Esta página se muestra en inglés. Una traducción al español está en curso.
WorkflowsMay 12, 2026·2 min de lectura

Osmedeus — Security Orchestration Engine

Osmedeus is a security orchestration engine with a CLI and workflows for recon and asset inventory—use only on systems you own or are authorized to test.

Agent Toolkit
Agent Toolkit · Community
Listo para agents

Este activo puede ser leído e instalado directamente por agents

TokRepo expone un comando CLI universal, contrato de instalación, metadata JSON, plan según adaptador y contenido raw para que los agents evalúen compatibilidad, riesgo y próximos pasos.

Native · 94/100Política: permitir
Superficie agent
Cualquier agent MCP/CLI
Tipo
Cli
Instalación
Manual
Confianza
Confianza: Established
Entrada
osmedeus run -m recon -t <target>
Comando CLI universal
npx tokrepo install 847acf46-a034-5504-a1fc-e481df2f07b5
contrato de instalaciónJSON de metadataplan adaptadorcontenido raw
Introducción

Osmedeus is a security orchestration engine with a CLI and workflows for recon and asset inventory—use only on systems you own or are authorized to test.

  • Best for: Authorized security testing and repeatable recon workflows
  • Works with: Linux/macOS; CLI workflows; optional API server; integrates with docs.osmedeus.org
  • Setup time: 15–45 minutes

Practical Notes

  • GitHub: 6,232 stars · 982 forks; pushed 2026-05-11 (verified via GitHub API).
  • README installation uses a one-line install script and includes --dry-run to preview workflow execution.
  • CLI examples show modules/flows, concurrency flags, and a built-in API server (osmedeus serve).

Main

Safety-first usage:

  • Treat Osmedeus as an internal security automation runner. Keep targets in a scoped allowlist (your domains, your staging, your owned IPs).
  • Start with --dry-run and inspect what will execute, then run with conservative concurrency.
  • Keep outputs in a dedicated workspace and store the final report artifacts alongside the run configuration so audits are easy.

If you want to involve an AI agent, have it produce a plan and a safe target list first; never let the agent free-run on the public internet.

FAQ

Q: Is it legal to scan random sites? A: No. Use it only for systems you own or have explicit permission to test.

Q: How do I reduce risk? A: Use --dry-run, keep concurrency low, and run inside isolated environments.

Q: Can it expose an API? A: Yes—README includes osmedeus serve to start an API server.

🙏

Fuente y agradecimientos

Source: https://github.com/j3ssie/osmedeus > License: MIT > GitHub stars: 6,232 · forks: 982

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados

Tracecat — Agentic Security Automation

Tracecat is an open-source security automation platform for teams and AI agents, built on Temporal with sandboxed tool runs and a self-hostable UI.

Workflows
Agent Toolkit

Cloud Custodian — Cloud Security & Cost Governance Rules Engine

A YAML-based rules engine for managing cloud resources across AWS, Azure, and GCP. Cloud Custodian enforces security policies, optimizes costs, and ensures compliance through automated actions on non-compliant resources.

Scripts
Script Depot

agent-audit — Security Linter for LLM Agents

Run a static security scanner for LLM agents: 53 OWASP Agentic Top 10 rules, prompt-injection checks, and MCP config auditing via agent-audit scan.

CLI Tools
Agent Toolkit

RagaAI Catalyst — LLM Eval + Tracing SDK

RagaAI Catalyst is a Python SDK for managing LLM projects with evaluation, dataset management, trace/agentic tracing, and prompt/guardrail workflows.

Workflows
Agent Toolkit
Inicio🔍Buscar👤Yo