Documentation Index
Fetch the complete documentation index at: https://docs.osmedeus.org/llms.txt
Use this file to discover all available pages before exploring further.
Complete reference for all 190+ utility functions organized by category.
File Functions
Operations on files and directories.
file_exists(path)
Check if a file exists.
file_exists("/path/to/file.txt") // Returns: true or false
file_length(path)
Count non-empty lines in a file.
file_length("{{Output}}/hosts.txt") // Returns: 42
dir_length(path)
Count entries in a directory.
dir_length("{{Output}}/screenshots") // Returns: 15
file_contains(path, pattern)
Check if file contains a pattern.
file_contains("{{Output}}/urls.txt", "admin") // Returns: true or false
regex_extract("{{Output}}/urls.txt", ".*api.*") // Returns: ["https://api.example.com", ...]
read_file(path)
Read entire file contents.
read_file("{{Output}}/config.json") // Returns: file contents as string
read_lines(path)
Read file as array of lines.
read_lines("{{Output}}/subdomains.txt") // Returns: ["sub1.example.com", "sub2.example.com", ...]
remove_file(path)
Delete a file.
remove_file("{{Output}}/temp.txt") // Returns: true or false
remove_folder(path)
Delete folder recursively.
remove_folder("{{Output}}/cache") // Returns: true or false
rm_rf(path)
Delete file or folder recursively (like rm -rf).
rm_rf("{{Output}}/tmp") // Returns: true or false
remove_all_except(folder, keep_file)
Remove everything under folder except the specified file.
remove_all_except("{{Output}}", "{{Output}}/keep.txt") // Returns: true or false
create_folder(path)
Create folder recursively (like mkdir -p).
create_folder("{{Output}}/new-folder") // Returns: true or false
append_file(dest, source)
Append source file content to destination file.
append_file("{{Output}}/all.txt", "{{Output}}/part.txt") // Returns: true or false
move_file(source, dest)
Move file from source to destination.
move_file("{{Output}}/raw.txt", "{{Output}}/processed.txt") // Returns: true or false
glob(pattern)
List filenames matching glob pattern.
glob("{{Output}}/*.txt") // Returns: ["file1.txt", "file2.txt", ...]
grep_string_to_file(dest, source, str)
Write lines containing string to destination file.
grep_string_to_file("{{Output}}/admin-urls.txt", "{{Output}}/urls.txt", "admin") // Returns: true or false
grep_regex_to_file(dest, source, pattern)
Write lines matching regex to destination file.
grep_regex_to_file("{{Output}}/api-urls.txt", "{{Output}}/urls.txt", ".*api.*") // Returns: true or false
grep_string(source, str)
Return lines containing string.
grep_string("{{Output}}/urls.txt", "admin") // Returns: "https://example.com/admin\nhttps://example.com/admin/login"
grep_regex(source, pattern)
Return lines matching regex.
grep_regex("{{Output}}/urls.txt", ".*api.*") // Returns: matching lines as string
remove_blank_lines(path)
Remove blank lines from file in-place.
remove_blank_lines("{{Output}}/urls.txt") // Returns: true or false
chunk_file("{{Output}}/urls.txt", 1000, "{{Output}}/chunks/urls")
// Creates: urls-0.txt, urls-1.txt, ...
// Returns: true or false
cut_to_file("{{Output}}/data.csv", ",", 2, "{{Output}}/column2.txt") // Returns: true or false
String Functions
String manipulation operations.
trim(str)
Remove leading/trailing whitespace.
trim(" hello world ") // Returns: "hello world"
split(str, delim)
Split string by delimiter into array.
split("a,b,c", ",") // Returns: ["a", "b", "c"]
join(arr, delim)
Join array elements with delimiter.
join(["a", "b", "c"], "-") // Returns: "a-b-c"
replace(str, old, new)
Replace all occurrences of old with new.
replace("hello world", "world", "there") // Returns: "hello there"
contains(str, substr)
Check if string contains substring.
contains("hello world", "world") // Returns: true
starts_with(str, prefix)
Check if string starts with prefix.
starts_with("hello", "hel") // Returns: true
ends_with(str, suffix)
Check if string ends with suffix.
ends_with("hello.txt", ".txt") // Returns: true
to_lower_case(str)
Convert to lowercase.
to_lower_case("HELLO") // Returns: "hello"
to_upper_case(str)
Convert to uppercase.
to_upper_case("hello") // Returns: "HELLO"
match(str, pattern)
Check if string matches regex pattern.
match("test123", "[0-9]+") // Returns: true
regex_match(pattern, str)
Check if string matches regex (pattern first).
regex_match("[0-9]+", "test123") // Returns: true
cut).
cut_with_delim("a:b:c", ":", 2) // Returns: "b"
normalize_path("test/path:file") // Returns: "test_path_file"
{{TargetSpace}}).
normal_path("https://example.com/path") // Returns: "example.com_path"
clean_sub(path, target?)
Clean and deduplicate subdomains in file, optionally filter by target domain.
clean_sub("{{Output}}/subdomains.txt", "example.com") // Returns: true or false
trim_left("https://example.com", "https://") // Returns: "example.com"
trim_right("example.com/", "/") // Returns: "example.com"
trim_string("---hello---", "---") // Returns: "hello"
cut_space("hello world foo", 2) // Returns: "world"
{{TargetSpace}}).
get_target_space("https://example.com/path") // Returns: "example.com_path"
pick_valid(v1, v2, …, v10)
Return the first non-empty value from the given arguments (up to 10).
pick_valid("", "", "fallback") // Returns: "fallback"
pick_valid(target, "default.com") // Returns: target if non-empty, else "default.com"
cut is an alias for cut_with_delim. bash is an alias for exec_cmd.
Type Conversion Functions
Convert between data types.
parse_int(str)
Parse string to integer.
parse_int("42") // Returns: 42
parse_float(str)
Parse string to float.
parse_float("3.14") // Returns: 3.14
to_string(val)
Convert value to string.
to_string(123) // Returns: "123"
to_boolean(val)
Convert value to boolean.
to_boolean("true") // Returns: true
to_boolean(1) // Returns: true
Type Detection Functions
Detect input types.
Detect input type: file, folder, cidr, ip, url, domain, or string.
get_types("192.168.1.0/24") // Returns: "cidr"
get_types("example.com") // Returns: "domain"
get_types("https://example.com") // Returns: "url"
get_types("/etc/passwd") // Returns: "file"
is_file(path)
Check if path is an existing file.
is_file("/tmp/data.txt") // Returns: true or false
is_dir(path)
Check if path is an existing directory.
is_dir("/tmp/output") // Returns: true or false
is_git(path)
Check if path is inside a git repository.
is_git("/path/to/project") // Returns: true or false
is_url("https://example.com") // Returns: true
is_url("not-a-url") // Returns: false
is_compress(path)
Check if path is a compressed archive file (.zip, .tar.gz, .tgz, etc.).
is_compress("archive.tar.gz") // Returns: true
is_compress("file.txt") // Returns: false
detect_language(path)
Detect the dominant programming language of a source folder (supports 26+ languages).
detect_language("/path/to/project") // Returns: "javascript"
detect_language("{{Output}}/repo") // Returns: "python"
Utility Functions
General utility operations.
len(val)
Get length of string or array.
len("hello") // Returns: 5
len([1, 2, 3]) // Returns: 3
is_empty(val)
Check if value is empty.
is_empty("") // Returns: true
is_empty("hello") // Returns: false
is_not_empty(val)
Check if value is not empty.
is_not_empty("test") // Returns: true
is_not_empty("") // Returns: false
printf(message)
Print message to stdout.
printf("Scan started for " + target)
cat_file(path)
Print file contents to stdout.
cat_file("{{Output}}/results.txt")
exit(code)
Exit the scan with specified code.
exit(0) // Success
exit(1) // Error
exec_cmd(command)
Execute bash command and return output.
exec_cmd("whoami") // Returns: "root"
exec_cmd("date") // Returns: "Mon Jan 20 10:30:00 UTC 2025"
sleep(seconds)
Pause execution for n seconds.
sleep(5) // Pause for 5 seconds
command_exists(command)
Check if command exists in PATH.
command_exists("nmap") // Returns: true or false
command_exists("nuclei") // Returns: true or false
Logging Functions
Log messages with level prefixes.
log_debug(message)
Log debug message with [DEBUG] prefix.
log_debug("Processing target: " + target)
log_info(message)
Log info message with [INFO] prefix.
log_info("Scan completed successfully")
log_warn(message)
Log warning message with [WARN] prefix.
log_warn("Rate limit approaching")
log_error(message)
Log error message with [ERROR] prefix.
log_error("Failed to connect to target")
Color Printing Functions
Print messages with colored output.
print_green(message)
Print message in green color.
print_blue(message)
Print message in blue color.
print_blue("Processing {{Target}}")
print_yellow(message)
Print message in yellow color.
print_yellow("Warning: Rate limit hit")
print_red(message)
Print message in red color.
print_red("Error occurred")
Runtime Variable Functions
Set and get variables at runtime.
set_var(name, value)
Set a runtime variable for later retrieval.
set_var("api_url", "https://api.example.com")
get_var(name)
Get a runtime variable value.
get_var("api_url") // Returns: "https://api.example.com"
HTTP Functions
HTTP requests and network operations.
http_request(url, method, headers, body)
Make HTTP request with full control.
http_request("https://api.example.com/data", "POST",
{"Authorization": "Bearer token", "Content-Type": "application/json"},
'{"key":"value"}')
// Returns: {statusCode: 200, body: "...", headers: {...}}
http_get(url)
HTTP GET request with structured response.
http_get("https://api.example.com/data")
// Returns: {statusCode: 200, body: "...", headers: {...}}
http_post(url, body)
HTTP POST request with structured response.
http_post("https://api.example.com/submit", '{"key":"value"}')
// Returns: {statusCode: 200, body: "...", headers: {...}}
get_ip(domain_or_url)
Resolve domain or URL to IP address.
get_ip("example.com") // Returns: "93.184.216.34"
get_ip("https://example.com/path") // Returns: "93.184.216.34" (auto-parses URL)
Generation Functions
Generate random values.
random_string(length)
Generate random alphanumeric string.
random_string(16) // Returns: "aB3xY9kLm2nP7qRs"
uuid()
Generate UUID v4.
uuid() // Returns: "550e8400-e29b-41d4-a716-446655440000"
Encoding Functions
Encode and decode data.
base64_encode(str)
Encode string to base64.
base64_encode("hello") // Returns: "aGVsbG8="
base64_decode(str)
Decode base64 string.
base64_decode("aGVsbG8=") // Returns: "hello"
Data Query Functions
Query structured data.
jq(jsonData, query)
Extract data using jq syntax.
jq('{"name":"test","version":"1.0"}', '.name') // Returns: "test"
jq('{"items":[1,2,3]}', '.items[]') // Returns: [1, 2, 3]
jq('{"a":{"b":"c"}}', '.a.b') // Returns: "c"
jq_from_file(path, query)
Extract data using jq from JSON file.
jq_from_file("{{Output}}/data.json", ".results[].url")
Notification Functions
Send notifications via various channels.
notify_telegram(message)
Send message to configured Telegram chat.
notify_telegram("Scan completed for {{Target}}") // Returns: true or false
send_telegram_file(path, caption?)
Send file to Telegram with optional caption.
send_telegram_file("{{Output}}/report.pdf", "Scan report for {{Target}}") // Returns: true or false
notify_webhook(message)
Send message to all configured webhooks.
notify_webhook("Scan completed for {{Target}}") // Returns: true or false
send_webhook_event(eventType, data)
Send structured event to all webhooks.
send_webhook_event("scan_complete", {target: "{{Target}}", status: "success"}) // Returns: true or false
notify_telegram_channel(channel, message)
Send message to a specific Telegram channel.
notify_telegram_channel("alerts", "Critical finding on {{Target}}") // Returns: true or false
send_telegram_file_channel(channel, path, caption?)
Send file to a specific Telegram channel with optional caption.
send_telegram_file_channel("reports", "{{Output}}/report.pdf", "Report for {{Target}}") // Returns: true or false
notify_message_as_file_telegram(path)
Send file content as a text file to Telegram.
notify_message_as_file_telegram("{{Output}}/summary.txt") // Returns: true or false
notify_message_as_file_telegram_channel(channel, path)
Send file content as a text file to a specific Telegram channel.
notify_message_as_file_telegram_channel("reports", "{{Output}}/summary.txt") // Returns: true or false
Event Generation Functions
Generate structured events for the event system.
generate_event(workspace, topic, source, data_type, data)
Generate a structured event and send to server/webhooks.
// Simple string data
generate_event("{{Workspace}}", "discovery", "subdomain-scan", "domain", "api.example.com")
// Complex object data
generate_event("{{Workspace}}", "vulnerability", "nuclei", "finding", {
url: "https://example.com/admin",
severity: "critical",
template: "CVE-2024-1234"
})
// Returns: true (always true - events are queued if server unavailable)
workspace - Workspace name (required, use {{Workspace}})topic - Event category (e.g., “discovery”, “vulnerability”)source - Origin of the event (e.g., “amass”, “nuclei”)data_type - Type of data (e.g., “domain”, “url”, “finding”)data - The actual data payload (string or object)
Event Payload Structure:
{
"workspace": "example.com",
"topic": "discovery",
"source": "amass",
"data_type": "subdomain",
"data": "api.example.com",
"run_id": "abc123",
"workflow_name": "recon",
"timestamp": "2025-01-15T10:30:00Z"
}
generate_event_from_file(workspace, topic, source, data_type, path)
Read a file and generate an event for each non-empty line.
generate_event_from_file("{{Workspace}}", "discovery", "amass", "subdomain", "{{Output}}/subdomains.txt")
// Returns: 42 (count of events generated)
workspace - Workspace name (required)topic - Event categorysource - Origin of the eventdata_type - Type of datapath - Path to file (one item per line)
CDN/Storage Functions
Cloud storage operations (S3-compatible).
cdn_upload(localPath, remotePath)
Upload file to cloud storage.
cdn_upload("{{Output}}/report.zip", "scans/{{Target}}/report.zip") // Returns: true or false
cdn_download(remotePath, localPath)
Download file from cloud storage.
cdn_download("wordlists/common.txt", "/tmp/common.txt") // Returns: true or false
cdn_exists(remotePath)
Check if file exists in cloud storage.
cdn_exists("scans/{{Target}}/report.zip") // Returns: true or false
cdn_delete(remotePath)
Delete file from cloud storage.
cdn_delete("scans/{{Target}}/old-report.zip") // Returns: true or false
cdn_sync_upload(localDir, remotePrefix)
Sync local directory to cloud storage (delta upload).
cdn_sync_upload("{{Output}}", "scans/{{Target}}/")
// Returns: {uploaded: 5, skipped: 10, errors: 0}
cdn_sync_download(remotePrefix, localDir)
Sync cloud storage to local directory (delta download).
cdn_sync_download("base-setup/", "{{BaseFolder}}")
// Returns: {downloaded: 3, skipped: 7, errors: 0}
cdn_get_presigned_url(remotePath, expiryMins?)
Generate presigned URL for file access.
cdn_get_presigned_url("scans/target/report.zip", 60)
// Returns: "https://bucket.s3.amazonaws.com/scans/target/report.zip?X-Amz-..."
cdn_list(prefix?)
List files with metadata from cloud storage.
cdn_list("scans/")
// Returns: [{key: "scans/target1/report.zip", size: 1024, lastModified: "..."}, ...]
cdn_stat(remotePath)
Get file metadata from cloud storage.
cdn_stat("scans/target/report.zip")
// Returns: {key: "...", size: 1024, lastModified: "...", etag: "..."} or null
cdn_read(remotePath)
Read file content from cloud storage and return as string.
cdn_read("config/settings.yaml") // Returns: file contents as string
cdn_ls_tree(prefix?, depth?)
List cloud storage contents in a tree-like format.
cdn_ls_tree("scans/") // Returns: tree-formatted string
cdn_ls_tree("scans/", 2) // Returns: tree limited to depth 2
Unix Command Wrappers
Wrappers around common Unix commands.
Sort file with LC_ALL=C sort -u (in-place if no output specified).
sort_unix("{{Output}}/urls.txt") // In-place
sort_unix("{{Output}}/urls.txt", "{{Output}}/urls-sorted.txt") // To new file
// Returns: true or false
wget_unix(url, output?)
Download file with wget.
wget_unix("https://example.com/file.txt", "/tmp/file.txt") // Returns: true or false
git_clone(repo, dest?)
Clone git repository (shallow clone).
git_clone("https://github.com/user/repo", "/tmp/repo") // Returns: true or false
zip_unix(source, dest)
Create zip archive using zip -r.
zip_unix("{{Output}}", "{{Output}}/archive.zip") // Returns: true or false
unzip_unix(source, dest?)
Extract zip archive using unzip.
unzip_unix("/tmp/archive.zip", "/tmp/extracted") // Returns: true or false
tar_unix(source, dest)
Create tar.gz archive using tar -czf.
tar_unix("{{Output}}", "{{Output}}/archive.tar.gz") // Returns: true or false
untar_unix(source, dest?)
Extract tar.gz archive using tar -xzf.
untar_unix("/tmp/archive.tar.gz", "/tmp/extracted") // Returns: true or false
diff_unix(file1, file2, output?)
Compare files with diff command.
diff_unix("old.txt", "new.txt") // Returns: diff output
diff_unix("old.txt", "new.txt", "changes.diff") // Writes to file, returns: true or false
sed_string_replace(sed_syntax, source, dest)
String replacement with sed s/old/new/g syntax.
sed_string_replace("s/http/https/g", "{{Output}}/urls.txt", "{{Output}}/urls-fixed.txt")
// Returns: true or false
wget(url, outputPath)
Download file using pure Go (no wget dependency). Supports segmented downloads.
wget("https://example.com/file.zip", "/tmp/file.zip") // Returns: true or false
git_clone_subfolder(git_url, subfolder, dest)
Clone only a specific subfolder from a git repository.
git_clone_subfolder("https://github.com/user/repo.git", "tools/scanner", "/tmp/scanner")
// Returns: true or false
sed_regex_replace(sed_syntax, source, dest)
Regex replacement with sed s/pattern/repl/g syntax.
sed_regex_replace("s/[0-9]+/NUM/g", "{{Output}}/data.txt", "{{Output}}/data-clean.txt")
// Returns: true or false
Archive Functions (Go)
Pure Go implementations for archive operations (no Unix dependencies).
zip_dir(source, dest)
Zip directory using Go’s archive/zip.
zip_dir("{{Output}}", "{{Output}}/archive.zip") // Returns: true or false
unzip_dir(source, dest)
Unzip archive using Go’s archive/zip.
unzip_dir("/tmp/archive.zip", "/tmp/extracted") // Returns: true or false
extract_to("{{Output}}/repo.tar.gz", "{{Output}}/repo") // Returns: true or false
extract_to("{{Output}}/tools.zip", "{{Output}}/tools") // Returns: true or false
Diff Functions
File comparison and diff extraction.
Get lines that are only in file2 (new content).
extract_diff("{{Output}}/old-subs.txt", "{{Output}}/new-subs.txt")
// Returns: "newsub1.example.com\nnewsub2.example.com"
Output Functions
Save content and convert data formats.
save_content(content, path)
Save string content to file.
save_content("Hello World", "{{Output}}/greeting.txt") // Returns: true or false
jsonl_to_csv(source, dest)
Convert JSONL file to CSV.
jsonl_to_csv("{{Output}}/assets.jsonl", "{{Output}}/assets.csv") // Returns: true or false
csv_to_jsonl(source, dest)
Convert CSV file to JSONL.
csv_to_jsonl("{{Output}}/data.csv", "{{Output}}/data.jsonl") // Returns: true or false
jsonl_unique(source, dest, fields)
Deduplicate JSONL by hashing selected fields.
jsonl_unique("{{Output}}/httpx.jsonl", "{{Output}}/httpx-unique.jsonl", ["status", "words", "lines"])
// Returns: true or false
jsonl_filter(source, dest, fields)
Filter JSONL to selected fields only.
jsonl_filter("{{Output}}/httpx.jsonl", "{{Output}}/httpx-filtered.jsonl", "host,status,hash.body_sha256")
// Returns: true or false
jsonl_rename_key(source, dest, mappings)
Rename keys in JSONL records based on a mapping string.
jsonl_rename_key("{{Output}}/data.jsonl", "{{Output}}/renamed.jsonl", "old_key:new_key,host:domain")
// Returns: true or false
URL Processing Functions
URL deduplication and filtering.
interesting_urls(src, dest, json_field?)
Deduplicate URLs by hostname+path+params, filter static files and noise patterns.
// Plain text file
interesting_urls("{{Output}}/all-urls.txt", "{{Output}}/interesting.txt")
// JSONL file with URL in specific field
interesting_urls("{{Output}}/katana.jsonl", "{{Output}}/interesting.jsonl", "url")
// Returns: true or false
get_parent_url(url)
Strip the last path component from a URL.
get_parent_url("https://example.com/api/v1/users") // Returns: "https://example.com/api/v1"
parse_url("https://user:pass@example.com:8080/path?q=1", "%s://%d%p")
// Returns: "https://example.com/path"
parse_url formatting to each line of a file and write results.
parse_url_file("{{Output}}/urls.txt", "%d", "{{Output}}/domains.txt") // Returns: true or false
query_replace(url, value, mode?)
Replace all query parameter values in a URL with a given value.
query_replace("https://example.com/search?q=test&page=1", "FUZZ")
// Returns: "https://example.com/search?q=FUZZ&page=FUZZ"
path_replace(url, value, position?)
Replace a path segment at a given position (or all segments) with a value.
path_replace("https://example.com/api/v1/users", "FUZZ", 2)
// Returns: "https://example.com/api/FUZZ/users"
Markdown Functions
Markdown rendering and conversion.
render_markdown_from_file(path)
Render markdown with terminal styling.
render_markdown_from_file("{{Output}}/report.md") // Returns: rendered markdown string
print_markdown_from_file(path)
Print markdown with syntax highlighting to stdout.
print_markdown_from_file("{{Output}}/summary.md")
convert_jsonl_to_markdown("{{Output}}/assets.jsonl", "{{Output}}/assets.md") // Returns: true or false
convert_csv_to_markdown(path)
Convert CSV to markdown table.
convert_csv_to_markdown("{{Output}}/data.csv") // Returns: markdown table string
render_markdown_report(template_path, output_path)
Render markdown template with osm-func blocks evaluated.
render_markdown_report("{{Templates}}/report.md", "{{Output}}/report.md") // Returns: true or false
generate_security_report(template_path)
Generate security report from template to {{Output}}/security-report.md and register as artifact.
generate_security_report("{{MarkdownTemplates}}/security-report-template.md") // Returns: true or false
Database Functions
Database operations for assets, vulnerabilities, and statistics.
Artifact Registration
register_artifact(path, type?)
Register file as scan artifact.
register_artifact("{{Output}}/nuclei.json", "nuclei") // Returns: true or false
store_artifact(path)
Store file as run artifact for current workspace.
store_artifact("{{Output}}/report.md") // Returns: true or false
Database Updates
db_update(table, key, field, value)
Update database field.
db_update("workspaces", "{{Workspace}}", "status", "completed") // Returns: true or false
Asset Import
db_import_asset(workspace, json)
Import asset from JSON (upsert - update or insert).
db_import_asset("{{Workspace}}", '{"asset_value":"sub.example.com","asset_type":"subdomain"}')
// Returns: true or false
db_raw_insert_asset(workspace, json)
Insert asset from JSON (pure insert, returns ID).
db_raw_insert_asset("{{Workspace}}", '{"asset_value":"api.example.com"}') // Returns: 123 (asset ID)
db_import_asset_from_file(workspace, file_path)
Import assets from JSONL file (httpx format supported).
db_import_asset_from_file("{{Workspace}}", "{{Output}}/httpx.jsonl") // Returns: 42 (count)
db_quick_import_asset(workspace, asset_value, asset_type?)
Quick import a single asset by value with optional type.
db_quick_import_asset("{{Workspace}}", "sub.example.com", "subdomain") // Returns: true or false
db_partial_import_asset(workspace, asset_type, asset_value)
Import a single asset with explicit type.
db_partial_import_asset("{{Workspace}}", "subdomain", "api.example.com") // Returns: true or false
db_partial_import_asset_file(workspace, asset_type, file_path)
Import assets from a plain text file (one per line) with explicit type.
db_partial_import_asset_file("{{Workspace}}", "subdomain", "{{Output}}/subs.txt") // Returns: 150 (count)
db_import_dns_asset(workspace, file_path)
Import DNS record assets from file.
db_import_dns_asset("{{Workspace}}", "{{Output}}/dns-records.jsonl") // Returns: 50 (count)
db_import_custom_asset(workspace, file_path, asset_type?, source?)
Import custom assets from file with optional type and source.
db_import_custom_asset("{{Workspace}}", "{{Output}}/custom.jsonl", "ip", "masscan")
// Returns: {imported: 100, skipped: 5}
Vulnerability Import
db_import_vuln(workspace, json)
Import single vulnerability from JSON (nuclei format).
db_import_vuln("{{Workspace}}", '{"template-id":"cve-2024-1234","info":{"name":"CVE","severity":"high"}}')
// Returns: true or false
db_import_vuln_from_file(workspace, file_path)
Import vulnerabilities from JSONL file (nuclei format).
db_import_vuln_from_file("{{Workspace}}", "{{Output}}/nuclei.jsonl") // Returns: 15 (count)
Statistics Updates (Write)
These functions count lines in a file and update workspace statistics.
db_total_subdomains(path)
db_total_subdomains("{{Output}}/subdomains.txt") // Returns: 150
db_total_urls(path)
db_total_urls("{{Output}}/urls.txt") // Returns: 5000
db_total_assets(path)
db_total_assets("{{Output}}/assets.txt") // Returns: 200
db_total_vulns(path)
db_total_vulns("{{Output}}/vulns.txt") // Returns: 25
db_vuln_critical(path)
db_vuln_critical("{{Output}}/nuclei.json") // Returns: 2
db_vuln_high(path)
db_vuln_high("{{Output}}/nuclei.json") // Returns: 5
db_vuln_medium(path)
db_vuln_medium("{{Output}}/nuclei.json") // Returns: 10
db_vuln_low(path)
db_vuln_low("{{Output}}/nuclei.json") // Returns: 8
db_total_ips(path)
db_total_ips("{{Output}}/ips.txt") // Returns: 50
db_total_links(path)
db_total_links("{{Output}}/links.txt") // Returns: 1000
db_total_content(path)
db_total_content("{{Output}}/content.txt") // Returns: 500
db_total_archive(path)
db_total_archive("{{Output}}/archive.txt") // Returns: 100
Statistics Queries (Read)
These functions read current workspace statistics (no arguments needed).
db_select_total_subdomains()
db_select_total_subdomains() // Returns: 150
db_select_total_urls()
db_select_total_urls() // Returns: 5000
db_select_total_assets()
db_select_total_assets() // Returns: 200
db_select_total_vulns()
db_select_total_vulns() // Returns: 25
db_select_vuln_critical()
db_select_vuln_critical() // Returns: 2
db_select_vuln_high()
db_select_vuln_high() // Returns: 5
db_select_vuln_medium()
db_select_vuln_medium() // Returns: 10
db_select_vuln_low()
db_select_vuln_low() // Returns: 8
Data Selection
Select all assets from workspace.
db_select_assets("{{Workspace}}", "markdown") // Returns: markdown table
db_select_assets("{{Workspace}}", "jsonl") // Returns: JSONL string
db_select_assets_filtered("{{Workspace}}", "200", "subdomain", "jsonl")
// Returns: filtered JSONL
db_select_vulnerabilities("{{Workspace}}", "markdown") // Returns: markdown table
db_select_vulnerabilities_filtered("{{Workspace}}", "critical", "", "jsonl")
// Returns: filtered JSONL
db_select("SELECT * FROM assets WHERE workspace = '{{Workspace}}' LIMIT 10", "markdown")
db_select_to_file(sql_query, dest)
Execute SELECT and write markdown to file.
db_select_to_file("SELECT * FROM assets", "{{Output}}/assets.md") // Returns: true or false
db_select_to_jsonl(sql_query, fields, dest)
Execute SELECT and write JSONL with specified fields.
db_select_to_jsonl("SELECT * FROM assets", "asset_value,status_code", "{{Output}}/assets.jsonl")
// Returns: true or false
Diff Tracking
db_asset_diff(workspace)
Get asset diff as JSONL string (new/changed assets since last scan).
db_asset_diff("{{Workspace}}") // Returns: JSONL string
db_vuln_diff(workspace)
Get vulnerability diff as JSONL string.
db_vuln_diff("{{Workspace}}") // Returns: JSONL string
db_asset_diff_to_file(workspace, dest)
Write asset diff to JSONL file.
db_asset_diff_to_file("{{Workspace}}", "{{Output}}/asset-diff.jsonl") // Returns: true or false
db_vuln_diff_to_file(workspace, dest)
Write vulnerability diff to JSONL file.
db_vuln_diff_to_file("{{Workspace}}", "{{Output}}/vuln-diff.jsonl") // Returns: true or false
Run Status
Query run records for a workspace.
run_status("{{Workspace}}", "markdown") // Returns: markdown table of runs
run_status("{{Workspace}}", "jsonl") // Returns: JSONL string
run_status_by_uuid("abc123-uuid", "markdown") // Returns: markdown table
Event Log Management
db_reset_event_logs(workspace?, topic_pattern?)
Reset (delete) event logs, optionally filtered by workspace and topic pattern.
db_reset_event_logs() // Reset all event logs
db_reset_event_logs("{{Workspace}}") // Reset for specific workspace
db_reset_event_logs("{{Workspace}}", "discovery.*") // Reset matching topic pattern
// Returns: {reset: 42, total: 100}
Runtime Export
runtime_export()
Export scan and workspace state to run-state.json.
runtime_export() // Returns: true or false
Installer Functions
Download and install packages.
go_getter(url, dest)
Download files/repos using go-getter (supports git, http, s3, gcs, etc.).
go_getter("https://github.com/user/repo.git?ref=main", "{{Output}}/repo")
go_getter("s3::https://bucket.s3.amazonaws.com/file.zip", "/tmp/file.zip")
// Returns: true or false
go_getter_with_sshkey(ssh_key_path, git_url, dest)
Clone git repo via SSH with specified key.
go_getter_with_sshkey("~/.ssh/id_rsa", "git@github.com:user/private-repo.git", "{{Output}}/repo")
// Returns: true or false
nix_install(package, dest?)
Install package via Nix package manager.
nix_install("nuclei", "{{Binaries}}") // Returns: true or false
filepath_installer("/tmp/downloads/nuclei", "nuclei", "{{Binaries}}") // Returns: true or false
Environment Functions
Environment variable operations.
os_getenv(name)
Get environment variable.
os_getenv("HOME") // Returns: "/home/user"
os_getenv("API_KEY") // Returns: "secret" or ""
os_setenv(name, value)
Set environment variable.
os_setenv("API_KEY", "new-secret") // Returns: true or false
SARIF Functions
Parse and import SARIF (Static Analysis Results Interchange Format) output from SAST tools.
db_import_sarif(workspace, file_path)
Import vulnerabilities from a SARIF file into the database. Supports Semgrep, Trivy, Kingfisher, Bearer, and other SARIF-producing tools.
db_import_sarif("{{Workspace}}", "{{Output}}/semgrep.sarif")
// Returns: {imported: 15, skipped: 2, errors: 0}
convert_sarif_to_markdown("{{Output}}/scan.sarif", "{{Output}}/findings.md") // Returns: true or false
Nmap/Port Functions
Port scanning and result processing.
Convert nmap XML or gnmap output to JSONL format.
nmap_to_jsonl("{{Output}}/nmap.xml", "{{Output}}/ports.jsonl") // Returns: true or false
run_nmap(target, flags?, output?)
Execute nmap scan and auto-convert results to JSONL.
run_nmap("192.168.1.0/24") // Returns: path to output JSONL
run_nmap("10.0.0.1", "-sV -p 80,443", "{{Output}}/nmap") // Returns: path to output JSONL
db_import_port_assets(workspace, file_path, source?)
Import port scan JSONL into database as IP assets.
db_import_port_assets("{{Workspace}}", "{{Output}}/ports.jsonl", "nmap")
// Returns: {imported: 50, skipped: 0, errors: 0}
Tmux Functions
Manage background processes via tmux sessions.
tmux_run(command, session_name?)
Create a detached tmux session running a command. Auto-generates a bosm-<random8> name if not provided.
tmux_run("nuclei -l targets.txt -o results.txt") // Returns: "bosm-a1b2c3d4" (session name)
tmux_run("long-scan.sh", "my-scan") // Returns: "my-scan"
tmux_capture(session_name)
Capture the current pane output from a tmux session. Pass "all" to capture all sessions.
tmux_capture("my-scan") // Returns: current output as string
tmux_capture("all") // Returns: output from all sessions
tmux_send(session_name, command)
Send keystrokes to a running tmux session.
tmux_send("my-scan", "q") // Returns: true or false
tmux_send("my-scan", "C-c") // Send Ctrl+C
tmux_kill(session_name)
Kill a tmux session.
tmux_kill("my-scan") // Returns: true or false
tmux_list()
List all tmux session names.
tmux_list() // Returns: ["bosm-a1b2c3d4", "my-scan", ...]
SSH/Sync Functions
Remote execution and file synchronization.
ssh_exec(host, command, user?, key_path?, password?, port?)
Execute a command on a remote host via SSH (uses connection pooling).
ssh_exec("10.0.0.1", "whoami") // Returns: "root"
ssh_exec("10.0.0.1", "ls /opt", "admin", "~/.ssh/id_rsa", "", 22) // Returns: command output
ssh_rsync(host, src, dest, user?, key_path?, password?, port?)
Copy files to/from a remote host via rsync over SSH.
ssh_rsync("10.0.0.1", "{{Output}}/results/", "/tmp/results/", "admin", "~/.ssh/id_rsa")
// Returns: true or false
sync_from_master(src, dest)
Pull files from the master node. Falls back to local copy if not in distributed mode.
sync_from_master("{{BaseFolder}}/wordlists/", "{{Output}}/wordlists/") // Returns: true or false
sync_from_worker(identifier, ip, src, dest)
Sync files from a specific worker node.
sync_from_worker("wosm-abc123", "10.0.0.2", "/tmp/results/", "{{Output}}/worker-results/")
// Returns: true or false
rsync_to_worker(identifier, ip, src, dest)
Push files to a specific worker node.
rsync_to_worker("wosm-abc123", "10.0.0.2", "{{Output}}/config/", "/tmp/config/")
// Returns: true or false
Script Execution Functions
Execute Python and TypeScript code from workflows.
exec_python(code)
Run inline Python code. Prefers uv → python3 → python.
exec_python('import json; print(json.dumps({"status": "ok"}))') // Returns: '{"status": "ok"}'
exec_python_file(path)
Run a Python file. Prefers uv → python3 → python.
exec_python_file("{{Output}}/scripts/analyze.py") // Returns: script stdout
exec_ts(code)
Run inline TypeScript code via bun -e.
exec_ts('console.log("Hello from TypeScript")') // Returns: "Hello from TypeScript"
exec_ts_file(path)
Run a TypeScript file via bun run.
exec_ts_file("{{Output}}/scripts/process.ts") // Returns: script stdout
LLM Functions
Invoke LLM models from workflows.
llm_invoke(message)
Send a simple message to the configured LLM and return the response.
llm_invoke("Summarize these findings: " + read_file("{{Output}}/results.txt"))
// Returns: LLM response as string
llm_invoke_custom(message, body_json)
Send a message with a custom POST body template. Use {{message}} as placeholder in the body.
llm_invoke_custom("Analyze this", '{"model": "gpt-4", "messages": [{"role": "user", "content": "{{message}}"}]}')
// Returns: LLM response as string
llm_conversations(msg1, msg2, …)
Multi-turn LLM conversation. Messages use "role:content" format.
llm_conversations("system:You are a security analyst", "user:What is XSS?")
// Returns: LLM response as string
Agent/Distributed Functions
Run ACP agents and distribute execution across nodes.
run_agent(message, agent_name?)
Run an ACP agent and return its output. Defaults to claude-code.
run_agent("Analyze the scan results in {{Output}}") // Returns: agent output
run_agent("Review this code", "codex") // Returns: agent output
run_on_master(action, …args)
Execute a function or command on the master node via Redis.
run_on_master("func", 'db_import_sarif("ws", "/path/to/file.sarif")') // Returns: true or false
run_on_worker(scope, action, …args)
Execute a function or command on worker nodes.
run_on_worker("all", "func", 'log_info("hello from workers")') // Returns: true or false
Module Control Functions
Control module execution flow.
skip(message?)
Abort remaining steps in the current module. The flow continues to the next module.
skip("No targets found, skipping module") // Raises SkipModuleError
skip() // Skip without message
run_module(module, target, params?)
Run an osmedeus module programmatically.
run_module("subdomain", "example.com") // Returns: execution output
run_module("portscan", "example.com", "threads=20") // With custom params
run_flow(flow, target, params?)
Run an osmedeus flow programmatically.
run_flow("general", "example.com") // Returns: execution output
run_flow("recon", "example.com", "threads=10") // With custom params
Snapshot Functions
Workspace export and import as compressed ZIP archives.
snapshot_export(workspace, dest?)
Export a workspace as a ZIP archive. Returns the path to the created file.
snapshot_export("{{Workspace}}") // Returns: "/path/to/snapshot.zip"
snapshot_export("{{Workspace}}", "/tmp/backup.zip") // Returns: "/tmp/backup.zip"
snapshot_import(source)
Import a workspace from a ZIP file or URL. Returns the workspace name.
snapshot_import("/tmp/snapshot.zip") // Returns: "example.com"
snapshot_import("https://example.com/snapshot.zip") // Returns: "example.com"
Authentication Functions
System authentication operations.
sudo_auth(password?, keepalive?)
Authenticate sudo credentials and optionally keep them alive for the session.
sudo_auth() // Prompt for password
sudo_auth("mypassword", true) // Authenticate and keep credentials alive
// Returns: true or false
Usage Examples
Conditional Execution
- name: scan-if-hosts
type: bash
pre_condition: 'file_length("{{Output}}/hosts.txt") > 0 && file_exists("{{Output}}/hosts.txt")'
command: nuclei -l {{Output}}/hosts.txt
Chain Functions
- name: process
type: function
functions:
- log_info("Starting processing")
- save_content("processing", "{{Output}}/status.txt")
- log_info("Processing complete")
Export Results
- name: count
type: function
function: file_length("{{Output}}/results.txt")
exports:
result_count: "{{result}}"
- name: report
type: function
function: log_info("Found " + result_count + " results")
Decision Based on Function
- name: check-size
type: function
function: file_length("{{Output}}/data.txt")
exports:
size: "{{result}}"
decision:
switch: "{{size}}"
cases:
"0": { goto: no-data }
default: { goto: process-data }
HTTP API Integration
- name: submit-results
type: function
function: |
http_post("https://api.example.com/results",
'{"target": "{{Target}}", "count": ' + result_count + '}')
Event Generation
- name: emit-discoveries
type: function
functions:
- generate_event_from_file("{{Workspace}}", "discovery", "amass", "subdomain", "{{Output}}/subdomains.txt")
- log_info("Emitted subdomain discovery events")
Database Reporting
- name: generate-report
type: function
functions:
- save_content("# Vulnerability Report\n\n", "{{Output}}/report.md")
- append_file("{{Output}}/report.md", db_select_vulnerabilities("{{Workspace}}", "markdown"))
- log_info("Report generated at {{Output}}/report.md")
CLI Testing
# Test file functions
osmedeus func e 'file_exists("/etc/passwd")'
osmedeus func e 'file_length("/etc/hosts")'
# Test string functions
osmedeus func e 'trim(" hello ")'
osmedeus func e 'split("a,b,c", ",")'
# Test with target
osmedeus func e 'log_info("Target: " + target)' -t example.com
# Test JSON
osmedeus func e 'jq("{\"a\":1}", ".a")'
# Test event generation
osmedeus func e 'generate_event("test-workspace", "test.topic", "cli", "test", "data")'
# Bulk processing
osmedeus func e 'log_info("Processing: " + target)' -T targets.txt -c 10
# List functions
osmedeus func list -s "file"
osmedeus func list -s "event" --example
Next Steps
