Subdomain scan
⏩ Subdomain Takeover Scan
⏩ Screenshot the targe
⏩ Basic recon like Whois, Dig info
⏩ Web Technology detection
⏩ IP discovery
⏩ CORS Scan
⏩ SSL scan
⏩ Headers Scan
⏩ Port Scan
⏩ Vulnerable
⏩ Separate workspaces to store all scan output and details logging
⏩ REST API
⏩ React Web UI
⏩ Support Continuous Scan
⏩ Slack notifications

Configure Osmedeus in Linux

Fire up your Linux machine, open up the terminal, change the directory to the Desktop and download Osmedeus from Github.

cd Desktop/

Change the directory to the Osmedeus folder. Here you can see the script named with install.sh. This is the script we need to install Osmedeus.  If you don't have root permission to run this script, don't worry just follow the commands.

chmod +x install.sh
./install.sh

Great! The script is installed successfully. Now let's check both the Web UI and console.

Run the Modules in Console

Running Osmedeus in the terminal is just a job of a few command lines. Use the command lines listed below to make use of the tool.
Fully Automate  Reconnaissance And Vulnerability Scanning with Osmedeus

./Osmedeus.py -h  -To get the optional arguments.
./Osmedeus.py -M - Tolist all the modules
./Osmedeus.py -t example.com -To scan a target
./Osmedeus.py --update - To update the tool 

Setup the Web UI

To make the Web UI work, you need to satisfy some requirements. Install npm and yarn with these command lines.

apt-get install yarn
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.1/install.sh
nvm install node
nvm use node
Fully Automate  Reconnaissance And Vulnerability Scanning with Osmedeus

Now access the Web UI at http://127.0.0.1/5000. in the home you will get the login page. Fill up the credentials from Osmedeus/core/config.cnf. Open up the config.cnf in a text editor and find for the credentials.

Conclusion

Osmedeus is a little heavy tool as it is a collection of many modules. Though it is still in development and sometimes gives errors but maximum part of it works great.

This tool is really a good tool and we should thank the creator for that. How much do you want to rate out of 10 for this tool?

You may get many problems while installing the tool. Let us know your problems in the comment box, we will try our best to solve them.

Comments 0

Thanks for visiting us. Please Do comment with a valid name. Don't comment as Unknown.
(Warning: Do not spam in the comment box. Repetitive comments will not be moderated.)
EmoticonEmoticon

Submit Your Email Address to get Our Latest EASY TO READ Articles directly in Your Inbox