OXO: A security scanning framework built for modularity, scalability and simplicity
OXO Scan Orchestration Engine
OXO is a security scanning framework built for modularity, scalability, and simplicity.
OXO Engine combines specialized tools to work cohesively to find vulnerabilities and perform actions like recon, enumeration, fingerprinting, and more.
OXO ships with a store that boasts dozens of agents, from network scanning agents like nmap, nuclei or tsunami, web scanner like Zap, web fingerprinting tools like Whatweb and Wappalyzer, DNS brute forcing like Subfinder and Dnsx, malware file scanning like Virustotal and much more.
OXO supports scanning of multiple asset types, below is the list of currently supported:
| Asset | Description |
|---|---|
| agent | Run scan for agent. This is used for agents scanning themselves (meta-scanning :). |
| ip | Run scan for IP address or an IP range . |
| link | Run scan for web link accepting a URL, method, headers and request body. |
| file | Run scan for a generic file. |
| android-aab | Run scan for an Android .AAB package file. |
| android-apk | Run scan for an Android .APK package file. |
| ios-ipa | Run scan for iOS .IPA file. |
| domain-name | Run scan for Domain Name asset with specifying protocol or port. |
