File Functions
Operations on files and directories.file_exists(path)
Check if a file exists.file_length(path)
Count non-empty lines in a file.dir_length(path)
Count entries in a directory.file_contains(path, pattern)
Check if file contains a pattern.regex_extract(path, pattern)
Extract lines matching a regex from file.read_file(path)
Read entire file contents.read_lines(path)
Read file as array of lines.remove_file(path)
Delete a file.remove_folder(path)
Delete folder recursively.rm_rf(path)
Delete file or folder recursively (likerm -rf).
remove_all_except(folder, keep_file)
Remove everything under folder except the specified file.create_folder(path)
Create folder recursively (likemkdir -p).
append_file(dest, source)
Append source file content to destination file.move_file(source, dest)
Move file from source to destination.glob(pattern)
List filenames matching glob pattern.grep_string_to_file(dest, source, str)
Write lines containing string to destination file.grep_regex_to_file(dest, source, pattern)
Write lines matching regex to destination file.grep_string(source, str)
Return lines containing string.grep_regex(source, pattern)
Return lines matching regex.remove_blank_lines(path)
Remove blank lines from file in-place.chunk_file(input, lines_per_chunk, output)
Split a file into chunks of N lines each, writing numbered output files.cut_to_file(input_file, delim, field, output_file)
Extract a specific field from each line using a delimiter and write results to a file.String Functions
String manipulation operations.trim(str)
Remove leading/trailing whitespace.split(str, delim)
Split string by delimiter into array.join(arr, delim)
Join array elements with delimiter.replace(str, old, new)
Replace all occurrences of old with new.contains(str, substr)
Check if string contains substring.starts_with(str, prefix)
Check if string starts with prefix.ends_with(str, suffix)
Check if string ends with suffix.to_lower_case(str)
Convert to lowercase.to_upper_case(str)
Convert to uppercase.match(str, pattern)
Check if string matches regex pattern.regex_match(pattern, str)
Check if string matches regex (pattern first).cut_with_delim(input, delim, field)
Extract field by delimiter (1-indexed, likecut).
normalize_path(input)
Replace special characters (/ | : etc.) with underscore.normal_path(input)
Normalize to path-friendly format (same as{{TargetSpace}}).
clean_sub(path, target?)
Clean and deduplicate subdomains in file, optionally filter by target domain.trim_left(input, substring)
Trim a substring from the left/start of a string.trim_right(input, substring)
Trim a substring from the right/end of a string.trim_string(input, substring)
Trim a substring from both ends of a string.cut_space(input, field)
Split string by whitespace and extract field (1-indexed).get_target_space(input)
Sanitize and truncate input for use as a workspace-safe target name (same as{{TargetSpace}}).
pick_valid(v1, v2, …, v10)
Return the first non-empty value from the given arguments (up to 10).cut is an alias for cut_with_delim. bash is an alias for exec_cmd.
Type Conversion Functions
Convert between data types.parse_int(str)
Parse string to integer.parse_float(str)
Parse string to float.to_string(val)
Convert value to string.to_boolean(val)
Convert value to boolean.Type Detection Functions
Detect input types.get_types(input)
Detect input type: file, folder, cidr, ip, url, domain, or string.is_file(path)
Check if path is an existing file.is_dir(path)
Check if path is an existing directory.is_git(path)
Check if path is inside a git repository.is_url(input)
Check if input is a valid URL.is_compress(path)
Check if path is a compressed archive file (.zip, .tar.gz, .tgz, etc.).detect_language(path)
Detect the dominant programming language of a source folder (supports 26+ languages).Utility Functions
General utility operations.len(val)
Get length of string or array.is_empty(val)
Check if value is empty.is_not_empty(val)
Check if value is not empty.printf(message)
Print message to stdout.cat_file(path)
Print file contents to stdout.exit(code)
Exit the scan with specified code.exec_cmd(command)
Execute bash command and return output.sleep(seconds)
Pause execution for n seconds.command_exists(command)
Check if command exists in PATH.Logging Functions
Log messages with level prefixes.log_debug(message)
Log debug message with[DEBUG] prefix.
log_info(message)
Log info message with[INFO] prefix.
log_warn(message)
Log warning message with[WARN] prefix.
log_error(message)
Log error message with[ERROR] prefix.
Color Printing Functions
Print messages with colored output.print_green(message)
Print message in green color.print_blue(message)
Print message in blue color.print_yellow(message)
Print message in yellow color.print_red(message)
Print message in red color.Runtime Variable Functions
Set and get variables at runtime.set_var(name, value)
Set a runtime variable for later retrieval.get_var(name)
Get a runtime variable value.HTTP Functions
HTTP requests and network operations.http_request(url, method, headers, body)
Make HTTP request with full control.http_get(url)
HTTP GET request with structured response.http_post(url, body)
HTTP POST request with structured response.get_ip(domain_or_url)
Resolve domain or URL to IP address.Generation Functions
Generate random values.random_string(length)
Generate random alphanumeric string.uuid()
Generate UUID v4.Encoding Functions
Encode and decode data.base64_encode(str)
Encode string to base64.base64_decode(str)
Decode base64 string.Data Query Functions
Query structured data.jq(jsonData, query)
Extract data using jq syntax.jq_from_file(path, query)
Extract data using jq from JSON file.Notification Functions
Send notifications via various channels.notify_telegram(message)
Send message to configured Telegram chat.send_telegram_file(path, caption?)
Send file to Telegram with optional caption.notify_webhook(message)
Send message to all configured webhooks.send_webhook_event(eventType, data)
Send structured event to all webhooks.notify_telegram_channel(channel, message)
Send message to a specific Telegram channel.send_telegram_file_channel(channel, path, caption?)
Send file to a specific Telegram channel with optional caption.notify_message_as_file_telegram(path)
Send file content as a text file to Telegram.notify_message_as_file_telegram_channel(channel, path)
Send file content as a text file to a specific Telegram channel.Event Generation Functions
Generate structured events for the event system.generate_event(workspace, topic, source, data_type, data)
Generate a structured event and send to server/webhooks.workspace- Workspace name (required, use{{Workspace}})topic- Event category (e.g., “discovery”, “vulnerability”)source- Origin of the event (e.g., “amass”, “nuclei”)data_type- Type of data (e.g., “domain”, “url”, “finding”)data- The actual data payload (string or object)
generate_event_from_file(workspace, topic, source, data_type, path)
Read a file and generate an event for each non-empty line.workspace- Workspace name (required)topic- Event categorysource- Origin of the eventdata_type- Type of datapath- Path to file (one item per line)
CDN/Storage Functions
Cloud storage operations (S3-compatible).cdn_upload(localPath, remotePath)
Upload file to cloud storage.cdn_download(remotePath, localPath)
Download file from cloud storage.cdn_exists(remotePath)
Check if file exists in cloud storage.cdn_delete(remotePath)
Delete file from cloud storage.cdn_sync_upload(localDir, remotePrefix)
Sync local directory to cloud storage (delta upload).cdn_sync_download(remotePrefix, localDir)
Sync cloud storage to local directory (delta download).cdn_get_presigned_url(remotePath, expiryMins?)
Generate presigned URL for file access.cdn_list(prefix?)
List files with metadata from cloud storage.cdn_stat(remotePath)
Get file metadata from cloud storage.cdn_read(remotePath)
Read file content from cloud storage and return as string.cdn_ls_tree(prefix?, depth?)
List cloud storage contents in a tree-like format.Unix Command Wrappers
Wrappers around common Unix commands.sort_unix(input, output?)
Sort file withLC_ALL=C sort -u (in-place if no output specified).
wget_unix(url, output?)
Download file with wget.git_clone(repo, dest?)
Clone git repository (shallow clone).zip_unix(source, dest)
Create zip archive usingzip -r.
unzip_unix(source, dest?)
Extract zip archive usingunzip.
tar_unix(source, dest)
Create tar.gz archive usingtar -czf.
untar_unix(source, dest?)
Extract tar.gz archive usingtar -xzf.
diff_unix(file1, file2, output?)
Compare files with diff command.sed_string_replace(sed_syntax, source, dest)
String replacement with seds/old/new/g syntax.
wget(url, outputPath)
Download file using pure Go (no wget dependency). Supports segmented downloads.git_clone_subfolder(git_url, subfolder, dest)
Clone only a specific subfolder from a git repository.sed_regex_replace(sed_syntax, source, dest)
Regex replacement with seds/pattern/repl/g syntax.
Archive Functions (Go)
Pure Go implementations for archive operations (no Unix dependencies).zip_dir(source, dest)
Zip directory using Go’s archive/zip.unzip_dir(source, dest)
Unzip archive using Go’s archive/zip.extract_to(source, dest)
Auto-detect archive format (.zip, .tar.gz, .tar.bz2, .tar.xz, .tgz) and extract. Removes destination directory first if it exists.Diff Functions
File comparison and diff extraction.extract_diff(file1, file2)
Get lines that are only in file2 (new content).Output Functions
Save content and convert data formats.save_content(content, path)
Save string content to file.jsonl_to_csv(source, dest)
Convert JSONL file to CSV.csv_to_jsonl(source, dest)
Convert CSV file to JSONL.jsonl_unique(source, dest, fields)
Deduplicate JSONL by hashing selected fields.jsonl_filter(source, dest, fields)
Filter JSONL to selected fields only.jsonl_rename_key(source, dest, mappings)
Rename keys in JSONL records based on a mapping string.URL Processing Functions
URL deduplication and filtering.interesting_urls(src, dest, json_field?)
Deduplicate URLs by hostname+path+params, filter static files and noise patterns.get_parent_url(url)
Strip the last path component from a URL.parse_url(url, format)
Parse a URL and format output using directives (similar to unfurl).parse_url_file(input, format, output)
Applyparse_url formatting to each line of a file and write results.
query_replace(url, value, mode?)
Replace all query parameter values in a URL with a given value.path_replace(url, value, position?)
Replace a path segment at a given position (or all segments) with a value.Markdown Functions
Markdown rendering and conversion.render_markdown_from_file(path)
Render markdown with terminal styling.print_markdown_from_file(path)
Print markdown with syntax highlighting to stdout.convert_jsonl_to_markdown(input_path, output_path)
Convert JSONL to markdown table and write to file.convert_csv_to_markdown(path)
Convert CSV to markdown table.render_markdown_report(template_path, output_path)
Render markdown template withosm-func blocks evaluated.
generate_security_report(template_path)
Generate security report from template to{{Output}}/security-report.md and register as artifact.
Database Functions
Database operations for assets, vulnerabilities, and statistics.Artifact Registration
register_artifact(path, type?)
Register file as scan artifact.store_artifact(path)
Store file as run artifact for current workspace.Database Updates
db_update(table, key, field, value)
Update database field.Asset Import
db_import_asset(workspace, json)
Import asset from JSON (upsert - update or insert).db_raw_insert_asset(workspace, json)
Insert asset from JSON (pure insert, returns ID).db_import_asset_from_file(workspace, file_path)
Import assets from JSONL file (httpx format supported).db_quick_import_asset(workspace, asset_value, asset_type?)
Quick import a single asset by value with optional type.db_partial_import_asset(workspace, asset_type, asset_value)
Import a single asset with explicit type.db_partial_import_asset_file(workspace, asset_type, file_path)
Import assets from a plain text file (one per line) with explicit type.db_import_dns_asset(workspace, file_path)
Import DNS record assets from file.db_import_custom_asset(workspace, file_path, asset_type?, source?)
Import custom assets from file with optional type and source.Vulnerability Import
db_import_vuln(workspace, json)
Import single vulnerability from JSON (nuclei format).db_import_vuln_from_file(workspace, file_path)
Import vulnerabilities from JSONL file (nuclei format).Statistics Updates (Write)
These functions count lines in a file and update workspace statistics.db_total_subdomains(path)
db_total_urls(path)
db_total_assets(path)
db_total_vulns(path)
db_vuln_critical(path)
db_vuln_high(path)
db_vuln_medium(path)
db_vuln_low(path)
db_total_ips(path)
db_total_links(path)
db_total_content(path)
db_total_archive(path)
Statistics Queries (Read)
These functions read current workspace statistics (no arguments needed).db_select_total_subdomains()
db_select_total_urls()
db_select_total_assets()
db_select_total_vulns()
db_select_vuln_critical()
db_select_vuln_high()
db_select_vuln_medium()
db_select_vuln_low()
Data Selection
db_select_assets(workspace, format)
Select all assets from workspace.db_select_assets_filtered(workspace, status_code, asset_type, format)
Select assets with filters.db_select_vulnerabilities(workspace, format)
Select all vulnerabilities from workspace.db_select_vulnerabilities_filtered(workspace, severity, asset_value, format)
Select vulnerabilities with filters.db_select(sql_query, format)
Execute SELECT query with format.db_select_to_file(sql_query, dest)
Execute SELECT and write markdown to file.db_select_to_jsonl(sql_query, fields, dest)
Execute SELECT and write JSONL with specified fields.Diff Tracking
db_asset_diff(workspace)
Get asset diff as JSONL string (new/changed assets since last scan).db_vuln_diff(workspace)
Get vulnerability diff as JSONL string.db_asset_diff_to_file(workspace, dest)
Write asset diff to JSONL file.db_vuln_diff_to_file(workspace, dest)
Write vulnerability diff to JSONL file.Run Status
run_status(workspace, format)
Query run records for a workspace.run_status_by_uuid(uuid, format)
Query a specific run by UUID.Event Log Management
db_reset_event_logs(workspace?, topic_pattern?)
Reset (delete) event logs, optionally filtered by workspace and topic pattern.Runtime Export
runtime_export()
Export scan and workspace state torun-state.json.
Installer Functions
Download and install packages.go_getter(url, dest)
Download files/repos using go-getter (supports git, http, s3, gcs, etc.).go_getter_with_sshkey(ssh_key_path, git_url, dest)
Clone git repo via SSH with specified key.nix_install(package, dest?)
Install package via Nix package manager.filepath_installer(local_path, tool_name, dest?)
Install a binary from a local file path by copying it to the destination.Environment Functions
Environment variable operations.os_getenv(name)
Get environment variable.os_setenv(name, value)
Set environment variable.SARIF Functions
Parse and import SARIF (Static Analysis Results Interchange Format) output from SAST tools.db_import_sarif(workspace, file_path)
Import vulnerabilities from a SARIF file into the database. Supports Semgrep, Trivy, Kingfisher, Bearer, and other SARIF-producing tools.convert_sarif_to_markdown(input_path, output_path)
Convert SARIF file to readable markdown tables.Nmap/Port Functions
Port scanning and result processing.nmap_to_jsonl(input_path, output_path)
Convert nmap XML or gnmap output to JSONL format.run_nmap(target, flags?, output?)
Execute nmap scan and auto-convert results to JSONL.db_import_port_assets(workspace, file_path, source?)
Import port scan JSONL into database as IP assets.Tmux Functions
Manage background processes via tmux sessions.tmux_run(command, session_name?)
Create a detached tmux session running a command. Auto-generates abosm-<random8> name if not provided.
tmux_capture(session_name)
Capture the current pane output from a tmux session. Pass"all" to capture all sessions.
tmux_send(session_name, command)
Send keystrokes to a running tmux session.tmux_kill(session_name)
Kill a tmux session.tmux_list()
List all tmux session names.SSH/Sync Functions
Remote execution and file synchronization.ssh_exec(host, command, user?, key_path?, password?, port?)
Execute a command on a remote host via SSH (uses connection pooling).ssh_rsync(host, src, dest, user?, key_path?, password?, port?)
Copy files to/from a remote host via rsync over SSH.sync_from_master(src, dest)
Pull files from the master node. Falls back to local copy if not in distributed mode.sync_from_worker(identifier, ip, src, dest)
Sync files from a specific worker node.rsync_to_worker(identifier, ip, src, dest)
Push files to a specific worker node.Script Execution Functions
Execute Python and TypeScript code from workflows.exec_python(code)
Run inline Python code. Prefersuv → python3 → python.
exec_python_file(path)
Run a Python file. Prefersuv → python3 → python.
exec_ts(code)
Run inline TypeScript code viabun -e.
exec_ts_file(path)
Run a TypeScript file viabun run.
LLM Functions
Invoke LLM models from workflows.llm_invoke(message)
Send a simple message to the configured LLM and return the response.llm_invoke_custom(message, body_json)
Send a message with a custom POST body template. Use{{message}} as placeholder in the body.
llm_conversations(msg1, msg2, …)
Multi-turn LLM conversation. Messages use"role:content" format.
Agent/Distributed Functions
Run ACP agents and distribute execution across nodes.run_agent(message, agent_name?)
Run an ACP agent and return its output. Defaults toclaude-code.
run_on_master(action, …args)
Execute a function or command on the master node via Redis.run_on_worker(scope, action, …args)
Execute a function or command on worker nodes.Module Control Functions
Control module execution flow.skip(message?)
Abort remaining steps in the current module. The flow continues to the next module.run_module(module, target, params?)
Run an osmedeus module programmatically.run_flow(flow, target, params?)
Run an osmedeus flow programmatically.Snapshot Functions
Workspace export and import as compressed ZIP archives.snapshot_export(workspace, dest?)
Export a workspace as a ZIP archive. Returns the path to the created file.snapshot_import(source)
Import a workspace from a ZIP file or URL. Returns the workspace name.Authentication Functions
System authentication operations.sudo_auth(password?, keepalive?)
Authenticate sudo credentials and optionally keep them alive for the session.Usage Examples
Conditional Execution
Chain Functions
Export Results
Decision Based on Function
HTTP API Integration
Event Generation
Database Reporting
CLI Testing
Next Steps
- Functions Overview - How to use functions in workflows
- Step Types - Function steps
- Control Flow - Conditions and decisions