mablanco / docker-osmedeus Goto Github PK
View Code? Open in Web Editor NEWDocker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning
License: GNU General Public License v3.0
Docker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning
License: GNU General Public License v3.0
i just ran it on Docker first time, and got this error.
.................
[*] Waiting for TakeOverScanning module
--~~~=[ TakeOverScanning Done ]=~~~--
--~~~=[ ScreenShot the target ]=~~~--
[+] Make new directory: /home/Osmedeus/workspaces/www.site.com/screenshot
Traceback (most recent call last):
File "./osmedeus.py", line 151, in <module>
main()
File "./osmedeus.py", line 147, in main
parsing_argument(args)
File "./osmedeus.py", line 53, in parsing_argument
single_target(options)
File "./osmedeus.py", line 84, in single_target
routine.normal(options)
File "/home/Osmedeus/core/routine.py", line 43, in normal
screenshot.ScreenShot(options)
File "/home/Osmedeus/modules/screenshot.py", line 25, in __init__
self.initial()
File "/home/Osmedeus/modules/screenshot.py", line 46, in initial
self.screenshots(self.is_direct)
File "/home/Osmedeus/modules/screenshot.py", line 69, in screenshots
if not utils.not_empty_file(input_file):
File "/home/Osmedeus/core/utils.py", line 158, in not_empty_file
fpath = os.path.normpath(filepath)
File "/usr/lib/python3.5/posixpath.py", line 333, in normpath
initial_slashes = path.startswith(sep)
AttributeError: 'bool' object has no attribute 'startswith'
Docker image started with suggestion as per readme fails on screenshot. Log here:
$ docker exec -it osmedeus ./osmedeus.py --client -t starbucks.com
`@@`
@@@@@@
.@@` `@@.
:@ @:
:@ :@ @:
:@ :@ @:
:@ @:
`@@. .@@`
@@@@@@
@@
@ @@ @
+@@ @@ @@+
@@:@#@,@@,@#@:@@
;@+@@`#@@@@#`@@+@;
@+ #@@@@@@@@@@# +@
@@ @+`@@@@@@`+@ @@
@. @ ;@@; @ .@
#@ '@ @; @#
Osmedeus v1.5 by @j3ssiejjj
¯\_(ツ)_/¯
--~~~=[ Scanning for Subdomain TakeOver ]=~~~--
[+] Starting tko-subs
[+] Starting Subjack
[*] Waiting for TakeOverScanning module
--~~~=[ TakeOverScanning Done ]=~~~--
--~~~=[ ScreenShot the target ]=~~~--
[+] Make new directory: /root/.osmedeus/workspaces/starbucks.com/screenshot
Traceback (most recent call last):
File "./osmedeus.py", line 185, in
main()
File "./osmedeus.py", line 181, in main
parsing_argument(args)
File "./osmedeus.py", line 60, in parsing_argument
single_target(options)
File "./osmedeus.py", line 93, in single_target
routine.normal(options)
File "/home/Osmedeus/core/routine.py", line 43, in normal
screenshot.ScreenShot(options)
File "/home/Osmedeus/modules/screenshot.py", line 26, in init
self.initial()
File "/home/Osmedeus/modules/screenshot.py", line 47, in initial
self.screenshots(self.is_direct)
File "/home/Osmedeus/modules/screenshot.py", line 68, in screenshots
if not utils.not_empty_file(input_file):
File "/home/Osmedeus/core/utils.py", line 167, in not_empty_file
fpath = os.path.normpath(filepath)
File "/usr/lib/python3.7/posixpath.py", line 340, in normpath
path = os.fspath(path)
TypeError: expected str, bytes or os.PathLike object, not bool
docker run -it --rm -p 8000:8000 mablanco/osmedeus python server/manage.py runserver
"Couldn't import Django. Are you sure it's installed and "
ImportError: Couldn't import Django. Are you sure it's installed and available on your PYTHONPATH environment variable? Did you forget to activate a virtual environment?
$ docker volume create osmedeus_workspaces
$ docker run -it --rm --name osmedeus -v osmedeus_workspaces:/root/.osmedeus/workspaces -p 8000:8000 mablanco/osmedeus ./osmedeus.py -t example.com
Hi
could you please update from osmedeus 1.3 to update osmedeus 1.4?
thanks
docker run -d --net host --name osmedeus -v osmedeus_workspaces:/home/Osmedeus/workspaces mablanco/osmedeus
398f828861ee5e2633e5f78402b273e327c3e33f7abdd8d8d4ce54a04b5800e
git:(master)
x@x:s007->/Users/x/docker-osmedeus (0) git:(master)
docker exec -it osmedeus ./osmedeus.py --client -t c.com
`@@`
@@@@@@
.@@` `@@.
:@ @:
:@ :@ @:
:@ :@ @:
:@ @:
`@@. .@@`
@@@@@@
@@
@ @@ @
+@@ @@ @@+
@@:@#@,@@,@#@:@@
;@+@@`#@@@@#`@@+@;
@+ #@@@@@@@@@@# +@
@@ @+`@@@@@@`+@ @@
@. @ ;@@; @ .@
#@ '@ @; @#
Osmedeus v1.3 by @j3ssiejjj
¯\_(ツ)_/¯
[] New config file created: core/config.conf
[+] Make new directory: /home/Osmedeus/workspaces/c.com
[+] Authentication success
---<---<--@ Target: allsec.cn @-->--->---
[+] Running with quick speed
--~~~=:>[ Create Skeleton JSON file ]>
[+] Make new directory: /home/Osmedeus/workspaces/c.com/info
[+] Writing /home/Osmedeus/workspaces/c.com/c.com.json
--==[ Check the output: /home/Osmedeus/workspaces/c.com/c.com.json
--~~~=:>[ Scanning Subdomain ]>
[+] Make new directory: /home/Osmedeus/workspaces/c.com/subdomain
[+] Starting Amass
[+] Starting Subfinder
[+] Starting gobuster
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
Always like this, the endless loop?
Where is the problem? How can I solve this?
I have understood that I can setup slack token from here
But because I am using --rm
flag then the container is deleted every time it's closed
I want to persist my tokens , for this shall I not use the flag -rm
and use restart every time for the container?
I have used --net host
parameter but I cannot see any service running on http://127.0.0.1:8000/.
Following screenshot shows the command I have used.
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "osemdeus": executable file not found in $PATH: unknown.
Running the default docker image with
[*] Execute: /home/Osmedeus/plugins/go/amass enum -timeout 10 -active -max-dns-queries 10000 -include-unresolvable -dir /root/.osmedeus/workspaces/example.com/subdomain/amass-example.com -d example.com -o /root/.osmedeus/workspaces/example.com/subdomain/example.com-amass.txt
flag provided but not defined: -include-unresolvable
----------------------------------------------------------------------
Something went wrong with the command below:
/home/Osmedeus/plugins/go/amass enum -timeout 10 -active -max-dns-queries 10000 -include-unresolvable -dir /root/.osmedeus/workspaces/example.com/subdomain/amass-example.com -d example.com -o /root/.osmedeus/workspaces/example.com/subdomain/example.com-amass.txt
The default command pass an unsupported command line argument "include-unresolvable", if you run this manually with out the flag amass works.
Is there a way to pass tell osmedeus to run amass without the -include-unresolvable flag? I would like to be able to use amass with a configuration file similiar to https://github.com/OWASP/Amass/blob/master/examples/config.ini. Something like below
/home/Osmedeus/plugins/go/amass enum -timeout 10 -active -max-dns-queries 10000 -config <path to config file in docker image> -dir /root/.osmedeus/workspaces/example.com/subdomain/amass-example.com -d example.com -o /root/.osmedeus/workspaces/example.com/subdomain/example.com-amass.txt
I'v got successful analysis until ' Make new directory' and on webui : https://localhost:5000/#/workspaces I 'got no information about target : ip , technology etc.
But in 'Logs Summary' some informations coming out.
Another way : no attack, extension or vuln module, from dashboard all empty !
I'm expecting more information about the target, or my install failed.
Thanks for your help.
Performing system checks...
System check identified no issues (0 silenced).
January 24, 2021 - 10:48:11
Django version 2.2.13, using settings 'rest.settings'
Starting development server at http://0.0.0.0:8000/
Quit the server with CONTROL-C.
Internal Server Error: /auth/api/token/
Traceback (most recent call last):
File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.7/dist-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/django/views/generic/base.py", line 71, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/rest_framework/views.py", line 505, in dispatch
response = self.handle_exception(exc)
File "/usr/local/lib/python3.7/dist-packages/rest_framework/views.py", line 465, in handle_exception
self.raise_uncaught_exception(exc)
File "/usr/local/lib/python3.7/dist-packages/rest_framework/views.py", line 476, in raise_uncaught_exception
raise exc
File "/usr/local/lib/python3.7/dist-packages/rest_framework/views.py", line 502, in dispatch
response = handler(request, *args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/rest_framework_simplejwt/views.py", line 27, in post
serializer.is_valid(raise_exception=True)
File "/usr/local/lib/python3.7/dist-packages/rest_framework/serializers.py", line 235, in is_valid
self._validated_data = self.run_validation(self.initial_data)
File "/usr/local/lib/python3.7/dist-packages/rest_framework/serializers.py", line 433, in run_validation
value = self.validate(value)
File "/usr/local/lib/python3.7/dist-packages/rest_framework_simplejwt/serializers.py", line 75, in validate
data['refresh'] = str(refresh)
File "/usr/local/lib/python3.7/dist-packages/rest_framework_simplejwt/tokens.py", line 82, in str
return token_backend.encode(self.payload)
File "/usr/local/lib/python3.7/dist-packages/rest_framework_simplejwt/backends.py", line 35, in encode
return token.decode('utf-8')
AttributeError: 'str' object has no attribute 'decode'
[24/Jan/2021 10:48:12] "POST /auth/api/token/ HTTP/1.1" 500 14444
[-] Authentication failed at: http://127.0.0.1:8000/auth/api/token/
[!] This might happened by running Osmedeus with sudo but the install process running with normal user
You should install the whole Osmedeus and running it with root user.
Or whitelist masscan + nmap in sudoers file because it's required sudo permission.
[-] Can't login to get JWT
`
The below command was leveraged to run a scan on a target:
docker run -it --rm --name osmedeus -v osmedeus_workspaces:/root/.osmedeus/workspaces -p 8000:8000 mablanco/osmedeus ./osmedeus.py -t REDACTED.com
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.