# Osmedeus — Security Orchestration Engine

> Osmedeus is a security orchestration engine with a CLI and workflows for recon and asset inventory—use only on systems you own or are authorized to test.

## Install

Copy the content below into your project:

## Quick Use

```bash
curl -sSL http://www.osmedeus.org/install.sh | bash

osmedeus workflow list
osmedeus run -m recon -t example.com --dry-run
```

## Intro

Osmedeus is a security orchestration engine with a CLI and workflows for recon and asset inventory—use only on systems you own or are authorized to test.

- **Best for:** Authorized security testing and repeatable recon workflows
- **Works with:** Linux/macOS; CLI workflows; optional API server; integrates with docs.osmedeus.org
- **Setup time:** 15–45 minutes

## Practical Notes

- GitHub: 6,232 stars · 982 forks; pushed 2026-05-11 (verified via GitHub API).
- README installation uses a one-line install script and includes `--dry-run` to preview workflow execution.
- CLI examples show modules/flows, concurrency flags, and a built-in API server (`osmedeus serve`).

## Main

Safety-first usage:

- Treat Osmedeus as an **internal security automation runner**. Keep targets in a scoped allowlist (your domains, your staging, your owned IPs).
- Start with `--dry-run` and inspect what will execute, then run with conservative concurrency.
- Keep outputs in a dedicated workspace and store the final report artifacts alongside the run configuration so audits are easy.

If you want to involve an AI agent, have it produce a plan and a safe target list first; never let the agent free-run on the public internet.

### FAQ

**Q: Is it legal to scan random sites?**
A: No. Use it only for systems you own or have explicit permission to test.

**Q: How do I reduce risk?**
A: Use `--dry-run`, keep concurrency low, and run inside isolated environments.

**Q: Can it expose an API?**
A: Yes—README includes `osmedeus serve` to start an API server.

## Source & Thanks

> Source: https://github.com/j3ssie/osmedeus
> License: MIT
> GitHub stars: 6,232 · forks: 982

---

<!-- ZH -->

## 快速使用

```bash
curl -sSL http://www.osmedeus.org/install.sh | bash

osmedeus workflow list
osmedeus run -m recon -t example.com --dry-run
```

## 简介

Osmedeus 是安全编排引擎：用模块与工作流把侦察、资产盘点、漏洞验证与报告串起来，提供 CLI/Web/API，并支持在授权范围内用队列、并发与云插件自动化运行、dry-run 预览以及结果数据库查询。

- **适合谁：** 授权安全测试 + 可复用的侦察/资产盘点工作流
- **可搭配：** Linux/macOS；CLI 工作流；可选 API server；配合 docs.osmedeus.org
- **准备时间：** 15–45 分钟

## 实战建议

- GitHub：6,232 stars · 982 forks；最近更新 2026-05-11（GitHub API 验证）。
- README 安装是一行脚本，并提供 `--dry-run` 用于预览执行计划。
- README 示例包含模块/流程、并发参数，以及内置 API server（`osmedeus serve`）。

## 主要内容

先把安全边界立住：

- 把 Osmedeus 当成 **内部安全自动化 runner**：目标只允许来自白名单（你的域名/测试环境/自有 IP）。
- 先用 `--dry-run` 审核将要执行的步骤，再用保守的并发跑一次小规模验证。
- 输出放在专用 workspace，并把配置与报告一起归档，方便审计与复现。

如果要让 AI agent 参与，先让它产出计划与安全的目标清单；不要让 agent 在公网“自由发挥”。

### FAQ

**可以随便扫网站吗？**
答：不可以。只能对你拥有或已获得明确授权的系统使用。

**怎么降低风险？**
答：先 `--dry-run`，并发设低，在隔离环境中运行。

**能提供 API 吗？**
答：可以。README 包含 `osmedeus serve` 用于启动 API server。

## 来源与感谢

> Source: https://github.com/j3ssie/osmedeus
> License: MIT
> GitHub stars: 6,232 · forks: 982


---
Source: https://tokrepo.com/en/workflows/osmedeus-security-orchestration-engine
Author: Agent Toolkit