Frequently Asked Questions

General

1. What is Osmedeus?

Answer

Show properties

Osmedeus is a workflow engine for security automation. It executes YAML-defined workflows with support for multiple execution environments (host, Docker, SSH), scheduling, and distributed scanning.

2. What are the system requirements?

Answer

Show properties

Go 1.21+ (for building from source)
Linux, macOS, or Windows
Docker (optional, for container-based execution)
SSH access (optional, for remote execution)

3. How do I install Osmedeus?

Answer

Show properties

# Build from source
make build

# Install to $GOBIN
make install

# Install security tools
osmedeus install binary --all

Workflows

4. What is the difference between a flow and a module?

Answer

Show properties

Module: A single workflow unit containing steps that execute sequentially
Flow: Orchestrates multiple modules, allowing parallel execution and dependencies between modules

5. Where are workflows stored?

Answer

Show properties

Workflows are stored in ~/osmedeus-base/workflows/:

flows/ - Flow workflows
modules/ - Module workflows

6. How do I create a custom workflow?

Answer

Show properties

Create a YAML file in the workflows directory:

name: my-workflow
kind: module
description: My custom workflow
params:
  - name: target
    required: true
steps:
  - name: scan-target
    type: bash
    command: nmap {{target}}

7. What step types are available?

Answer

Show properties

Type	Description
`bash`	Execute shell commands
`function`	Execute JavaScript utility functions
`parallel-steps`	Run steps concurrently
`foreach`	Iterate over items
`remote-bash`	Execute in Docker or via SSH
`http`	Make HTTP requests
`llm`	Execute LLM API calls

Running Scans

8. How do I run a basic scan?

Answer

Show properties

# Run a flow workflow
osmedeus run -f subdomain-enum -t example.com

# Run a module workflow
osmedeus run -m port-scan -t example.com

9. How do I scan multiple targets?

Answer

Show properties

# From command line
osmedeus run -m port-scan -t target1.com -t target2.com

# From file
osmedeus run -m port-scan -T targets.txt -c 5

10. How do I set a timeout?

Answer

Show properties

osmedeus run -m port-scan -t example.com --timeout 2h

11. Where are scan results stored?

Answer

Show properties

Results are stored in workspaces at ~/osmedeus-base/workspaces/<target>/.

API & Server

12. How do I start the API server?

Answer

Show properties

osmedeus server

The server starts on port 8002 by default.

13. How do I authenticate with the API?

Answer

Show properties

# Get a JWT token
curl -X POST http://localhost:8002/osm/api/login \
  -H "Content-Type: application/json" \
  -d '{"username": "osmedeus", "password": "admin"}'

# Use the token
curl http://localhost:8002/osm/api/workflows \
  -H "Authorization: Bearer <token>"

14. How do I disable authentication?

Answer

Show properties

osmedeus server --no-auth

15. Can I use API keys instead of JWT?

Answer

Show properties

Yes, enable API key authentication in the server configuration. Then use the X-API-Key header instead of Authorization: Bearer.

Scheduling

16. How do I schedule a recurring scan?

Answer

Show properties

# Via CLI (creates a cron schedule)
osmedeus run -f subdomain-enum -t example.com --schedule "0 2 * * *"

# Via API
curl -X POST http://localhost:8002/osm/api/schedules \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "daily-scan",
    "workflow_name": "subdomain-enum",
    "target": "example.com",
    "schedule": "0 2 * * *"
  }'

17. What cron format is used?

Answer

Show properties

Standard 5-field cron: minute hour day-of-month month day-of-weekExamples:

0 2 * * * - Daily at 2 AM
0 0 * * 0 - Weekly on Sunday
*/30 * * * * - Every 30 minutes

Runners

18. What runners are available?

Answer

Show properties

Runner	Description
`host`	Execute on local machine (default)
`docker`	Execute in Docker containers
`ssh`	Execute on remote machines via SSH

19. How do I run a scan in Docker?

Answer

Show properties

osmedeus run -m port-scan -t example.com --runner docker --docker-image osmedeus/osmedeus:latest

20. How do I run a scan on a remote host?

Answer

Show properties

osmedeus run -m port-scan -t example.com --runner ssh --ssh-host worker.example.com

Distributed Mode

21. How do I set up distributed scanning?

Answer

Show properties

Start the master:

osmedeus server --master

Join workers:

osmedeus worker join --master http://master:8002

22. How do I submit tasks to the distributed pool?

Answer

Show properties

curl -X POST http://localhost:8002/osm/api/tasks \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_name": "subdomain-enum",
    "target": "example.com"
  }'

Troubleshooting

23. How do I check if tools are installed?

Answer

Show properties

osmedeus install binary --all --check

24. How do I install missing tools?

Answer

Show properties

# Install specific tools
osmedeus install binary --name nuclei --name httpx

# Install all tools
osmedeus install binary --all

25. How do I view scan logs?

Answer

Show properties

Logs are stored in the workspace:

cat ~/osmedeus-base/workspaces/<target>/log/execution.log

Show properties

osmedeus snapshot export <workspace>

27. How do I import a shared workspace?

Answer

Show properties

osmedeus snapshot import snapshot.zip

Configuration

28. Where is the configuration file?

Answer

Show properties

~/osmedeus-base/osm-settings.yaml

29. How do I change the default port?

Answer

Show properties

Edit osm-settings.yaml:

server:
  port: 9000

Or use the --port flag:

osmedeus server --port 9000

30. How do I configure database settings?

Answer

Show properties

Edit osm-settings.yaml:

database:
  db_engine: sqlite3  # or postgres
  host: localhost
  port: 5432
  name: osmedeus
  username: user
  password: pass

Getting Started

Extra Configuration

Understand Architecture

Workflows

Functions

Advanced Topics & Extending Osmedeus

Reference

FAQs

Frequently Asked Questions

General

Workflows

Running Scans

API & Server

Scheduling

Runners

Distributed Mode

Troubleshooting

Configuration

Getting Started

Extra Configuration

Understand Architecture

Workflows

Functions

Advanced Topics & Extending Osmedeus

Reference

​Frequently Asked Questions

​General

​Workflows

​Running Scans

​API & Server

​Scheduling

​Runners

​Distributed Mode

​Troubleshooting

​Configuration

Frequently Asked Questions

General

Workflows

Running Scans

API & Server

Scheduling

Runners

Distributed Mode

Troubleshooting

Configuration