Update Documentation Page Sat Aug 19 23:59:52 +07 2023

docs/faq/index.html

@@ -1319,7 +1319,7 @@ <h2 id="premium-package-related-questions">Premium Package Related Questions<a c
 </details>
 <details class="info" open="open">
 <summary>Does Osmedeus Support Windows or ARM based processor (M1 Macbook, Kali Nethunter, etc)?</summary>
-<p>Unfortunately, Osmedeus does not support Windows or ARM based processor. Please consider using WSL, Docker or Virtualization software to able to use Osmedeus on your machine.</p>
+<p>Unfortunately, Osmedeus does not support Windows or ARM based processor. Please consider using WSL, Docker or Virtualization software to able to use Osmedeus on your machine. You can see the docker for ARM <a href="https://hub.docker.com/r/j3ssie/osmedeus/tags"><strong>here</strong></a></p>
 </details>
 <details class="info" open="open">
 <summary>What are the donation tiers and how much should I donate to be eligible for the premium package?</summary>
@@ -1340,10 +1340,12 @@ <h2 id="premium-package-related-questions">Premium Package Related Questions<a c
 <h2 id="general-questions">General Questions<a class="headerlink" href="#general-questions" title="Permanent link">&para;</a></h2>
 <details class="question" open="open">
 <summary>How to setup the Osmedeus?</summary>
-<p>Please check out <strong><a href="/installation/">installation guide here</a></strong></p>
+<p>Please check out <strong><a href="/installation/">installation guide here</a></strong> </p>
+</details>
+<details class="info" open="open">
+<summary>How can I determine which workflow to run for my target?</summary>
+<p>Please check out <strong><a href="/running-your-first-scan/">running your first scan here</a></strong> </p>
 </details>
-<p>???+ info "How can I determine which workflow to run for my target?
-    Please check out <strong><a href="/running-your-first-scan/">running your first scan here</a></strong></p>
 <details class="question" open="open">
 <summary>I got some error while installing Osmedeus on my machine. How can I fix it?</summary>
 <p>Maybe run <code>sudo su</code> first and then run <code>rm -rf ~/osmedeus-base ~/.osmedeus</code> and then run the install script again to have a clean installation.</p>
@@ -1357,14 +1359,27 @@ <h2 id="general-questions">General Questions<a class="headerlink" href="#general
 <p>I recommend using VPS since it takes a lot of network bandwidth, the minimum spec would be 1 CPU 2GB RAM. You can of course increase or decrease the threads in the workflow to make it work in any spec</p>
 </details>
 <details class="info" open="open">
-<summary>How can I update my Osmedeus?</summary>
-<p>Just run the install script again and it will be updated. Run <code>rm -rf /root/osmedeus-base /root/.osmedeus</code> first if you want to have a fresh install.</p>
+<summary>How can I update my Osmedeus? Or having a clean install?</summary>
+<p>Just run the install script again and it will be updated. Or run <code>rm -rf /root/osmedeus-base /root/.osmedeus</code> first then run the install script if you want to have a fresh install.</p>
 </details>
 <details class="question" open="open">
 <summary>Where can I find the result after the scan done?</summary>
 <p>All of your scan data store at <code>~/workspaces-osmedeus/</code></p>
 </details>
 <details class="info" open="open">
+<summary>How do I know which workflow to run?</summary>
+<p>You can follow <strong><a href="/installation/running-your-first-scan/">this page</a></strong> to see what workflow is fit to your workflow.</p>
+</details>
+<details class="question" open="open">
+<summary>How can I conduct a standard scan while excluding specific domains that are considered out of scope?</summary>
+<p>Currently, I don't have any Out of scope handle but you can run the flow that discovery the subdomain first with these commands
+<div class="highlight"><pre><span></span><code>osmedeus scan -f fast -t google.com
+osmedeus scan -f subdomain-enum -t google.com
+</code></pre></div>
+then get the list of subdomain, filtering OOS by yourself then store it in a file like list-of-domains.txt
+finally run the scan on with a list of domains <code>osmedeus scan -f domains -t list-of-domains.txt</code></p>
+</details>
+<details class="info" open="open">
 <summary>I got some errors while running the scan, what should I do?</summary>
 <p>You can use <code>osmedeus health</code> command to check if the install is okay or not.</p>
 </details>
@@ -1384,13 +1399,18 @@ <h2 id="general-questions">General Questions<a class="headerlink" href="#general
 <summary>How can I update the vulnerability database of Jaeles or Nuclei?</summary>
 <p>Just run the command <code>osmedeus update --vuln</code>.</p>
 </details>
+<details class="info" open="open">
+<summary>How do I halt my scan and ensure that all the smaller tasks within it have been stopped?</summary>
+<p>Just press <code>Crtl + C</code> to stop the scan. Then run <code>osmedeus utils ps --osm --kill</code> to kill all the sub process.</p>
+</details>
 <details class="question" open="open">
 <summary>Why was my scan stuck at portscan?</summary>
 <p>It will stay there because it got a sudo password prompt. Some special tools require <em>root</em> permission to run like <strong>nmap</strong>. Make sure you allow <strong>nmap</strong> can be run without sudo password prompt.</p>
 </details>
 <details class="question" open="open">
-<summary>Why was my scan portscan take so long?</summary>
-<p>It's probably because your cloud provider or your home network limit your portscan or just simply your input is too big. Try to run with <code>--debug</code> then you can manually check with the raw command that the portscan module actually running.</p>
+<summary>Why did my scan such as vulnerability scanning, port scanning, or content discovery take so long?</summary>
+<p>It's probably because the thing you put in was really big. Think about trying to run the content discovery againt <strong>2000 different hosts</strong>. That's why it takes a long time.</p>
+<p>It's probably because your cloud provider or your home network limit your portscan. Try to run with <code>--debug</code> then you can manually check with the raw command that the portscan module actually running.</p>
 </details>
 <details class="info" open="open">
 <summary>What is the difference between this flow/module to other flow/module?</summary>

docs/installation/running-your-first-scan/index.html

@@ -1355,6 +1355,9 @@ <h2 id="if-you-workflow-is-a-url-or-a-list-of-urls"><span class="twemoji"><svg x
 <p><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 640 512"><!--! Font Awesome Free 6.3.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M41.4 86.6c-12.5-12.5-12.5-32.8 0-45.3s32.8-12.5 45.3 0l192 192c12.5 12.5 12.5 32.8 0 45.3l-192 192c-12.5 12.5-32.8 12.5-45.3 0s-12.5-32.8 0-45.3L210.7 256 41.4 86.6zM288 416h288c17.7 0 32 14.3 32 32s-14.3 32-32 32H288c-17.7 0-32-14.3-32-32s14.3-32 32-32z"/></svg></span> <strong>Example commands</strong></p>
 <div class="highlight"><pre><span></span><code>osmedeus<span class="w"> </span>scan<span class="w"> </span>-f<span class="w"> </span>urls<span class="w"> </span>-t<span class="w"> </span>list-of-urls.txt
 
+<span class="c1"># This will automatically convert the input into a file named http-sub.example.com.txt</span>
+osmedeus<span class="w"> </span>scan<span class="w"> </span>-f<span class="w"> </span>urls<span class="w"> </span>-t<span class="w"> </span>https://sub.example.com/
+
 osmedeus<span class="w"> </span>scan<span class="w"> </span>-f<span class="w"> </span>domains<span class="w"> </span>-t<span class="w"> </span>list-of-domains.txt
 
 <span class="c1"># using with module</span>
@@ -1368,9 +1371,11 @@ <h2 id="if-you-workflow-is-a-url-or-a-list-of-urls"><span class="twemoji"><svg x
 <h2 id="if-you-workflow-is-a-cidr-or-a-list-of-cidrs"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M16 11h-2V9h2v2M3 5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2v14a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V5m7 2H8v10h2V7m2 10h2v-4h2a2 2 0 0 0 2-2V9a2 2 0 0 0-2-2h-4v10Z"/></svg></span>  If you workflow is a CIDR or a list of CIDRs<a class="headerlink" href="#if-you-workflow-is-a-cidr-or-a-list-of-cidrs" title="Permanent link">&para;</a></h2>
 <p><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"><!--! Font Awesome Free 6.3.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M0 80v48c0 17.7 14.3 32 32 32h64V80c0-26.5-21.5-48-48-48S0 53.5 0 80zm112-48c10 13.4 16 30 16 48v304c0 35.3 28.7 64 64 64s64-28.7 64-64v-5.3c0-32.4 26.3-58.7 58.7-58.7H480V128c0-53-43-96-96-96H112zm352 448c61.9 0 112-50.1 112-112 0-8.8-7.2-16-16-16H314.7c-14.7 0-26.7 11.9-26.7 26.7v5.3c0 53-43 96-96 96h272z"/></svg></span> <strong>Example inputs</strong>: Your input is <strong>a file</strong> that includes a catalog of IP addresses, CIDR such as <code>1.2.3.4/24</code> , <code>3.4.5.6</code>, etc or a simple CIDR like <code>1.2.3.4/24</code></p>
 <p><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 640 512"><!--! Font Awesome Free 6.3.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M41.4 86.6c-12.5-12.5-12.5-32.8 0-45.3s32.8-12.5 45.3 0l192 192c12.5 12.5 12.5 32.8 0 45.3l-192 192c-12.5 12.5-32.8 12.5-45.3 0s-12.5-32.8 0-45.3L210.7 256 41.4 86.6zM288 416h288c17.7 0 32 14.3 32 32s-14.3 32-32 32H288c-17.7 0-32-14.3-32-32s14.3-32 32-32z"/></svg></span> <strong>Example commands</strong></p>
-<div class="highlight"><pre><span></span><code>osmedeus<span class="w"> </span>scan<span class="w"> </span>-f<span class="w"> </span>cidr<span class="w"> </span>-t<span class="w"> </span><span class="m">1</span>.2.3.4/24
+<div class="highlight"><pre><span></span><code>osmedeus<span class="w"> </span>scan<span class="w"> </span>-f<span class="w"> </span>cidr<span class="w"> </span>-t<span class="w"> </span>list-of-cidr.txt
+
+<span class="c1"># This will automatically convert the input into a file named 1.2.3.4/24_random.txt</span>
+osmedeus<span class="w"> </span>scan<span class="w"> </span>-f<span class="w"> </span>cidr<span class="w"> </span>-t<span class="w"> </span><span class="m">1</span>.2.3.4/24
 
-osmedeus<span class="w"> </span>scan<span class="w"> </span>-f<span class="w"> </span>cidr<span class="w"> </span>-t<span class="w"> </span>list-of-cidr.txt
 
 osmedeus<span class="w"> </span>scan<span class="w"> </span>-f<span class="w"> </span>cidr-probing<span class="w"> </span>-t<span class="w"> </span><span class="m">3</span>.4.5.6/24
 </code></pre></div>

docs/reference/index.html

@@ -1246,10 +1246,22 @@
 <h1 id="mentions"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 6.3.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="m502.285 159.704-234-156c-7.987-4.915-16.511-4.96-24.571 0l-234 156C3.714 163.703 0 170.847 0 177.989v155.999c0 7.143 3.714 14.286 9.715 18.286l234 156.022c7.987 4.915 16.511 4.96 24.571 0l234-156.022c6-3.999 9.715-11.143 9.715-18.286V177.989c-.001-7.142-3.715-14.286-9.716-18.285zM278 63.131l172.286 114.858-76.857 51.429L278 165.703V63.131zm-44 0v102.572l-95.429 63.715-76.857-51.429L234 63.131zM44 219.132l55.143 36.857L44 292.846v-73.714zm190 229.715L61.714 333.989l76.857-51.429L234 346.275v102.572zm22-140.858-77.715-52 77.715-52 77.715 52-77.715 52zm22 140.858V346.275l95.429-63.715 76.857 51.429L278 448.847zm190-156.001-55.143-36.857L468 219.132v73.714z"/></svg></span> Mentions<a class="headerlink" href="#mentions" title="Permanent link">&para;</a></h1>
 <ul>
 <li>
-<p><strong><a href="https://www.blackhat.com/asia-23/arsenal/schedule/#build-your-own-reconnaissance-system-with-osmedeus-workflow-engine-31002/">Blackhat Arsenal Asia 2023: Build Your Own Reconnaissance System with Osmedeus Workflow Engine</a></strong></p>
+<p><strong><a href="https://www.blackhat.com/asia-23/arsenal/schedule/#build-your-own-reconnaissance-system-with-osmedeus-workflow-engine-31002/">Blackhat Arsenal Asia 2023 | Build Your Own Reconnaissance System with Osmedeus Workflow Engine</a></strong></p>
 </li>
 <li>
-<p><strong><a href="https://blog.intigriti.com/2022/01/05/bug-bytes-153-new-php-lfi-technique-cache-poisoning-at-scale-null-byte-attacks-are-still-alive/">Tool of the week on Bug Bytes #153</a></strong></p>
+<p><strong><a href="https://www.youtube.com/watch?v=qLTe6Z10vj8">Jason Haddix | The Bug Hunter's Methodology v4</a></strong></p>
+</li>
+<li>
+<p><strong><a href="https://www.hackerone.com/ethical-hacker/100-hacking-tools-and-resources/">Hackerone | 100 Hacking Tools and Resources</a></strong></p>
+</li>
+<li>
+<p><strong><a href="https://www.hackerone.com/vulnerability-management/what-vulnerability-scanning-and-how-do-it-right">Hackerone | What is Vulnerability Scanning? [And How to Do It Right]</a></strong></p>
+</li>
+<li>
+<p><strong><a href="https://blog.intigriti.com/2022/01/05/bug-bytes-153-new-php-lfi-technique-cache-poisoning-at-scale-null-byte-attacks-are-still-alive/">Intigriti | Tool of the week on Bug Bytes #153</a></strong></p>
+</li>
+<li>
+<p><strong><a href="https://book.hacktricks.xyz/generic-methodologies-and-resources/external-recon-methodology">Hacktricks | External Recon Methodology</a></strong></p>
 </li>
 <li>
 <p><strong><a href="https://tldrsec.com/blog/tldr-sec-115/">[tl;dr sec] #115: Build your own reconnaissance system with Osmedeus Engine</a></strong></p>
@@ -1258,6 +1270,15 @@ <h1 id="mentions"><span class="twemoji"><svg xmlns="http://www.w3.org/2000/svg"
 <p><strong><a href="https://hakin9.org/osmedeus-is-a-workflow-engine-for-offensive-security/">Osmedeus on hakin9.org</a></strong></p>
 </li>
 <li>
+<p><strong><a href="https://www.youtube.com/watch?v=ohi0fsLTesw">Automating Recon at scale using Osmedeus</a></strong></p>
+</li>
+<li>
+<p><strong><a href="https://hbothra22.medium.com/scope-based-recon-smart-recon-tactics-7e72d590eae5">Scope Based Recon Methodology: Exploring Tactics for Smart Recon</a></strong></p>
+</li>
+<li>
+<p><strong><a href="https://medium.com/@Land2Cyber/10-top-vulnerability-scanners-with-unique-features-for-bug-bounty-hunters-8aa47fe9ba82">10 Top Vulnerability Scanners with Unique Features for Bug Bounty Hunters</a></strong></p>
+</li>
+<li>
 <p><strong><a href="https://xmind.app/m/NvVFYW">Mindmap of Osmedeus 💠 Premium Workflow</a></strong></p>
 </li>
 <li>