j3ssie
commented
2 weeks ago Thanks for the suggestion @D3vil0p3r. That sounds like good information to add as well. I will make the change in the next release, which is probably next week.
Open D3vil0p3r opened 3 weeks ago
j3ssie
commented
2 weeks ago Thanks for the suggestion @D3vil0p3r. That sounds like good information to add as well. I will make the change in the next release, which is probably next week.
j3ssie
commented
1 week ago I've put the list of dependencies here: https://github.com/osmedeus/osmedeus-base/blob/main/Dependencies.md Hope this clarify enough on what need to run the tool
D3vil0p3r
commented
9 hours ago First of all, thank you for your kindness. One question @j3ssie : if I install all the dependencies separately, I still need of running https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh?
Furthermore, osmedeus invokes these dependencies (for example ffuf) directly by ffuf command or giving a specific path?
I see that all the binaries are path in $HOME/osmedeus-base/binaries so I guess that osmedeus executable goes to invoke binaries only from there. Since a user could already have installed those tools, can you make osmedeus to search not only in $HOME/osmedeus-base/binaries but also in /usr/bin? Something like "if /usr/bin does not contain tool X (meaning that you didn't install the tool by pkg manager), then check on $HOME/osmedeus-base/binaries.
Another useful thing just to be more modular imho is: inside install.sh separate the installation of tools dependencies (described here) and the remaining installation stuff. In practice I would create a dedicated install_dependencies.sh where to install these dependencies by invoking also external-binaries.sh + massdns + findomain + packer + semgrep, and another install.sh having the osmedeus web UI, Workflows and Vuln templates.
Just consider that the piece of code in install.sh containing lines like [ -x "$(command -v wget)" ] || $SUDO $PACKGE_MANAGER -qq install wget -y >/dev/null 2>&1 will work only for apt-get, not for other pkg managers and, so, distros different from Debian-like. They will get error.
If I was on your side, I would remove:
detect_package_manager() {
if command -v apt-get &> /dev/null; then
PACKAGE_MANAGER="apt-get"
elif command -v apt &> /dev/null; then
PACKAGE_MANAGER="apt"
elif command -v yum &> /dev/null; then
PACKAGE_MANAGER="yum"
elif command -v dnf &> /dev/null; then
PACKAGE_MANAGER="dnf"
elif command -v pacman &> /dev/null; then
PACKAGE_MANAGER="pacman"
else
echo "No supported package manager found!"
exit 1
fi
announce "Detected package manager: $PACKAGE_MANAGER"
}
detect_package_manager
announce "Please be aware that this installation is only compatible with\033[0m Linux (amd64) and MacOS Intel chip systems"
if [[ $EUID -ne 0 ]]; then
announce "You're running the script as\033[1;34m $USER \033[0m. It is recommended to run as root user by running\033[1;34m sudo su \033[0mfirst and then run the script"
announce "If you're already have essential tools installed, you can continue the installation as normal"
echo -e "\033[1;37m[\033[1;31m+\033[1;37m]\033[1;32m Press any key to continue ... \033[0m"; read -n 1; echo
else
$SUDO $PACKGE_MANAGER update -qq > /dev/null 2>&1
install_banner "Essential tool: wget, git, make, nmap, masscan, chromium"
# reinstall all essioontials tools just to double check
[ -x "$(command -v wget)" ] || $SUDO $PACKGE_MANAGER -qq install wget -y >/dev/null 2>&1
[ -x "$(command -v curl)" ] || $SUDO $PACKGE_MANAGER -qq install curl -y >/dev/null 2>&1
[ -x "$(command -v tmux)" ] || $SUDO $PACKGE_MANAGER -qq install tmux -y >/dev/null 2>&1
[ -x "$(command -v git)" ] || $SUDO $PACKGE_MANAGER -qq install git -y >/dev/null 2>&1
[ -x "$(command -v nmap)" ] || $SUDO $PACKGE_MANAGER -qq install nmap -y >/dev/null 2>&1
[ -x "$(command -v masscan)" ] || $SUDO $PACKGE_MANAGER -qq install masscan -y >/dev/null 2>&1
[ -x "$(command -v make)" ] || $SUDO $PACKGE_MANAGER -qq install build-essential -y >/dev/null 2>&1
[ -x "$(command -v unzip)" ] || $SUDO $PACKGE_MANAGER -qq install unzip -y >/dev/null 2>&1
[ -x "$(command -v chromium)" ] || $SUDO $PACKGE_MANAGER -qq install chromium -y >/dev/null 2>&1
[ -x "$(command -v chromium-browser)" ] || $SUDO $PACKGE_MANAGER -qq install chromium-browser -y >/dev/null 2>&1
[ -x "$(command -v jq)" ] || $SUDO $PACKGE_MANAGER -qq install jq -y >/dev/null 2>&1
[ -x "$(command -v make)" ] || $SUDO $PACKGE_MANAGER -qq install build-essential -y >/dev/null 2>&1
[ -x "$(command -v rsync)" ] || $SUDO $PACKGE_MANAGER -qq install rsync -y >/dev/null 2>&1
[ -x "$(command -v netstat)" ] || $SUDO $PACKGE_MANAGER -qq install coreutils net-tools -y >/dev/null 2>&1
[ -x "$(command -v htop)" ] || $SUDO $PACKGE_MANAGER -qq install htop -y >/dev/null 2>&1
[ -x "$(command -v timeout)" ] || $SUDO $PACKGE_MANAGER install timeout -y >/dev/null 2>&1
[ -x "$(command -v pip)" ] || $SUDO $PACKGE_MANAGER install python3 python3-pip -y >/dev/null 2>&1
fiand just write these dependencies in the README as you did above and dividing between Build Dependencies and Runtime Dependencies.
Hey @j3ssie , I'm trying to package osmedeus for several Linux repositories and I see you use an install bash script to install the needed dependencies.
In general, to create a package, it is needed to explicitly define the list of dependencies of tools but I don't see any documentation about it.
Could you please add in the docs the list of runtime dependencies used by the tool?
Thanks