Variables and Exports - Osmedeus Docs

Manage data flow between steps using parameters and exports.

Parameters

Defining Parameters

params:
  - name: target
    required: true
    description: Target domain

  - name: threads
    default: "10"
    description: Thread count

  - name: wordlist
    default: "{{Data}}/wordlists/common.txt"

Using Parameters

steps:
  - name: scan
    type: bash
    command: subfinder -d {{target}} -t {{threads}} -w {{wordlist}}

Passing Parameters

# Single parameter
osmedeus run -m scan -t example.com -p 'threads=20'

# Multiple parameters
osmedeus run -m scan -t example.com -p 'threads=20' -p 'wordlist=/path/list.txt'

# From file
osmedeus run -m scan -t example.com -P params.yaml

Exports

Exports pass values from one step to the next.

Basic Export

steps:
  - name: count-lines
    type: bash
    command: wc -l {{Output}}/hosts.txt | cut -d' ' -f1
    exports:
      host_count: "{{stdout}}"

  - name: log-count
    type: function
    function: log_info("Found {{host_count}} hosts")

Export Sources

Source	Description
`{{stdout}}`	Command standard output
`{{stderr}}`	Command standard error
`{{exit_code}}`	Command exit code
`{{http_status_code}}`	HTTP response status
`{{http_response_body}}`	HTTP response body
`{{llm_response}}`	LLM chat response

HTTP Exports

- name: api-call
  type: http
  url: "https://api.example.com/data"
  method: GET
  exports:
    response_data: "{{http_response_body}}"
    status: "{{http_status_code}}"

- name: process
  type: function
  function: log_info("Status: {{status}}, Data: {{response_data}}")

Function Exports

- name: read-file
  type: function
  function: readFile("{{Output}}/data.txt")
  exports:
    file_content: "{{result}}"

- name: use-content
  type: bash
  command: echo "Content: {{file_content}}"

Variable Scope

Step-Level Scope

Exports are available to all subsequent steps:

steps:
  - name: step1
    type: bash
    command: echo "value1"
    exports:
      var1: "{{stdout}}"

  - name: step2
    type: bash
    command: echo "value2"
    exports:
      var2: "{{stdout}}"

  - name: step3
    type: bash
    command: echo "{{var1}} and {{var2}}"  # Both available

Foreach Variable Scope

Loop variables use [[]] syntax and are only available inside the loop:

- name: process-hosts
  type: foreach
  input: "{{Output}}/hosts.txt"
  variable: host
  step:
    name: scan
    type: bash
    command: nmap [[host]] -o {{Output}}/nmap-[[host]].txt
    # [[host]] = current iteration value
    # {{Output}} = regular template variable

Resolution Order

Variables are resolved in this order:

Exports from previous steps
Parameters from user input
Built-in variables (Target, Output, etc.)
Environment variables

Built-in Variables

Osmedeus provides a comprehensive set of built-in variables that are automatically available in all workflows. These variables are recognized by the linter and do not need to be defined.

Path Variables

Variable	Description
`{{BaseFolder}}`	Osmedeus installation directory
`{{Binaries}}`	Path to tool binaries
`{{Data}}`	Path to data files
`{{ExternalData}}`	Path to external data files
`{{ExternalConfigs}}`	Path to external configuration files
`{{ExternalAgentConfigs}}`	Path to agent configuration files
`{{ExternalAgents}}`	Path to agent scripts
`{{ExternalScripts}}`	Path to external scripts
`{{Workflows}}`	Path to workflows directory
`{{MarkdownTemplates}}`	Path to markdown templates
`{{ExternalMarkdowns}}`	Path to external markdown files
`{{SnapshotsFolder}}`	Path to snapshots storage
`{{Workspaces}}`	Path to workspaces directory

Target Variables

Variable	Description
`{{Target}}`	Current scan target
`{{target}}`	Current scan target (lowercase alias)
`{{TargetFile}}`	Path to target file (for multi-target runs)
`{{TargetSpace}}`	Sanitized target (filesystem safe)

Output Variables

Variable	Description
`{{Output}}`	Workspace output directory
`{{output}}`	Workspace output directory (lowercase alias)
`{{Workspace}}`	Workspace directory
`{{workspace}}`	Workspace directory (lowercase alias)

Thread Variables

Variable	Description
`{{threads}}`	Thread count (based on tactic)
`{{Threads}}`	Thread count (uppercase alias)
`{{baseThreads}}`	Base thread count

Metadata Variables

Variable	Description
`{{Version}}`	Osmedeus version
`{{TaskDate}}`	Task date
`{{TaskID}}`	Unique task identifier
`{{TimeStamp}}`	Unix timestamp
`{{CurrentTime}}`	Current time
`{{Today}}`	Current date (YYYY-MM-DD)
`{{RandomString}}`	Random 6-character string
`{{ModuleName}}`	Current module name
`{{FlowName}}`	Parent flow name (empty if running module directly)

State File Variables

Variable	Description
`{{StateExecutionLog}}`	Path to execution log
`{{StateConsoleLog}}`	Path to console log
`{{StateCompletedFile}}`	Path to completion marker file
`{{StateFile}}`	Path to state file
`{{StateWorkflowFile}}`	Path to workflow state file
`{{StateWorkflowFolder}}`	Path to workflow state folder

Heuristic Variables

These variables are populated by automatic target analysis:

Variable	Description
`{{TargetType}}`	Detected target type
`{{TargetRootDomain}}`	Root domain extracted from target
`{{TargetTLD}}`	Top-level domain
`{{TargetSLD}}`	Second-level domain
`{{Org}}`	Organization (if detected)
`{{TargetBaseURL}}`	Base URL of target
`{{TargetRootURL}}`	Root URL of target
`{{TargetHostname}}`	Hostname from target URL
`{{TargetHost}}`	Host from target
`{{TargetPort}}`	Port from target URL
`{{TargetPath}}`	Path from target URL
`{{TargetFileExt}}`	File extension from target URL
`{{TargetScheme}}`	URL scheme (http/https)
`{{TargetIsWildcard}}`	Whether target is a wildcard
`{{TargetResolvedIP}}`	Resolved IP address
`{{TargetStatusCode}}`	HTTP status code from target
`{{TargetContentLength}}`	Content length from target response
`{{HeuristicsCheck}}`	Result of heuristics analysis

Chunk Variables

Used for parallel processing of large inputs:

Variable	Description
`{{ChunkIndex}}`	Current chunk index
`{{ChunkSize}}`	Size of each chunk
`{{TotalChunks}}`	Total number of chunks
`{{ChunkStart}}`	Start offset of current chunk
`{{ChunkEnd}}`	End offset of current chunk

params:
  - name: threads
    default: "10"

steps:
  - name: first
    type: bash
    command: echo "20"
    exports:
      threads: "{{stdout}}"   # Export named 'threads'

  - name: second
    type: bash
    command: run -t {{threads}}  # Uses export (20), not param (10)

Nested Variables

Variables can contain other variables:

params:
  - name: scan_type
    default: "basic"
  - name: output_path
    default: "{{Output}}/{{scan_type}}"

steps:
  - name: scan
    type: bash
    command: scan -o {{output_path}}/results.txt
    # Resolves to: {{Output}}/basic/results.txt

Generator Functions

Use in parameter defaults:

params:
  - name: scan_id
    default: "{{uuid()}}"

  - name: timestamp
    default: "{{currentTimestamp()}}"

  - name: user
    default: "{{getEnvVar('USER', 'unknown')}}"

Available generators:

uuid() - UUID v4
currentDate() - YYYY-MM-DD
currentTimestamp() - Unix timestamp
randomInt(min, max) - Random integer
randomString(len) - Random string
getEnvVar(key, default) - Environment variable

Flow Variable Propagation

Flow to Module

# Flow
kind: flow
params:
  - name: target
  - name: threads
    default: "50"

modules:
  - name: scan
    path: modules/scan.yaml
    params:
      threads: "{{threads}}"   # Pass flow param to module

Module Exports in Flow

Module exports are not automatically available to other modules. Use shared output files:

# Module A writes
command: subfinder -d {{target}} -o {{Output}}/subs.txt

# Module B reads (depends_on: [A])
command: httpx -l {{Output}}/subs.txt

Common Patterns

Chained Processing

steps:
  - name: enumerate
    type: bash
    command: subfinder -d {{target}} -silent
    exports:
      raw_subs: "{{stdout}}"

  - name: filter
    type: function
    function: |
      split("{{raw_subs}}", "\n")
        .filter(s => s.endsWith(".{{target}}"))
        .join("\n")
    exports:
      filtered_subs: "{{result}}"

  - name: save
    type: bash
    command: echo "{{filtered_subs}}" > {{Output}}/subs.txt

Conditional on Export

steps:
  - name: count
    type: bash
    command: wc -l < {{Output}}/hosts.txt
    exports:
      count: "{{stdout}}"

  - name: scan-if-hosts
    type: bash
    pre_condition: '{{count}} > 0'
    command: nuclei -l {{Output}}/hosts.txt

Environment Variables

params:
  - name: api_key
    default: "{{getEnvVar('API_KEY', '')}}"

steps:
  - name: api-call
    type: http
    url: "https://api.example.com/scan"
    headers:
      Authorization: "Bearer {{api_key}}"

Best Practices

Use descriptive export names

exports:
  subdomain_count: "{{stdout}}"  # Good
  x: "{{stdout}}"                # Bad

Document parameter meanings

params:
  - name: severity
    default: "high,critical"
    description: Nuclei severity filter

Provide sensible defaults

params:
  - name: threads
    default: "10"   # Works without explicit parameter

Use files for large data

# Good: write to file
command: subfinder -d {{target}} -o {{Output}}/subs.txt

# Avoid: large stdout exports
exports:
  all_subs: "{{stdout}}"  # Could be huge

Next Steps

Control Flow - Using exports in conditions
Templates - Template syntax
Functions Reference - Available functions

Getting Started

Advanced Setup

Understand Architecture

Workflows

Functions

Advanced Topics & Extending Osmedeus

Reference

​Parameters

​Defining Parameters

​Using Parameters

​Passing Parameters

​Exports

​Basic Export

​Export Sources

​HTTP Exports

​Function Exports

​Variable Scope

​Step-Level Scope

​Foreach Variable Scope

​Resolution Order

​Built-in Variables

​Path Variables

​Target Variables

​Output Variables

​Thread Variables

​Metadata Variables

​State File Variables

​Heuristic Variables

​Chunk Variables

​Nested Variables

​Generator Functions

​Flow Variable Propagation

​Flow to Module

​Module Exports in Flow

​Common Patterns

​Chained Processing

​Conditional on Export

​Environment Variables

​Best Practices

​Next Steps