[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-77172":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":9,"totalLinesOfCode":9,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":9,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":9,"rankLanguage":9,"license":9,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":22,"topics":24,"createdAt":9,"pushedAt":9,"updatedAt":40,"readmeContent":41,"aiSummary":42,"trendingCount":16,"starSnapshotCount":16,"syncStatus":43,"lastSyncTime":44,"discoverSource":45},77172,"osmedeus","j3ssie\u002Fosmedeus","j3ssie","A Modern Orchestration Engine for Security",null,"https:\u002F\u002Fgithub.com\u002Fj3ssie\u002Fosmedeus","Go",6410,1016,135,5,0,6,14,55,18,40.02,false,"main",[25,26,27,28,29,30,31,32,33,34,35,36,37,38,39],"reconnaissance","security-tools","hacking-tool","hacking","osint","bugbounty","pentesting","security","go","attack-surface-management","workflow-engine","workflows","llm","penetration-testing","agentic-ai","2026-06-12 02:03:42","# Osmedeus\n\n\u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fwww.osmedeus.org\">\u003Cimg alt=\"Osmedeus\" src=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fosmedeus\u002Fassets\u002Fmain\u002Fosm-logo-with-white-border.png\" height=\"140\" \u002F>\u003C\u002Fa>\n \u003Cbr \u002F>\n \u003Cstrong>Osmedeus - A Modern Orchestration Engine for Security\u003C\u002Fstrong>\n\n \u003Cp align=\"center\">\n \u003Ca href=\"https:\u002F\u002Fdocs.osmedeus.org\u002F\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDocumentation-0078D4?style=for-the-badge&logo=GitBook&logoColor=39ff14&labelColor=black&color=black\">\u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fdocs.osmedeus.org\u002Fdonation\u002F\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSponsors-0078D4?style=for-the-badge&logo=GitHub-Sponsors&logoColor=39ff14&labelColor=black&color=black\">\u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FOsmedeusEngine\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F%40OsmedeusEngine-0078D4?style=for-the-badge&logo=Twitter&logoColor=39ff14&labelColor=black&color=black\">\u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002FmtQG2FQsYA\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDiscord%20Server-0078D4?style=for-the-badge&logo=Discord&logoColor=39ff14&labelColor=black&color=black\">\u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fj3ssie\u002Fosmedeus\u002Freleases\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Frelease\u002Fj3ssie\u002Fosmedeus?style=for-the-badge&labelColor=black&color=2fc414&logo=Github\">\u003C\u002Fa>\n \u003C\u002Fp>\n\u003C\u002Fp>\n\n## What is Osmedeus?\n\n[Osmedeus](https:\u002F\u002Fwww.osmedeus.org) is a security focused declarative orchestration engine that simplifies complex workflow automation into auditable YAML definitions, complete with encrypted data handling, secure credential management, and sandboxed execution.\n\nBuilt for both beginners and experts, it delivers powerful, composable automation without sacrificing the integrity and safety of your infrastructure.\n\n## Key Features\n\n- **Declarative YAML Workflows** - Define pipelines with hooks, decision routing, module exclusion, and conditional branching across multiple runners (host, Docker, SSH)\n- **Distributed Execution** - Redis-based master-worker pattern with queue system, webhook triggers, and file sync across workers\n- **Rich Function Library** - 80+ utility functions including nmap integration, tmux sessions, SSH execution, TypeScript\u002FPython scripting, SARIF parsing, and CDN\u002FWAF classification\n- **Event-Driven Scheduling** - Cron, file-watch, and event triggers with filtering, deduplication, and delayed task queues\n- **Agentic LLM Steps** - Tool-calling agent loops with sub-agent orchestration, memory management, and structured output; plus ACP subprocess agents (Claude Code, Codex, OpenCode, Gemini)\n- **Cloud Infrastructure** - Provision and run scans across DigitalOcean, AWS, GCP, Linode, and Azure with cost controls and automatic cleanup\n- **Rich CLI Interface** - Interactive database queries, bulk function evaluation, workflow linting, progress bars, and comprehensive usage examples\n- **REST API & Web UI** - Full API server with webhook triggers, database queries, and embedded dashboard for visualization\n\nSee [Documentation Page](https:\u002F\u002Fdocs.osmedeus.org\u002F) for more details.\n\n## Installation\n\n```bash\ncurl -sSL http:\u002F\u002Fwww.osmedeus.org\u002Finstall.sh | bash\n```\n\nSee [Quickstart](https:\u002F\u002Fdocs.osmedeus.org\u002Fquickstart\u002F) for quick setup and [Installation](https:\u002F\u002Fdocs.osmedeus.org\u002Finstallation\u002F) for advanced configurations.\n\n| CLI Usage | Web UI Assets | Workflow Visualization |\n|-----------|--------------|-----------------|\n| ![CLI Usage](https:\u002F\u002Fraw.githubusercontent.com\u002Fosmedeus\u002Fassets\u002Frefs\u002Fheads\u002Fmain\u002Fdemo-images\u002Fcli-run-with-verbose-output.png) | ![Web UI Assets](https:\u002F\u002Fraw.githubusercontent.com\u002Fosmedeus\u002Fassets\u002Frefs\u002Fheads\u002Fmain\u002Fdemo-images\u002Fweb-ui-assets.png) | ![Workflow Visualization](https:\u002F\u002Fraw.githubusercontent.com\u002Fosmedeus\u002Fassets\u002Frefs\u002Fheads\u002Fmain\u002Fdemo-images\u002Fweb-ui-workflow.png) |\n\n## Quick Start\n\n```bash\n# Run a module workflow\nosmedeus run -m recon -t example.com\n\n# Run a flow workflow\nosmedeus run -f general -t example.com\n\n# Multiple targets with concurrency\nosmedeus run -m recon -T targets.txt -c 5\n\n# Dry-run mode (preview)\nosmedeus run -f general -t example.com --dry-run\n\n# Start API server\nosmedeus serve\n\n# List available workflows\nosmedeus workflow list\n\n# Query discovered assets\nosmedeus assets -w example.com # List assets for workspace\nosmedeus assets --stats # Show unique technologies, sources, types\nosmedeus assets --source httpx --type web --json # Filter and output as JSON\n\n# Query vulnerabilities, runs, and steps\nosmedeus query vulns --severity high --workspace example.com\nosmedeus query runs --status running\nosmedeus query steps --run \u003Crun-uuid>\n\n# Query database tables\nosmedeus db list --table runs\nosmedeus db list --table event_logs --search \"nuclei\"\n\n# Evaluate utility functions\nosmedeus func eval 'log_info(\"hello\")'\nosmedeus func eval -e 'http_get(\"https:\u002F\u002Fexample.com\")' -T targets.txt -c 10\n\n# Platform variables available in eval\nosmedeus func eval 'log_info(\"OS: \" + PlatformOS + \", Arch: \" + PlatformArch)'\n\n# Install from preset repositories\nosmedeus install base --preset\nosmedeus install base --preset --keep-setting # preserve existing osm-settings.yaml\nosmedeus install workflow --preset\n\n# Exclude modules from flow execution\nosmedeus run -f general -t example.com -x portscan\nosmedeus run -f general -t example.com -X vuln # Fuzzy exclude by substring\n\n# Worker queue system\nosmedeus worker queue new -f general -t example.com # Queue for later\nosmedeus worker queue run --concurrency 5 # Process queue\n\n# Worker management\nosmedeus worker status # Show workers\nosmedeus worker eval -e 'ssh_exec(\"host\", \"whoami\")' # Eval with distributed hooks\n\n# Run an ACP agent interactively\nosmedeus agent \"analyze this codebase\"\nosmedeus agent --agent codex \"explain main.go\"\nosmedeus agent --list\n\n# Cloud infrastructure management\nosmedeus cloud create --instances 3 # Provision cloud machines\nosmedeus cloud setup 1.2.3.4 5.6.7.8 # Setup existing machines\nosmedeus cloud list # List active infrastructure\nosmedeus cloud run -f general -t example.com --instances 3\n\n# Show all usage examples\nosmedeus --usage-example\n```\n\n## Docker\n\n```bash\n# Show help\ndocker run --rm j3ssie\u002Fosmedeus:latest --help\n\n# Run a scan\ndocker run --rm -v $(pwd)\u002Foutput:\u002Froot\u002Fworkspaces-osmedeus \\\n j3ssie\u002Fosmedeus:latest run -f general -t example.com\n```\n\nFor more CLI usage and example commands, refer to the [CLI Reference](https:\u002F\u002Fdocs.osmedeus.org\u002Fgetting-started\u002Fcli).\n\n## High-Level Architecture\n\n```plaintext\n┌───────────────────────────────────────────────────────────────────────────┐\n│ Osmedeus Orchestration Engine │\n├───────────────────────────────────────────────────────────────────────────┤\n│ ENTRY POINTS │\n│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌─────────────┐ │\n│ │ CLI │ │ REST API │ │Scheduler │ │ Distributed │ │\n│ └────┬─────┘ └────┬─────┘ └────┬─────┘ └─────┬───────┘ │\n│ └─────────────┴─────────────┴──────────────┘ │\n│ │ │\n│ ▼ │\n│ ┌─────────────────────────────────────────────────────────────────────┐ │\n│ │ CONFIG ──▶ PARSER ──▶ EXECUTOR ──▶ STEP DISPATCHER ──▶ RUNNER │ │\n│ │ │ │ │\n│ │ Step Executors: bash | function | parallel | foreach | remote-bash │ │\n│ │ http | llm | agent | agent-acp | SARIF\u002FSAST │ │\n│ │ Hooks: pre_scan_steps → [main steps] → post_scan_steps │ │\n│ │ │ │ │\n│ │ Runners: HostRunner | DockerRunner | SSHRunner │ │\n│ │ Queue: DB + Redis polling → dedup → concurrent execution │ │\n│ └─────────────────────────────────────────────────────────────────────┘ │\n└───────────────────────────────────────────────────────────────────────────┘\n```\n\nFor more information about the architecture, refer to the [Architecture Documentation](https:\u002F\u002Fdocs.osmedeus.org\u002Farchitecture).\n\n## Roadmap and Status\n\nThe high-level ambitious plan for the project, in order:\n\n| # | Step | Status |\n| :-: | --------------------------------------------------------------------------- | :----: |\n| 1 | Osmedeus Engine reforged with a next-generation architecture | ✅ |\n| 2 | Flexible workflows and step types | ✅ |\n| 3 | Event-driven architectural model and the different trigger event categories | ✅ |\n| 4 | Beautiful UI for visualize results and workflow diagram | ✅ |\n| 5 | Rewriting the workflow to adapt to new architecture and syntax | ✅ |\n| 6 | Testing more utility functions like notifications | ✅ |\n| 7 | SAST integration with SARIF parsing (Semgrep, Trivy, etc.) | ✅ |\n| 8 | Cloud integration, which supports running the scan on the cloud provider. | ✅ |\n| 9 | Generate diff reports showing new\u002Fremoved\u002Funchanged assets between runs. | ❌ |\n| 10 | Adding step type from cloud provider that can be run via serverless | ❌ |\n| N | Fancy features (to be discussed later) | ❌ |\n## Documentation\n\n| Topic | Link |\n|----------------------|----------------------------------------------------------------------------------------------------------|\n| Getting Started | [docs.osmedeus.org\u002Fgetting-started](https:\u002F\u002Fdocs.osmedeus.org\u002Fgetting-started) |\n| CLI Usage & Examples | [docs.osmedeus.org\u002Fgetting-started\u002Fcli](https:\u002F\u002Fdocs.osmedeus.org\u002Fgetting-started\u002Fcli) |\n| Writing Workflows | [docs.osmedeus.org\u002Fworkflows\u002Foverview](https:\u002F\u002Fdocs.osmedeus.org\u002Fworkflows\u002Foverview) |\n| Event-Driven Triggers| [docs.osmedeus.org\u002Fadvanced\u002Fevent-driven](https:\u002F\u002Fdocs.osmedeus.org\u002Fadvanced\u002Fevent-driven) |\n| Deployment | [docs.osmedeus.org\u002Fdeployment](https:\u002F\u002Fdocs.osmedeus.org\u002Fdeployment) |\n| Architecture | [docs.osmedeus.org\u002Fconcepts\u002Farchitecture](https:\u002F\u002Fdocs.osmedeus.org\u002Fconcepts\u002Farchitecture) |\n| Development | [docs.osmedeus.org\u002Fdevelopment](https:\u002F\u002Fdocs.osmedeus.org\u002Fdevelopment) and [HACKING.md](HACKING.md) |\n| Extending Osmedeus | [docs.osmedeus.org\u002Fdevelopment\u002Fextending-osmedeus](https:\u002F\u002Fdocs.osmedeus.org\u002Fdevelopment\u002Fextending-osmedeus) |\n| Full Documentation | [docs.osmedeus.org](https:\u002F\u002Fdocs.osmedeus.org) |\n\n## Disclaimer\n\n**Osmedeus** is designed to execute arbitrary code and commands from user supplied input via CLI, API, and workflow definitions. This flexibility is intentional and central to how the engine operates.\n\nPlease refer to the [⚠️ Security Warning](https:\u002F\u002Fdocs.osmedeus.org\u002Fothers\u002Fsecurity-warning) page for more information on how to stay safe.\n\n**Think twice before you:**\n- Run workflows downloaded from untrusted sources\n- Execute commands or scans against targets you don't own or have permission to test\n- Use workflows without reviewing their contents first\n\nYou are responsible for what you run. Always review workflow YAML files before execution, especially those obtained from third parties.\n\n## License\n\nOsmedeus is made with ♥ by [@j3ssie](https:\u002F\u002Ftwitter.com\u002Fj3ssie) and it is released under the MIT license.\n","Osmedeus 是一个专注于安全的现代编排引擎,通过可审计的 YAML 定义简化复杂的工作流自动化。其核心功能包括声明式 YAML 工作流定义、分布式执行架构、丰富的函数库(如 nmap 集成和 SARIF 解析)、事件驱动调度以及支持多种云基础设施的自动化部署。此外,Osmedeus 还引入了基于代理的 LLM 步骤,增强了工具调用和子代理协调能力。该项目特别适用于需要进行网络安全评估、渗透测试及攻击面管理等场景,无论是初学者还是专家都能从中受益。",2,"2026-06-11 03:55:08","trending"]