mablanco / docker-osmedeus Goto Github PK
View Code? Open in Web Editor NEWDocker image for Osmedeus, a fully automated offensive security tool for reconnaissance and vulnerability scanning
License: GNU General Public License v3.0
docker-osmedeus's People
Contributors
Stargazers
Watchers
Forkers
yannjun 0x6b7966 renniepak slooppe disk-kk securityanalysts wooluo techris45 l9c 5l1v3r1 schooloffreelancing batamhacker phyliares chudry israel-romero-fijo shbfy dev1nagy munstar0s jermainlaforce shbattsoojdocker-osmedeus's Issues
TakeOverScanning module Crashed
i just ran it on Docker first time, and got this error.
.................
[*] Waiting for TakeOverScanning module
--~~~=[ TakeOverScanning Done ]=~~~--
--~~~=[ ScreenShot the target ]=~~~--
[+] Make new directory: /home/Osmedeus/workspaces/www.site.com/screenshot
Traceback (most recent call last):
File "./osmedeus.py", line 151, in <module>
main()
File "./osmedeus.py", line 147, in main
parsing_argument(args)
File "./osmedeus.py", line 53, in parsing_argument
single_target(options)
File "./osmedeus.py", line 84, in single_target
routine.normal(options)
File "/home/Osmedeus/core/routine.py", line 43, in normal
screenshot.ScreenShot(options)
File "/home/Osmedeus/modules/screenshot.py", line 25, in __init__
self.initial()
File "/home/Osmedeus/modules/screenshot.py", line 46, in initial
self.screenshots(self.is_direct)
File "/home/Osmedeus/modules/screenshot.py", line 69, in screenshots
if not utils.not_empty_file(input_file):
File "/home/Osmedeus/core/utils.py", line 158, in not_empty_file
fpath = os.path.normpath(filepath)
File "/usr/lib/python3.5/posixpath.py", line 333, in normpath
initial_slashes = path.startswith(sep)
AttributeError: 'bool' object has no attribute 'startswith'
Test run with defaults fails
Docker image started with suggestion as per readme fails on screenshot. Log here:
$ docker exec -it osmedeus ./osmedeus.py --client -t starbucks.com
`@@`
@@@@@@
.@@` `@@.
:@ @:
:@ :@ @:
:@ :@ @:
:@ @:
`@@. .@@`
@@@@@@
@@
@ @@ @
+@@ @@ @@+
@@:@#@,@@,@#@:@@
;@+@@`#@@@@#`@@+@;
@+ #@@@@@@@@@@# +@
@@ @+`@@@@@@`+@ @@
@. @ ;@@; @ .@
#@ '@ @; @#
Osmedeus v1.5 by @j3ssiejjj
¯\_(ツ)_/¯
[*] Loading config file from: /root/.osmedeus/config.conf
[+] Make new directory: /root/.osmedeus/workspaces/starbucks.com
[+] Authentication success on starbucks.com workspace
---<---<--@ Target: starbucks.com @-->--->---
[+] Running with quick speed
--~~~=[ Create Skeleton JSON file ]=~~~--
[+] Make new directory: /root/.osmedeus/workspaces/starbucks.com/info
[+] Writing /root/.osmedeus/workspaces/starbucks.com/starbucks.com.json
--==[ Check the output: /root/.osmedeus/workspaces/starbucks.com/starbucks.com.json
--~~~=[ Scanning Subdomain ]=~~~--
[+] Make new directory: /root/.osmedeus/workspaces/starbucks.com/subdomain
[+] Starting Amass
[+] Starting Subfinder
[+] Starting gobuster
[+] Starting massdns
[] Skip massdns for quick mode
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[+] Unique result
[+] Writing /root/.osmedeus/workspaces/starbucks.com/subdomain/full-starbucks.com.txt
[*] Skip permutation subdomain for quick mode
[+] Writing /root/.osmedeus/workspaces/starbucks.com/subdomain/final-starbucks.com.txt
--~~~=[ Conclusion for SubdomainScanning ]=~~~--
[+] Writing /root/.osmedeus/workspaces/starbucks.com/starbucks.com.json
--~~~=[ Done for SubdomainScanning ]=~~~--
--~~~=[ Scanning for Subdomain TakeOver ]=~~~--
[+] Starting tko-subs
[+] Starting Subjack
[*] Waiting for TakeOverScanning module
--~~~=[ TakeOverScanning Done ]=~~~--
--~~~=[ ScreenShot the target ]=~~~--
[+] Make new directory: /root/.osmedeus/workspaces/starbucks.com/screenshot
Traceback (most recent call last):
File "./osmedeus.py", line 185, in
main()
File "./osmedeus.py", line 181, in main
parsing_argument(args)
File "./osmedeus.py", line 60, in parsing_argument
single_target(options)
File "./osmedeus.py", line 93, in single_target
routine.normal(options)
File "/home/Osmedeus/core/routine.py", line 43, in normal
screenshot.ScreenShot(options)
File "/home/Osmedeus/modules/screenshot.py", line 26, in init
self.initial()
File "/home/Osmedeus/modules/screenshot.py", line 47, in initial
self.screenshots(self.is_direct)
File "/home/Osmedeus/modules/screenshot.py", line 68, in screenshots
if not utils.not_empty_file(input_file):
File "/home/Osmedeus/core/utils.py", line 167, in not_empty_file
fpath = os.path.normpath(filepath)
File "/usr/lib/python3.7/posixpath.py", line 340, in normpath
path = os.fspath(path)
TypeError: expected str, bytes or os.PathLike object, not bool
Running Web UI to inspect older scans
- I want to inspect my older scans
- I used this command
docker run -it --rm -p 8000:8000 mablanco/osmedeus python server/manage.py runserver - I believe it should run the Django server for me but I am getting the below error
"Couldn't import Django. Are you sure it's installed and "
ImportError: Couldn't import Django. Are you sure it's installed and available on your PYTHONPATH environment variable? Did you forget to activate a virtual environment?
- My ultimate goal is to run the server and no scan I want
- I used the volume code that persists the results
$ docker volume create osmedeus_workspaces
$ docker run -it --rm --name osmedeus -v osmedeus_workspaces:/root/.osmedeus/workspaces -p 8000:8000 mablanco/osmedeus ./osmedeus.py -t example.com
- If you need more info then please let me know, I am new with docker installed it today only.
update osmedeus 1.4
Hi
could you please update from osmedeus 1.3 to update osmedeus 1.4?
thanks
error ?
docker run -d --net host --name osmedeus -v osmedeus_workspaces:/home/Osmedeus/workspaces mablanco/osmedeus
398f828861ee5e2633e5f78402b273e327c3e33f7abdd8d8d4ce54a04b5800e
git:(master)
x@x:s007->/Users/x/docker-osmedeus (0) git:(master)
docker exec -it osmedeus ./osmedeus.py --client -t c.com
`@@`
@@@@@@
.@@` `@@.
:@ @:
:@ :@ @:
:@ :@ @:
:@ @:
`@@. .@@`
@@@@@@
@@
@ @@ @
+@@ @@ @@+
@@:@#@,@@,@#@:@@
;@+@@`#@@@@#`@@+@;
@+ #@@@@@@@@@@# +@
@@ @+`@@@@@@`+@ @@
@. @ ;@@; @ .@
#@ '@ @; @#
Osmedeus v1.3 by @j3ssiejjj
¯\_(ツ)_/¯
[] New config file created: core/config.conf
[+] Make new directory: /home/Osmedeus/workspaces/c.com
[+] Authentication success
---<---<--@ Target: allsec.cn @-->--->---
[+] Running with quick speed
--~~~=:>[ Create Skeleton JSON file ]>
[+] Make new directory: /home/Osmedeus/workspaces/c.com/info
[+] Writing /home/Osmedeus/workspaces/c.com/c.com.json
--==[ Check the output: /home/Osmedeus/workspaces/c.com/c.com.json
--~~~=:>[ Scanning Subdomain ]>
[+] Make new directory: /home/Osmedeus/workspaces/c.com/subdomain
[+] Starting Amass
[+] Starting Subfinder
[+] Starting gobuster
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
[] Waiting for SubdomainScanning module
Always like this, the endless loop?
Where is the problem? How can I solve this?
Help in setting slack notifications
I have understood that I can setup slack token from here
But because I am using --rm flag then the container is deleted every time it's closed
I want to persist my tokens , for this shall I not use the flag -rm and use restart every time for the container?
Unable to load the Web UI
I have used --net host parameter but I cannot see any service running on http://127.0.0.1:8000/.
Following screenshot shows the command I have used.
"osemdeus": executable file not found in $PATH
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "osemdeus": executable file not found in $PATH: unknown.
5000 does not listen
I follow the steps to enter docker run -d --net host --name osmedeus mablanco/osmedeus, but port 5000 does not listen
I AM SO SAD.PLEASE HELP.thanks
Amass fails to run with defaults
Running the default docker image with
[*] Execute: /home/Osmedeus/plugins/go/amass enum -timeout 10 -active -max-dns-queries 10000 -include-unresolvable -dir /root/.osmedeus/workspaces/example.com/subdomain/amass-example.com -d example.com -o /root/.osmedeus/workspaces/example.com/subdomain/example.com-amass.txt
flag provided but not defined: -include-unresolvable
----------------------------------------------------------------------
Something went wrong with the command below:
/home/Osmedeus/plugins/go/amass enum -timeout 10 -active -max-dns-queries 10000 -include-unresolvable -dir /root/.osmedeus/workspaces/example.com/subdomain/amass-example.com -d example.com -o /root/.osmedeus/workspaces/example.com/subdomain/example.com-amass.txtThe default command pass an unsupported command line argument "include-unresolvable", if you run this manually with out the flag amass works.
Is there a way to pass tell osmedeus to run amass without the -include-unresolvable flag? I would like to be able to use amass with a configuration file similiar to https://github.com/OWASP/Amass/blob/master/examples/config.ini. Something like below
/home/Osmedeus/plugins/go/amass enum -timeout 10 -active -max-dns-queries 10000 -config <path to config file in docker image> -dir /root/.osmedeus/workspaces/example.com/subdomain/amass-example.com -d example.com -o /root/.osmedeus/workspaces/example.com/subdomain/example.com-amass.txtNo additional informations about target.
I'v got successful analysis until ' Make new directory' and on webui : https://localhost:5000/#/workspaces I 'got no information about target : ip , technology etc.
But in 'Logs Summary' some informations coming out.
Another way : no attack, extension or vuln module, from dashboard all empty !
I'm expecting more information about the target, or my install failed.
Thanks for your help.
Error when running Osmedeus on docker
I have followed this installation guide [https://github.com/mablanco/docker-osmedeus/blob/master/README.md]
The console ouput:
`
[*] Loading config file from: /root/.osmedeus/client.conf
[RUN] Starting Django API
Performing system checks...
System check identified no issues (0 silenced).
January 24, 2021 - 10:48:11
Django version 2.2.13, using settings 'rest.settings'
Starting development server at http://0.0.0.0:8000/
Quit the server with CONTROL-C.
Internal Server Error: /auth/api/token/
Traceback (most recent call last):
File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/exception.py", line 34, in inner
response = get_response(request)
File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/base.py", line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python3.7/dist-packages/django/core/handlers/base.py", line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.7/dist-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/django/views/generic/base.py", line 71, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/rest_framework/views.py", line 505, in dispatch
response = self.handle_exception(exc)
File "/usr/local/lib/python3.7/dist-packages/rest_framework/views.py", line 465, in handle_exception
self.raise_uncaught_exception(exc)
File "/usr/local/lib/python3.7/dist-packages/rest_framework/views.py", line 476, in raise_uncaught_exception
raise exc
File "/usr/local/lib/python3.7/dist-packages/rest_framework/views.py", line 502, in dispatch
response = handler(request, *args, **kwargs)
File "/usr/local/lib/python3.7/dist-packages/rest_framework_simplejwt/views.py", line 27, in post
serializer.is_valid(raise_exception=True)
File "/usr/local/lib/python3.7/dist-packages/rest_framework/serializers.py", line 235, in is_valid
self._validated_data = self.run_validation(self.initial_data)
File "/usr/local/lib/python3.7/dist-packages/rest_framework/serializers.py", line 433, in run_validation
value = self.validate(value)
File "/usr/local/lib/python3.7/dist-packages/rest_framework_simplejwt/serializers.py", line 75, in validate
data['refresh'] = str(refresh)
File "/usr/local/lib/python3.7/dist-packages/rest_framework_simplejwt/tokens.py", line 82, in str
return token_backend.encode(self.payload)
File "/usr/local/lib/python3.7/dist-packages/rest_framework_simplejwt/backends.py", line 35, in encode
return token.decode('utf-8')
AttributeError: 'str' object has no attribute 'decode'
[24/Jan/2021 10:48:12] "POST /auth/api/token/ HTTP/1.1" 500 14444
[-] Authentication failed at: http://127.0.0.1:8000/auth/api/token/
[!] This might happened by running Osmedeus with sudo but the install process running with normal user
You should install the whole Osmedeus and running it with root user.
Or whitelist masscan + nmap in sudoers file because it's required sudo permission.
[-] Can't login to get JWT
`
SLACK Integration - Docker deployment
Hi,
Please, do you have any idea how Slack integration can be achieved if this runs through docker?
The official stand-alone tool wiki says this atm.
Thanks!
Scan Getting Stuck at DisbScan module
The below command was leveraged to run a scan on a target:
docker run -it --rm --name osmedeus -v osmedeus_workspaces:/root/.osmedeus/workspaces -p 8000:8000 mablanco/osmedeus ./osmedeus.py -t REDACTED.com
After allowing the scan to run for sometime, it seems to get stuck on the below module:
[ Check the output: /root/.osmedeus/workspaces/REDACTED.com/directory/beautify-summary.csv
[] Waiting for DirbScan module
[] Starting post routine for DirbScan
[ESTIMATED] DirbScan module executed in 1269.23 seconds.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.