Documentation Index
Fetch the complete documentation index at: https://docs.osmedeus.org/llms.txt
Use this file to discover all available pages before exploring further.
REST API Reference
The Osmedeus server provides a REST API for managing workflows, runs, and assets. Start the server with:
osmedeus server --port 8080
Authentication
All endpoints require bearer token authentication:
curl -H "Authorization: Bearer <your_token>" http://localhost:8080/osm/api/...
Endpoints Overview
| Category | Base Path | Description |
|---|
| Runs | /osm/api/runs | Manage workflow executions |
| Workflows | /osm/api/workflows | List and query workflows |
| Schedules | /osm/api/schedules | Manage scheduled triggers |
| Assets | /osm/api/assets | Query discovered assets |
| Vulnerabilities | /osm/api/vulnerabilities | Query vulnerabilities |
| Workspaces | /osm/api/workspaces | Manage workspaces |
| Functions | /osm/api/functions | Execute utility functions |
| Snapshots | /osm/api/snapshots | Export/import workspaces |
| LLM | /osm/api/llm | LLM chat/embeddings |
| Install | /osm/api/install | Binary management |
| Step Results | /osm/api/step-results | Query step execution results |
Runs
Create Run
Start a new workflow execution.
Request Body:
{
"workflow": "general",
"target": "example.com",
"params": {
"threads": "20"
}
}
{
"data": {
"run_id": "run-abc123",
"status": "running",
"workflow": "general",
"target": "example.com",
"started_at": "2025-01-15T10:00:00Z"
}
}
List Runs
GET /osm/api/runs
GET /osm/api/runs?status=running
GET /osm/api/runs?workspace=example_com
| Parameter | Description |
|---|
status | Filter by status (pending, running, completed, failed) |
workspace | Filter by workspace name |
limit | Maximum results (default: 50) |
offset | Pagination offset |
Get Run
GET /osm/api/runs/:run_id
Get Run Steps
GET /osm/api/runs/:run_id/steps
Get Run Artifacts
GET /osm/api/runs/:run_id/artifacts
Cancel Run
POST /osm/api/runs/:run_id/cancel
Workflows
List Workflows
GET /osm/api/workflows
GET /osm/api/workflows?kind=module
GET /osm/api/workflows?tags=recon,fast
| Parameter | Description |
|---|
kind | Filter by kind (module, flow, fragment) |
tags | Filter by tags (comma-separated) |
{
"data": [
{
"name": "subdomain-enum",
"kind": "module",
"description": "Enumerate subdomains",
"tags": ["recon", "subdomain"],
"params": [
{"name": "threads", "default": "10", "required": false}
]
}
]
}
Get Workflow
GET /osm/api/workflows/:name
GET /osm/api/workflows/tags
{
"tags": ["recon", "subdomain", "fast", "vuln", "scan"],
"count": 5
}
Refresh Workflow Index
Re-index all workflows from filesystem to database.
POST /osm/api/workflows/refresh
POST /osm/api/workflows/refresh?force=true
| Parameter | Required | Description |
|---|
force | No | Force re-index all workflows regardless of checksum |
{
"message": "Workflows indexed successfully",
"added": 5,
"updated": 2,
"removed": 1,
"errors": []
}
Schedules
List Schedules
Create Schedule
Request Body:
{
"name": "daily-scan",
"workflow": "general",
"target": "example.com",
"trigger_type": "cron",
"schedule": "0 2 * * *",
"enabled": true,
"params": {
"threads": "10"
}
}
Get Schedule
GET /osm/api/schedules/:id
Update Schedule
PUT /osm/api/schedules/:id
Delete Schedule
DELETE /osm/api/schedules/:id
Enable/Disable Schedule
POST /osm/api/schedules/:id/enable
POST /osm/api/schedules/:id/disable
Trigger Schedule
Execute a scheduled workflow immediately.
POST /osm/api/schedules/:id/trigger
Assets
List Assets
GET /osm/api/assets
GET /osm/api/assets?workspace=example_com
GET /osm/api/assets?asset_type=subdomain
GET /osm/api/assets?status_code=200
| Parameter | Description |
|---|
workspace | Filter by workspace |
asset_type | Filter by type (subdomain, url, ip, etc.) |
status_code | Filter by HTTP status code |
limit | Maximum results (default: 100) |
offset | Pagination offset |
Get Asset
Asset Diff
Compare assets between two time points to identify changes.
GET /osm/api/assets/diff?workspace=example_com&from=2025-01-01T00:00:00Z&to=2025-01-15T00:00:00Z
| Parameter | Required | Description |
|---|
workspace | Yes | Workspace name |
from | Yes | Start time (RFC3339 or Unix timestamp) |
to | No | End time (default: now) |
- RFC3339:
2025-01-15T10:00:00Z
- Unix timestamp:
1705312800
- Date only:
2025-01-15
- DateTime:
2025-01-15 10:00:00
Response:
{
"data": {
"workspace_name": "example_com",
"from_time": "2025-01-01T00:00:00Z",
"to_time": "2025-01-15T00:00:00Z",
"added": [
{
"id": 123,
"asset_value": "new.example.com",
"asset_type": "subdomain",
"url": "https://new.example.com",
"status_code": 200,
"created_at": "2025-01-10T12:00:00Z"
}
],
"removed": [
{
"id": 45,
"asset_value": "old.example.com",
"asset_type": "subdomain",
"last_seen_at": "2024-12-20T00:00:00Z"
}
],
"changed": [
{
"asset_id": 67,
"asset_value": "api.example.com",
"url": "https://api.example.com",
"changes": [
{
"field": "status_code",
"old_value": 200,
"new_value": 301
}
]
}
],
"summary": {
"total_added": 5,
"total_removed": 2,
"total_changed": 3
}
}
}
Vulnerabilities
List Vulnerabilities
GET /osm/api/vulnerabilities
GET /osm/api/vulnerabilities?workspace=example_com
GET /osm/api/vulnerabilities?severity=critical
| Parameter | Description |
|---|
workspace | Filter by workspace |
severity | Filter by severity (critical, high, medium, low, info) |
asset_value | Filter by asset |
limit | Maximum results (default: 100) |
offset | Pagination offset |
Get Vulnerability
GET /osm/api/vulnerabilities/:id
Vulnerability Diff
Compare vulnerabilities between two time points.
GET /osm/api/vulnerabilities/diff?workspace=example_com&from=2025-01-01T00:00:00Z
| Parameter | Required | Description |
|---|
workspace | Yes | Workspace name |
from | Yes | Start time (RFC3339 or Unix timestamp) |
to | No | End time (default: now) |
{
"data": {
"workspace_name": "example_com",
"from_time": "2025-01-01T00:00:00Z",
"to_time": "2025-01-15T00:00:00Z",
"added": [
{
"id": 789,
"vuln_info": "CVE-2025-1234",
"asset_value": "api.example.com",
"severity": "critical",
"template_id": "CVE-2025-1234",
"created_at": "2025-01-12T08:00:00Z"
}
],
"removed": [],
"changed": [],
"summary": {
"total_added": 1,
"total_removed": 0,
"total_changed": 0
}
}
}
Workspaces
List Workspaces
Get Workspace
GET /osm/api/workspaces/:name
Delete Workspace
DELETE /osm/api/workspaces/:name
Functions
Execute Function
Execute a utility function.
POST /osm/api/functions/execute
{
"expression": "fileLength('{{Output}}/subdomains.txt')",
"context": {
"Output": "/workspaces/example_com"
}
}
{
"data": {
"result": 1234
}
}
List Functions
GET /osm/api/functions
GET /osm/api/functions?category=file
Snapshots
List Snapshots
Export Snapshot
POST /osm/api/snapshots/export
{
"workspace": "example_com",
"include_artifacts": true
}
Import Snapshot
POST /osm/api/snapshots/import
LLM
Chat Completions
OpenAI-compatible chat completions endpoint.
POST /osm/api/llm/chat/completions
{
"model": "gpt-4",
"messages": [
{"role": "system", "content": "You are a security analyst."},
{"role": "user", "content": "Analyze this finding..."}
],
"temperature": 0.7,
"max_tokens": 2000
}
Embeddings
POST /osm/api/llm/embeddings
{
"model": "text-embedding-ada-002",
"input": ["text to embed"]
}
Install
List Binary Registry
GET /osm/api/install/registry
GET /osm/api/install/registry?method=nix
GET /osm/api/install/registry?method=direct
Check Binary Status
GET /osm/api/install/status/:binary_name
Install Binary
POST /osm/api/install/binary
{
"name": "nuclei",
"method": "nix"
}
Event Logs
List Events
GET /osm/api/events
GET /osm/api/events?topic=assets.new
GET /osm/api/events?run_id=run-abc123
| Parameter | Description |
|---|
topic | Filter by event topic |
run_id | Filter by run ID |
from | Start time filter |
to | End time filter |
limit | Maximum results |
Step Results
List Step Results
Query step execution results with filtering and pagination.
GET /osm/api/step-results
GET /osm/api/step-results?workspace=example_com
GET /osm/api/step-results?status=completed
GET /osm/api/step-results?run_id=123
| Parameter | Description |
|---|
workspace | Filter by workspace name |
status | Filter by status (pending, running, completed, failed) |
step_type | Filter by step type (bash, function, etc.) |
run_id | Filter by run ID |
offset | Pagination offset (default: 0) |
limit | Maximum results (default: 20, max: 10000) |
{
"data": [
{
"id": 123,
"step_name": "subfinder",
"step_type": "bash",
"status": "completed",
"run_id": 456,
"workspace": "example_com",
"started_at": "2025-01-15T10:00:00Z",
"completed_at": "2025-01-15T10:05:00Z"
}
],
"pagination": {
"total": 100,
"offset": 0,
"limit": 20
}
}
Health
Health Check
Response:
{
"status": "healthy",
"version": "5.0.0",
"database": "connected",
"workflows_loaded": 42
}
Error Responses
All error responses follow this format:
{
"error": true,
"message": "Error description"
}
| Code | Description |
|---|
| 400 | Bad Request - Invalid parameters |
| 401 | Unauthorized - Missing or invalid token |
| 404 | Not Found - Resource doesn’t exist |
| 500 | Internal Server Error - Server error |
