Skip to content

Advanced Usage

j3ssie edited this page Apr 22, 2019 · 13 revisions

Advanced Usage

If you have no idea what are you doing just type

./ -t

Osmedeus will run as a quick speed:

  • Subdomain Scanning.
  • ScreenShot the target.
  • Subdomain TakeOver Scanning.
  • Technology Detection.
  • Scanning for CorsScan.
  • Discovery IP space.
  • SSL Scan.
  • Port Scanning.
  • Directory search.
  • Vulnerable Scan.

Using -T option for a list of target from the file

./ -T list_of_domain.txt

Continuous Scan

By default, Osmedeus will automatically detect which command was done and reduce time to run on the same target. If you really wanna run it again just delete the old workspace folder, using -w new_workspace_folder name or simply by using -f options to force rerun anything.

Profile Scan

By default, Osmedeus will run routine as quick speed but you can specific more on core/rest/storages/commands.json. Running with slow speed == more results (not recommended unless you don't care about time)

./ -t --slow

Custom routine

You can even custom your routine and speed for specific modules. For example HeadersScan module only works on slow speed but you don't want slow the entire tool down just simply modify the core/ file.

def normal(options):

    #Change the speed to slow for the next module
    options['SPEED'] == 'slow'

    ###Headers Scan

    #Change the speed to quick for the next module
    options['SPEED'] == 'quick'


List all module

./ -M

Using specific module

Tips: You can even specify more module in once time for example -m "portscan, dir" will run Port Scan and directory search.

Scanning subdomain and Subdomain TakeOver

./ -m subdomain -t

Port Scan and Vulnerable Scan on the target

Note: -t result_folder_name option in this case just create a folder under workspaces folder to store the output real input in this case is -i hosts_file.txt option.

./ -m portscan -t result_folder_name -i hosts_file.txt

Vulnerable Scan on the target

./ -m vuln -t result_folder_name -i hosts_file.txt

Doing directory search on the target

./ -m dir -t result_folder_name -i hosts_file.txt

Doing brute force on the service result from scanning service

./ -m brute -t

Git repo scanning

./ -m git -t
You can’t perform that action at this time.