Dependency list missing in docs

[D3vil0p3r]

Hey @j3ssie , I'm trying to package osmedeus for several Linux repositories and I see you use an install bash script to install the needed dependencies.

In general, to create a package, it is needed to explicitly define the list of dependencies of tools but I don't see any documentation about it.

Could you please add in the docs the list of runtime dependencies used by the tool?

Thanks

[j3ssie]

Thanks for the suggestion @D3vil0p3r. That sounds like good information to add as well.
I will make the change in the next release, which is probably next week.

[j3ssie]

I've put the list of dependencies here: https://github.com/osmedeus/osmedeus-base/blob/main/Dependencies.md
Hope this clarify enough on what need to run the tool

[D3vil0p3r]

First of all, thank you for your kindness. One question @j3ssie : if I install all the dependencies separately, I still need of running https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh?

Furthermore, osmedeus invokes these dependencies (for example ffuf) directly by ffuf command or giving a specific path?

I see that all the binaries are path in $HOME/osmedeus-base/binaries so I guess that osmedeus executable goes to invoke binaries only from there. Since a user could already have installed those tools, can you make osmedeus to search not only in $HOME/osmedeus-base/binaries but also in /usr/bin? Something like "if /usr/bin does not contain tool X (meaning that you didn't install the tool by pkg manager), then check on $HOME/osmedeus-base/binaries.

Another useful thing just to be more modular imho is: inside install.sh separate the installation of tools dependencies (described here) and the remaining installation stuff. In practice I would create a dedicated install_dependencies.sh where to install these dependencies by invoking also external-binaries.sh + massdns + findomain + packer + semgrep, and another install.sh having the osmedeus web UI, Workflows and Vuln templates.

Just consider that the piece of code in install.sh containing lines like [ -x "$(command -v wget)" ] || $SUDO $PACKGE_MANAGER -qq install wget -y >/dev/null 2>&1 will work only for apt-get, not for other pkg managers and, so, distros different from Debian-like. They will get error.

If I was on your side, I would remove:

detect_package_manager() {
    if command -v apt-get &> /dev/null; then
        PACKAGE_MANAGER="apt-get"
    elif command -v apt &> /dev/null; then
        PACKAGE_MANAGER="apt"
    elif command -v yum &> /dev/null; then
        PACKAGE_MANAGER="yum"
    elif command -v dnf &> /dev/null; then
        PACKAGE_MANAGER="dnf"
    elif command -v pacman &> /dev/null; then
        PACKAGE_MANAGER="pacman"
    else
        echo "No supported package manager found!"
        exit 1
    fi

    announce "Detected package manager: $PACKAGE_MANAGER"
}
detect_package_manager

announce "Please be aware that this installation is only compatible with\033[0m Linux (amd64) and MacOS Intel chip systems"
if [[ $EUID -ne 0 ]]; then
  announce "You're running the script as\033[1;34m $USER \033[0m. It is recommended to run as root user by running\033[1;34m sudo su \033[0mfirst and then run the script"
  announce "If you're already have essential tools installed, you can continue the installation as normal"
  echo -e "\033[1;37m[\033[1;31m+\033[1;37m]\033[1;32m Press any key to continue ... \033[0m"; read -n 1; echo
else
  $SUDO $PACKGE_MANAGER update -qq > /dev/null 2>&1
  install_banner "Essential tool: wget, git, make, nmap, masscan, chromium"
  # reinstall all essioontials tools just to double check
  [ -x "$(command -v wget)" ] || $SUDO $PACKGE_MANAGER -qq install wget -y >/dev/null 2>&1
  [ -x "$(command -v curl)" ] || $SUDO $PACKGE_MANAGER -qq install curl -y >/dev/null 2>&1
  [ -x "$(command -v tmux)" ] || $SUDO $PACKGE_MANAGER -qq install tmux -y >/dev/null 2>&1
  [ -x "$(command -v git)" ] || $SUDO $PACKGE_MANAGER -qq install git -y >/dev/null 2>&1
  [ -x "$(command -v nmap)" ] || $SUDO $PACKGE_MANAGER -qq install nmap -y >/dev/null 2>&1
  [ -x "$(command -v masscan)" ] || $SUDO $PACKGE_MANAGER -qq install masscan -y >/dev/null 2>&1
  [ -x "$(command -v make)" ] || $SUDO $PACKGE_MANAGER -qq install build-essential -y >/dev/null 2>&1
  [ -x "$(command -v unzip)" ] || $SUDO $PACKGE_MANAGER -qq install unzip -y >/dev/null 2>&1
  [ -x "$(command -v chromium)" ] || $SUDO $PACKGE_MANAGER -qq install chromium -y >/dev/null 2>&1
  [ -x "$(command -v chromium-browser)" ] || $SUDO $PACKGE_MANAGER -qq install chromium-browser -y >/dev/null 2>&1
  [ -x "$(command -v jq)" ] || $SUDO $PACKGE_MANAGER -qq install jq -y >/dev/null 2>&1
  [ -x "$(command -v make)" ] || $SUDO $PACKGE_MANAGER -qq install build-essential -y >/dev/null 2>&1
  [ -x "$(command -v rsync)" ] || $SUDO $PACKGE_MANAGER -qq install rsync -y >/dev/null 2>&1
  [ -x "$(command -v netstat)" ] || $SUDO $PACKGE_MANAGER -qq install coreutils net-tools -y >/dev/null 2>&1
  [ -x "$(command -v htop)" ] || $SUDO $PACKGE_MANAGER -qq install htop -y >/dev/null 2>&1
  [ -x "$(command -v timeout)" ] || $SUDO $PACKGE_MANAGER install timeout -y >/dev/null 2>&1
  [ -x "$(command -v pip)" ] || $SUDO $PACKGE_MANAGER install python3 python3-pip -y >/dev/null 2>&1
fi

and just write these dependencies in the README as you did above and dividing between Build Dependencies and Runtime Dependencies.

[D3vil0p3r]

@j3ssie any news?