Browse Source

Add osmodeus.yaml

Victor Lavaud 9 months ago
parent
commit
25ebef8a89
6 changed files with 414 additions and 0 deletions
  1. 5 0
      dashy/conf.yml
  2. 34 0
      ingress/ingress.yaml
  3. 16 0
      osmedeus/Dockerfile
  4. 38 0
      osmedeus/config.yaml
  5. 238 0
      osmedeus/datasources.yaml
  6. 83 0
      osmedeus/osmedeus.yaml

+ 5 - 0
dashy/conf.yml

@@ -57,6 +57,11 @@ sections:
         icon: https://content.oversecured.com/icons/favicon.svg
         url: https://blog.oversecured.com
         target: newtab
+      - title: Osmedeus
+        description: Recon Engine
+        icon: https://docs.osmedeus.org/static/images/favicon.png
+        url: https://osmedeus.dodges.it/ui/#/
+        target: newtab
   - name: House
     icon: fas fa-house
     items:

+ 34 - 0
ingress/ingress.yaml

@@ -426,4 +426,38 @@ spec:
             port:
               number: 80
   ingressClassName: nginx
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: osmedeus-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt"
+    acme.cert-manager.io/http01-edit-in-place: "true"
+    nginx.org/client-max-body-size: "500m"
+    nginx.org/proxy-connect-timeout: "60s"
+    nginx.org/proxy-read-timeout: "60s"
+    # Uncomment to allow solving HTTP01 challenge
+    nginx.org/hsts: "True"
+    # ingress.kubernetes.io/ssl-redirect: "false"
+    # nginx.org/redirect-to-https: "false"
+    # Upstream uses HTTPS, so connect in HTTPS.
+    nginx.org/ssl-services: "osmedeus"
+spec:
+  tls:
+  - hosts:
+    - osmedeus.dodges.it
+    secretName: osmedeus-le-secret
+  rules:
+  - host: osmedeus.dodges.it
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: osmedeus
+            port:
+              number: 8000
+  ingressClassName: nginx
 

+ 16 - 0
osmedeus/Dockerfile

@@ -0,0 +1,16 @@
+FROM j3ssie/essential-build:latest
+ARG DEBIAN_FRONTEND=noninteractive
+SHELL ["/bin/bash", "-c"]
+ENV PATH "$PATH:/root/osmedeus-base/binaries/"
+WORKDIR /root/
+
+RUN curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh -o /tmp/install.sh
+RUN chmod +x /tmp/install.sh
+RUN /tmp/install.sh
+
+COPY config.yaml /root/.osmedeus/config.yaml
+COPY datasources.yaml /root/osmedeus-base/data/amass-config/datasources.yaml
+
+EXPOSE 8000
+CMD ["/usr/local/bin/osmedeus","server"]
+ENTRYPOINT ["osmedeus"]

+ 38 - 0
osmedeus/config.yaml

@@ -0,0 +1,38 @@
+client:
+    dest: http://127.0.0.1:8000
+    jwt: ""
+    password: 12312345
+    username: qdii
+database:
+    db_host: 127.0.0.1
+    db_name: osm-core
+    db_pass: DB_PASS
+    db_path: /root/.osmedeus/sqlite.db
+    db_port: "3306"
+    db_type: filesystem
+    db_user: root
+environments:
+    backups: /root/.osmedeus/backups
+    binaries: /root/osmedeus-base/binaries
+    cloud_config: /root/osmedeus-base/cloud
+    data: /root/osmedeus-base/data
+    instances: /root/.osmedeus/instances
+    provider_config: /root/.osmedeus/provider
+    storages: /root/.osmedeus/storages
+    workflows: /root/osmedeus-base/workflow
+    workspaces: /root/workspaces-osmedeus
+mics:
+    docs: https://docs.osmedeus.org
+server:
+    bind: 0.0.0.0:8000
+    cert_file: /root/.osmedeus/server/ssl/cert.pem
+    cors: '*'
+    key_file: /root/.osmedeus/server/ssl/key.pem
+    master_pass: ""
+    prefix: b7f917c91b94cee3e6b
+    secret: 2d6790747a4cb7f917c91b94cee3e6b2
+    ui: /root/.osmedeus/server/ui
+tactic:
+    aggressive: 40
+    default: 10
+    gently: 5

+ 238 - 0
osmedeus/datasources.yaml

@@ -0,0 +1,238 @@
+datasources:
+  - name: 360PassiveDNS
+    ttl: 3600
+    creds:
+      account: 
+        apikey: null
+  - name: ASNLookup
+    creds:
+      account: 
+        apikey: 3787d47123mshaf501d0b44daa57p14a394jsn9b4e4c1bc32c
+  - name: Ahrefs
+    ttl: 4320
+    creds:
+      account: 
+        apikey: null
+  - name: AlienVault
+    creds:
+      account: 
+        apikey: 5c423e7821d317401148a8756db087ebb312e208d10c2ad94a77b343c7cce5a9
+  - name: BeVigil
+    creds:
+      account: 
+        apikey: null
+  - name: BigDataCloud
+    creds:
+      account: 
+        apikey: null
+  - name: BinaryEdge
+    ttl: 10080
+    creds:
+      account: 
+        apikey: null
+  - name: BufferOver
+    creds:
+      account: 
+        apikey: null
+  - name: BuiltWith
+    ttl: 10080
+    creds:
+      account: 
+        apikey: 20741f26-421b-4f92-84bb-99bafdc672fc
+  - name: C99
+    ttl: 4320
+    creds:
+      account1: 
+        apikey: null
+      account2: 
+        apikey: null
+  - name: Censys
+    ttl: 10080
+    creds:
+      account: 
+        apikey: null
+        secret: null
+  - name: Chaos
+    ttl: 4320
+    creds:
+      account: 
+        apikey: null
+  - name: CIRCL
+    creds:
+      account: 
+        username: null
+        password: null
+  - name: CertCentral
+    creds:
+      account: 
+        username: null
+        apikey: null
+  - name: DNSDB
+    ttl: 4320
+    creds:
+      account: 
+        apikey: null
+  - name: DNSlytics
+    creds:
+      account: 
+        apikey: null
+  - name: DNSRepo
+    creds:
+      account: 
+        apikey: null
+  - name: Deepinfo
+    creds:
+      account: 
+        apikey: null
+  - name: Detectify
+    creds:
+      account: 
+        apikey: null
+  - name: FacebookCT
+    ttl: 4320
+    creds:
+      app1: 
+        apikey: null
+        secret: null
+      app2: 
+        apikey: null
+        secret: null
+  - name: FOFA
+    ttl: 10080
+    creds:
+      account: 
+        username: null
+        apikey: null
+  - name: FullHunt
+    creds:
+      account: 
+        apikey: null
+  - name: GitHub
+    ttl: 4320
+    creds:
+      accountname: 
+        apikey: null
+  - name: GitLab
+    ttl: 4320
+    creds:
+      accountname: 
+        apikey: null
+  - name: HackerTarget
+    ttl: 1440
+    creds:
+      account: 
+        apikey: null
+  - name: Hunter
+    creds:
+      account: 
+        apikey: null
+  - name: IntelX
+    creds:
+      account: 
+        apikey: null
+  - name: IPdata
+    creds:
+      account: 
+        apikey: null
+  - name: IPinfo
+    creds:
+      account: 
+        apikey: null
+  - name: LeakIX
+    creds:
+      account: 
+        apikey: null
+  - name: Netlas
+    creds:
+      account: 
+        apikey: null
+  - name: ONYPHE
+    ttl: 4320
+    creds:
+      account: 
+        apikey: null
+  - name: Pastebin
+    ttl: 10080
+    creds:
+      account: 
+        apikey: null
+  - name: PassiveTotal
+    ttl: 10080
+    creds:
+      account: 
+        username: null
+        apikey: null
+  - name: PentestTools
+    ttl: 10080
+    creds:
+      account: 
+        apikey: null
+  - name: PublicWWW
+    ttl: 10080
+    creds:
+      account: 
+        apikey: null
+  - name: Quake
+    ttl: 4320
+    creds:
+      account: 
+        apikey: null
+  - name: SOCRadar
+    creds:
+      account: 
+        apikey: null
+  - name: SecurityTrails
+    ttl: 1440
+    creds:
+      account: 
+        apikey: null
+  - name: Shodan
+    ttl: 10080
+    creds:
+      account: 
+        apikey: null
+  - name: Spamhaus
+    ttl: 1440
+    creds:
+      account: 
+        username: null
+        password: null
+  - name: ThreatBook
+    creds:
+      account1: 
+        apikey: null
+  - name: URLScan
+    creds:
+      account: 
+        apikey: null
+  - name: VirusTotal
+    ttl: 10080
+    creds:
+      account: 
+        apikey: null
+  - name: WhoisXMLAPI
+    creds:
+      account: 
+        apikey: null
+  - name: Yandex
+    ttl: 1440
+    creds:
+      account: 
+        username: null
+        apikey: null
+  - name: ZETAlytics
+    ttl: 1440
+    creds:
+      account: 
+        apikey: null
+  - name: ZoomEye
+    ttl: 1440
+    creds:
+      account: 
+        username: 120bce0313ca 
+        password: nwOM=b8`W%uZd<z~xkHtsC[UgCI;H"                     
+
+# this is the global options that will be considered. For example, minimum_ttl would be a global option used to compare
+# the minimum_ttl to the other datasources ttl.
+global_options: 
+  minimum_ttl: 1440

+ 83 - 0
osmedeus/osmedeus.yaml

@@ -0,0 +1,83 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: osmedeus-pv
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /volume2/FastNFS/osmedeus
+    server: 192.168.2.44
+    readOnly: false
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: osmedeus
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: osmedeus
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: osmedeus
+  template:
+    metadata:
+      labels:
+        name: osmedeus
+        nginx: backend
+    spec:
+      containers:
+        - name: osmedeus
+          image: qdii/osmedeus:4.6.3
+          imagePullPolicy: "Always"
+          command: ["/usr/local/bin/osmedeus","server"]
+          args: ["osmedeus"]
+          volumeMounts:
+          - name: osmedeus
+            mountPath: /root/workspaces-osmedeus
+          ports:
+            - containerPort: 8000
+              name: http
+          livenessProbe:
+            initialDelaySeconds: 300
+            timeoutSeconds: 10
+            httpGet:
+              path: "/ui/#"
+              scheme: "HTTPS"
+              port: 8000
+              httpHeaders:
+                - name: Host
+                  value: "osmedeus.dodges.it"
+      volumes:
+        - name: osmedeus
+          persistentVolumeClaim:
+            claimName: osmedeus
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: osmedeus
+spec:
+  type: ClusterIP
+  ipFamilyPolicy: PreferDualStack
+  selector:
+    name: osmedeus
+  ports:
+    - protocol: TCP
+      port: 8000
+      targetPort: 8000
+      name: http