OXO is a security scanning framework built for modularity, scalability and simplicity.
OXO Engine combines specialized tools to work cohesively to find vulnerabilities and perform actions like recon, enumeration, fingerprinting …
Requirements
Docker is required to run scans locally. To install docker, please follow these instructions.
Installing
OXO ships as a Python package on pypi. To install it, simply run the following command if you have pip
already installed.
pip install -U ostorlab
OXO ships with a store that boasts dozens of agents, from network scanning agents like nmap, nuclei or tsunami, web scanner like Zap, web fingerprinting tools like Whatweb and Wappalyzer, DNS brute forcing like Subfinder and Dnsx, malware file scanning like Virustotal and much more.
To run any of these tools combined, simply run the following command:
oxo scan run --install --agent nmap --agent tsunami --agent nuclei ip 8.8.8.8
or
oxo scan run --install --agent agent/ostorlab/nmap --agent agent/ostorlab/tsunami --agent agent/ostorlab/nuclei ip 8.8.8.8
This command will download and install the following scanning agents:
And will scan the target IP address 8.8.8.8
.
Agents are shipped as standard docker images.
To check the scan status, run:
oxo scan list
Once the scan has completed, to access the scan results, run:
oxo vulnz list --scan-id <scan-id>
oxo vulnz describe --vuln-id <vuln-id>
For more information click here.
This repository will be used to add documents, pictures, etc on LEA efforts; Indictments, Seizure…
A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization…
Short: a Red Team's SIEM. Longer: a Red Team's SIEM that serves two main goals:…
C# port of ZeroMemoryEx's Terminator, so all hail goes to him. Usage You can download…
We delve into the process of setting up a RedELK server, focusing on the critical…
The RedELK client components using Ansible, a powerful automation tool that streamlines the installation and…