STRLCPY/Osmedeus

Update a lot things to prepare for v1.4 release
j3ssie committed 5 years ago

7ef2901e

1 parent b866419a

■ ■ ■ ■ ■ ■

README.md

		skipped 52 lines
53	53		- [x] Support Continuous Scan.
54	54		- [x] Slack notifications.
55	55
	56	+	Check this [Wiki page](https://github.com/j3ssie/Osmedeus/wiki/Module-In-Depth) for more detail about each module.
	57	+
56	58		# Demo
57	59		[![asciicast](https://asciinema.org/a/230164.svg)](https://asciinema.org/a/230164)
58	60
		skipped 7 lines
66	68
67	69		![Web UI 3](https://raw.githubusercontent.com/j3ssie/Osmedeus/master/imgs/osmedeus-3.png)
68	70
	71	+
	72	+	# Example Commands
	73	+	```
	74	+	# normal routine
	75	+	./osmedeus.py -t example.com
	76	+
	77	+	# normal routine but slow speed on subdomain module
	78	+	./osmedeus.py -t example.com --slow 'subdomain'
	79	+
	80	+	# direct mode examples
	81	+	./osmedeus.py -m portscan -i "1.2.3.4/24"
	82	+
	83	+	./osmedeus.py -m portscan -I list_of_targets.txt -t result_folder
	84	+
	85	+	./osmedeus.py -m "portscan,vulnscan" -i "1.2.3.4/24" -t result_folder
	86	+
	87	+	./osmedeus.py -m "assets" -i "example.com"
	88	+	./osmedeus.py -m "assets,dirb" -i "example.com"
	89	+
	90	+	```
69	91
70	92		# More options
71	93
		skipped 69 lines

■ ■ ■ ■ ■ ■

core/utils.py

		skipped 367 lines
368	368		elapsed_time = 0
369	369		if times:
370	370		count = 0
371		-
372	371		print_info('Waiting for {0} module'.format(module_name))
	372	+	time.sleep(seconds)
373	373		while not checking_done(options, module=module_name):
374	374		if not times:
375	375		# just don't print this too much
		skipped 150 lines

■ ■ ■ ■ ■ ■

install.sh

		skipped 92 lines
93	93		PS="$ "
94	94		source $DEFAULT_SHELL
95	95
	96	+	# update golang version
	97	+	install_banner "Update Golang version"
	98	+	wget -qO- https://raw.githubusercontent.com/udhos/update-golang/master/update-golang.sh \| bash
	99	+
	100	+	GO_BIN=$(which go)
	101	+	[[ -f /usr/local/go/bin/go ]] && GO_BIN=/usr/local/go/bin/go
	102	+
96	103		##
97	104		# Install go stuff
98	105		##
99	106		install_banner "amass"
100		-	go get -u github.com/OWASP/Amass/...
	107	+	$GO_BIN get -u github.com/OWASP/Amass/...
101	108		install_banner "subfinder"
102		-	go get -u github.com/subfinder/subfinder
	109	+	$GO_BIN get -u github.com/subfinder/subfinder
103	110		install_banner "gobuster"
104		-	go get -u github.com/OJ/gobuster
	111	+	$GO_BIN get -u github.com/OJ/gobuster
105	112		install_banner "aquatone"
106		-	go get -u github.com/michenriksen/aquatone
	113	+	$GO_BIN get -u github.com/michenriksen/aquatone
107	114		install_banner "gitrob"
108		-	go get -u github.com/michenriksen/gitrob
	115	+	$GO_BIN get -u github.com/michenriksen/gitrob
109	116		install_banner "subjack"
110		-	go get -u github.com/haccer/subjack
	117	+	$GO_BIN get -u github.com/haccer/subjack
111	118		install_banner "tko-subs"
112		-	go get -u github.com/anshumanbh/tko-subs
	119	+	$GO_BIN get -u github.com/anshumanbh/tko-subs
113	120		install_banner "goaltdns"
114		-	go get -u github.com/subfinder/goaltdns
	121	+	$GO_BIN get -u github.com/subfinder/goaltdns
115	122		install_banner "gitleaks"
116		-	go get -u github.com/zricethezav/gitleaks
	123	+	$GO_BIN get -u github.com/zricethezav/gitleaks
117	124		install_banner "gowitness"
118		-	go get -u github.com/sensepost/gowitness
	125	+	$GO_BIN get -u github.com/sensepost/gowitness
119	126		install_banner "webanalyze"
120		-	go get -u github.com/rverton/webanalyze/...
	127	+	$GO_BIN get -u github.com/rverton/webanalyze/...
121	128		install_banner "waybackurls"
122		-	go get -u github.com/tomnomnom/waybackurls
	129	+	$GO_BIN get -u github.com/tomnomnom/waybackurls
123	130		install_banner "meg"
124		-	go get -u github.com/tomnomnom/meg
	131	+	$GO_BIN get -u github.com/tomnomnom/meg
125	132		install_banner "httprobe"
126		-	go get -u github.com/tomnomnom/httprobe
	133	+	$GO_BIN get -u github.com/tomnomnom/httprobe
127	134
128	135		install_banner "gf"
129		-	go get -u github.com/tomnomnom/gf
	136	+	$GO_BIN get -u github.com/tomnomnom/gf
130	137
131	138		cp $GO_DIR/* "$PLUGINS_PATH/go/"
132	139
		skipped 67 lines

■ ■ ■ ■ ■ ■

modules/assetfinding.py

		skipped 36 lines
37	37		self.wayback_parsing()
38	38		utils.just_waiting(self.options, self.module_name, seconds=10)
39	39		self.get_response()
	40	+	self.linkfinder()
40	41
41	42		# just check if http service running on it or not
42	43		def get_http(self):
	44	+	utils.print_good('Starting httprobe')
43	45		if self.is_direct:
44	46		if utils.not_empty_file(self.is_direct):
45	47		cmd = 'cat {0} \| $GO_PATH/httprobe -c 100 -t 20000 -v \| tee $WORKSPACE/assets/http-$OUTPUT.txt'.format(
46	48		self.is_direct)
47	49		# just return if direct input is just a string
48	50		else:
49		-	utils.print_bad("Required input as a file.")
	51	+	utils.print_bad("httprobe required input as a file.")
50	52		return None
51	53		else:
52	54		cmd = 'cat $WORKSPACE/subdomain/final-$OUTPUT.txt \| $GO_PATH/httprobe -c 100 -t 20000 -v \| tee $WORKSPACE/assets/http-$OUTPUT.txt'
		skipped 5 lines
58	60		self.options, '$WORKSPACE/assets/http-$OUTPUT.txt')
59	61		execute.send_cmd(self.options, cmd, output_path,
60	62		std_path, self.module_name)
	63	+	utils.print_line()
61	64
62	65		# grab url from waybackurl
63	66		def wayback_parsing(self):
		skipped 7 lines
71	74		self.is_direct)
72	75		# just return if direct input is just a string
73	76		else:
74		-	cmd = 'cat {0} \| $GO_PATH/waybackurls \| tee $WORKSPACE/assets/wayback-$OUTPUT.txt'.format(
	77	+	cmd = 'echo {0} \| $GO_PATH/waybackurls \| tee $WORKSPACE/assets/wayback-$OUTPUT.txt'.format(
75	78		self.is_direct)
76	79		else:
77	80
		skipped 8 lines
86	89		std_path = utils.replace_argument(
87	90		self.options, '$WORKSPACE/assets/std-wayback-$OUTPUT.std')
88	91		execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
	92	+	utils.print_line()
89	93
90	94		# request for the root path to get response
91	95		def get_response(self):
	96	+	utils.print_good('Starting meg')
	97	+	if self.is_direct:
	98	+	if utils.not_empty_file(self.is_direct):
	99	+	cmd = '$GO_PATH/meg / {0} $WORKSPACE/assets/responses/ -v -c 100'.format(
	100	+	self.is_direct)
	101	+	# just return if direct input is just a string
	102	+	else:
	103	+	utils.print_bad("meg required input as a file.")
	104	+	return None
	105	+	else:
	106	+	cmd = '$GO_PATH/meg / $WORKSPACE/assets/http-$OUTPUT.txt $WORKSPACE/assets/responses/ -v -c 100'
92	107		utils.make_directory(self.options['WORKSPACE'] + '/assets/responses')
93		-	cmd = '$GO_PATH/meg / $WORKSPACE/assets/http-$OUTPUT.txt $WORKSPACE/assets/responses/ -v -c 100'
94	108		cmd = utils.replace_argument(self.options, cmd)
95	109		output_path = utils.replace_argument(
96	110		self.options, '$WORKSPACE/assets/responses/index')
		skipped 4 lines
101	115
102	116		# finding link in http domain
103	117		def linkfinder(self):
	118	+	utils.print_good('Starting linkfinder')
	119	+
104	120		if self.is_direct:
105	121		if utils.not_empty_file(self.is_direct):
106	122		http_domains = utils.just_read(self.is_direct)
		skipped 1 lines
108	124		else:
109	125		domain = self.is_direct
110	126		strip_domain = utils.get_domain(domain)
	127	+	if strip_domain == domain:
	128	+	domain = 'http://' + domain
111	129		cmd = 'python3 $PLUGINS_PATH/LinkFinder/linkfinder.py -i {0} -d -o cli \| tee $WORKSPACE/assets/linkfinder/{1}-linkfinder.txt'.format(
112	130		domain, strip_domain)
113	131
		skipped 13 lines
127	145		http_domains = utils.replace_argument(
128	146		self.options, '$WORKSPACE/assets/http-$OUTPUT.txt')
129	147
130		-	utils.print_good('Starting linkfinder')
131	148		utils.make_directory(
132	149		self.options['WORKSPACE'] + '/assets/linkfinder')
133	150		if utils.not_empty_file(http_domains):
		skipped 14 lines

■ ■ ■ ■ ■ ■

modules/portscan.py

		skipped 37 lines
38	38		'title': "{0} \| {1}".format(self.options['TARGET'], self.module_name),
39	39		'content': 'Start Port Scanning for {0}'.format(self.options['TARGET'])
40	40		})
	41	+	utils.print_line()
41	42
42	43		def initial(self):
43	44		self.create_ip_result()
		skipped 110 lines
154	155		self.options, '$WORKSPACE/portscan/std-$OUTPUT-masscan.std')
155	156		execute.send_cmd(self.options, cmd, output_path, std_path, self.module_name)
156	157
157		-
158	158		# Create beautiful HTML report for masscan
159	159		def create_html_report(self):
160	160		cmd = "xsltproc -o $WORKSPACE/portscan/final-$OUTPUT.html $PLUGINS_PATH/nmap-stuff/nmap-bootstrap.xsl $WORKSPACE/portscan/$OUTPUT-masscan.xml"
		skipped 2 lines
163	163		output_path = utils.replace_argument(
164	164		self.options, '$WORKSPACE/portscan/final-$OUTPUT.html')
165	165		execute.send_cmd(self.options, cmd, output_path, '', self.module_name)
	166	+	utils.print_line()
166	167
167	168		def parsing_to_csv(self):
168	169		masscan_xml = utils.replace_argument(
		skipped 15 lines
184	185		if not utils.not_empty_file(csv_output):
185	186		return
186	187
	188	+	utils.print_line()
187	189		cmd = "cat $WORKSPACE/portscan/$OUTPUT-masscan.csv \| csvlook --no-inference \| tee $WORKSPACE/portscan/$OUTPUT-masscan-summary.txt"
188	190		output_path = utils.replace_argument(
189	191		self.options, '$WORKSPACE/portscan/$OUTPUT-masscan-summary.txt')
		skipped 80 lines

■ ■ ■ ■ ■ ■

modules/vulnscan.py

		skipped 30 lines
31	31		'title': "{0} \| {1} ".format(self.options['TARGET'], self.module_name),
32	32		'content': 'Done Vulnerable Scanning for {0}'.format(self.options['TARGET'])
33	33		})
	34	+	utils.print_line()
34	35
35	36		def initial(self):
36	37		ip_list = self.prepare_input()
		skipped 101 lines
138	139		csv_summary_path = utils.replace_argument(
139	140		self.options, '$WORKSPACE/vulnscan/summary-$OUTPUT.csv')
140	141		utils.just_write(csv_summary_path, all_csv)
141		-
	142	+	utils.print_line()
142	143		# beautiful csv look
143	144		cmd = "csvcut -c 1-7 $WORKSPACE/vulnscan/summary-$OUTPUT.csv \| csvlook --no-inference \| tee $WORKSPACE/vulnscan/std-$OUTPUT-summary.std"
144	145
		skipped 49 lines

Update a lot things to prepare for v1.4 release