Skip to main content

OXO Scanner Orchestrator for the Modern Age.

Project description

PyPI version Downloads Ostorlab blog Twitter Follow

OXO Scan Orchestration Engine

OXO is a security scanning framework built for modularity, scalability and simplicity.

OXO Engine combines specialized tools to work cohesively to find vulnerabilities and perform actions like recon, enumeration, fingerprinting ...

Main oxo

Requirements

Docker is required to run scans locally. To install docker, please follow these instructions.

Installing

OXO ships as a Python package on pypi. To install it, simply run the following command if you have pip already installed.

pip install -U ostorlab

Getting Started

OXO ships with a store that boasts dozens of agents, from network scanning agents like nmap, nuclei or tsunami, web scanner like Zap, web fingerprinting tools like Whatweb and Wappalyzer, DNS brute forcing like Subfinder and Dnsx, malware file scanning like Virustotal and much more.

To run any of these tools combined, simply run the following command:

OXO CLI is accessible using the oxo command.

oxo scan run --install --agent nmap --agent tsunami --agent nuclei ip 8.8.8.8

or

oxo scan run --install --agent agent/ostorlab/nmap --agent agent/ostorlab/tsunami --agent agent/ostorlab/nuclei ip 8.8.8.8

This command will download and install the following scanning agents:

And will scan the target IP address 8.8.8.8.

Agents are shipped as standard docker images.

To check the scan status, run:

oxo scan list

Once the scan has completed, to access the scan results, run:

oxo vulnz list --scan-id <scan-id>
oxo vulnz describe --vuln-id <vuln-id>

Docker Image

To run oxo in a container, you may use the publicly available image and run the following command:

docker run -v /var/run/docker.sock:/var/run/docker.sock ostorlab/oxo:latest scan run --install --agent nmap --agent nuclei --agent tsunami ip 8.8.8.8

Notes:

  • The command starts directly with: scan run, this is because the ostorlab/oxo image has oxo as an entrypoint.
  • It is important to mount the docker socket so oxo can create the agent in the host machine.

Assets

OXO supports scanning of multiple asset types, below is the list of currently supported:

Asset Description
agent Run scan for agent. This is used for agents scanning themselves (meta-scanning :).
ip Run scan for IP address or an IP range .
link Run scan for web link accepting a URL, method, headers and request body.
file Run scan for a generic file.
android-aab Run scan for an Android .AAB package file.
android-apk Run scan for an Android .APK package file.
ios-ipa Run scan for iOS .IPA file.
domain-name Run scan for Domain Name asset with specifying protocol or port.

The Store

OXO lists all agents on a public store where you can search and also publish your own agents.

Store

Publish your first Agent

To write your first agent, you can check out a full tutorial here.

The steps are basically the following:

  • Clone a template agent with all files already setup.
  • Change the template_agent.py file to add your logic.
  • Change the Dockerfile adding any extra building steps.
  • Change the ostorlab.yaml adding selectors, documentation, image, license.
  • Publish on the store.
  • Profit!

Once you have written your agent, you can publish it on the store for others to use and discover it. The store will handle agent building and will automatically pick up new releases from your git repo.

Build

Ideas for Agents to build

Implementation of popular tools like:

  • semgrep for source code scanning.
  • nbtscan: Scans for open NETBIOS nameservers on your target’s network.
  • onesixtyone: Fast scanner to find publicly exposed SNMP services.
  • Retire.js: Scanner detecting the use of JavaScript libraries with known vulnerabilities.
  • snallygaster: Finds file leaks and other security problems on HTTP servers.
  • testssl.sh: Identify various TLS/SSL weaknesses, including Heartbleed, CRIME and ROBOT.
  • TruffleHog: Searches through git repositories for high entropy strings and secrets, digging deep into commit history.
  • cve-bin-tool: Scan binaries for vulnerable components.
  • XSStrike: XSS web vulnerability scanner with generative payload.
  • Subjack: Subdomain takeover scanning tool.
  • DnsReaper: Subdomain takeover scanning tool.

Credits

As an open-source project in a rapidly developing field, we are always open to contributions, whether it be in the form of a new feature, improved infrastructure, or better documentation.

We would like to thank the following contributors for their help in making OXO a better tool:

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ostorlab-1.2.18.tar.gz (9.1 MB view details)

Uploaded Source

Built Distribution

ostorlab-1.2.18-py3-none-any.whl (10.4 MB view details)

Uploaded Python 3

File details

Details for the file ostorlab-1.2.18.tar.gz.

File metadata

  • Download URL: ostorlab-1.2.18.tar.gz
  • Upload date:
  • Size: 9.1 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for ostorlab-1.2.18.tar.gz
Algorithm Hash digest
SHA256 749cbc7a2b912a2660cc8cf4c6841a038580e66b0fce58475fd9d7a05ac0f70c
MD5 217d0986bdfd66b6f916fe1c5975c9d3
BLAKE2b-256 ce7676ad1f4536339d29ef19292ac46b52cc3de1cf2dd6bf24357507b144e40c

See more details on using hashes here.

File details

Details for the file ostorlab-1.2.18-py3-none-any.whl.

File metadata

  • Download URL: ostorlab-1.2.18-py3-none-any.whl
  • Upload date:
  • Size: 10.4 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.9.20

File hashes

Hashes for ostorlab-1.2.18-py3-none-any.whl
Algorithm Hash digest
SHA256 78859517b3c9d6284138aa8c243cf2d8da3eca205031b473e5e3f7fc8558cf0d
MD5 32521e7056278a257c7a8a8a9ac677fe
BLAKE2b-256 e44cc63e99f5a69dad8a54f8e4d97729628c85f2985e290d9757dc6a89c9ed3c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page