A Workflow Engine for Offensive Security
Refactoring some of the helper messages throughout the tool. This should make it easier for users to understand what the tool is doing and how to use it.
// Upload local file to your S3 bucket
UploadToS3('/tmp/ott/local-file.txt')
UploadToS3('/tmp/ott/local-file.txt', 'your-custom-bucket')
// Download the File from your bucket and store it on your local path
DownloadFromS3('/tmp/ott/on-s3.txt', '/tmp/on-local-s3.txt')
// Compress a workspace folder
Compress('{{Backup}}/{{Workspace}}.tar.gz', '{{Output}}')
// Decompress the file to a folder
Decompress('{{Output}}', '{{Backup}}/{{Workspace}}.tar.gz')
{{ threads * 2 }}
.{{variable}}
instead of {{.variable}}
.The threads
will be set default number of your CPUs which you can modify with the CLI flags --tactic aggressive
or --threads-hold=20
name: http-probing
desc: Running HTTP fingerprint technology and response with the supplied inputs
report:
final:
- "{{Output}}/fingerprint/{{Workspace}}-technologies.txt"
- "{{Output}}/fingerprint/beautify-{{Workspace}}-http.txt"
params:
- inputFile: "{{Target}}"
- httpFile: "{{Output}}/fingerprint/http-{{Workspace}}.txt"
- httpThreads: '{{ threads * 15 }}'
- screenThreads: '{{ threads }}'
- enableSreenshot: 'false'
- httpTimeout: '10'
pre_run:
- CreateFolder("{{Output}}/fingerprint")
steps:
- required:
- "{{inputFile}}"
commands:
- "echo {{inputFile}} | {{Binaries}}/httpx -nf -timeout {{httpTimeout}} -silent -t {{httpThreads}} >> {{httpFile}}"
- "cat {{inputFile}} | {{Binaries}}/httpx -nf -timeout {{httpTimeout}} -silent -t {{httpThreads}} >> {{httpFile}}"
scripts:
- SortU("{{httpFile}}")
- required:
- "{{Binaries}}/httpx"
- "{{httpFile}}"
commands:
- cat {{httpFile}} | {{Binaries}}/httpx -nf -timeout {{httpTimeout}} -t {{httpThreads}} -no-color -json -title -tech-detect -status-code -silent >> {{Output}}/fingerprint/{{Workspace}}-http-overview.txt
scripts:
- CleanJSONHttpx('{{Output}}/fingerprint/{{Workspace}}-http-overview.txt', '{{Output}}/fingerprint/{{Workspace}}-raw-overview.txt')
- ExecCmd("cat {{Output}}/fingerprint/{{Workspace}}-raw-overview.txt | csvtk pretty --no-header-row -I -s ' | ' -W 75 > {{Output}}/fingerprint/beautify-{{Workspace}}-http.txt")
- Cat('{{Output}}/fingerprint/beautify-{{Workspace}}-http.txt')
~/osmedeus-base/workflow/default-modules/
# Queue Usage:
osmedeus queue -Q /tmp/queue-file.txt -c 2
osmedeus queue --add -t example.com -Q /tmp/queue-file.txt
--vuln
in the update command for only updating the Vulnerability Database.[[.line]]
. Take a look at the dirbscan module here to know more