Running Your First Scan¶
Some tips before you start the scan
You can slowdown or speedup the scan by provide a
--threads-hole command line flag?
By default the threads hold for the workflow will equals of your number of CPUs, but you can change it by using
--threads-hold=20. You can also use
--tactic=gently flag to slowdown or the
--tactic=aggressive speedup the scan.
osmedeus scan --threads-hold=10 -t example.com
Running the command
osmedeus workflow ls to show full workflow and
osmedeus scan -hh to see the full help of the scan command
To avoid encountering errors, it is important to ensure that the scan is executed using the correct input format.
If you workflow is a domain or a list of subdomains¶
If your input is
sub.example.comand you are aware that there are not many subdomains associated with it (such as
another.sub.example.com), then it may be more advantageous to employ a different workflow.
1. If you desire a comprehensive scan that encompasses subdomain enumeration, DNS probing, and vulnerability scanning
# running default flow -f 'general' osmedeus scan -t example.com # Running extensive reconnaissance routine with in-depth module + bigger wordlists osmedeus scan -f extensive -t example.com
2. If you desire to perform a quick summary data analysis to get subdomain and DNS probing only
osmedeus scan -f fast -t example.com # only run subdomain enumeration osmedeus scan -f subdomain-enum -t example.com osmedeus scan -m brutefocing-subdomain -t example.com
3. If you desire to perform a rapid routine and conducting a vulnerability scan on ity
osmedeus scan -f vuln -t example.com
If you workflow is a URL or a list of URLs¶
Example inputs: Your input is a file that includes a catalog of URLs or IP addresses, along with subdomains such as
The workflows listed below solely permit input in the form of a file. If your input is not in the file format, kindly arrange it in a file prior to execution.
osmedeus scan -f urls -t list-of-urls.txt osmedeus scan -f domains -t list-of-domains.txt # using with module osmedeus scan -m http-probing -t list-of-domains.txt osmedeus scan -m vuln-scan -t list-of-domains.txt osmedeus scan -m content-discovery -t list-of-domains.txt osmedeus scan -m content-discovery -t list-of-urls.txt
If you workflow is a CIDR or a list of CIDRs¶
Example inputs: Your input is a file that includes a catalog of IP addresses, CIDR such as
220.127.116.11, etc or a simple CIDR like
osmedeus scan -f cidr -t 18.104.22.168/24 osmedeus scan -f cidr -t list-of-cidr.txt osmedeus scan -f cidr-probing -t 22.214.171.124/24
If you workflow is a github/gitlab repo or a folder of source¶
osmedeus scan -m repo-scan -t https://github.com/juice-shop/juice-shop osmedeus scan -m repo-scan -t /tmp/source-code-folder osmedeus scan -m repo-scan -T list-of-repos.txt