OSINTBuddy - The OSINTBuddy application framework for graph-based information analysis and offline local-first investigative workflows.
Project description
Introducing OSINTBuddy: Reloaded
I have no data yet. It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts.
The OSINTBuddy Plugins Framework
The plugin framework for OSINTBuddy, a graph-based OSINT platform for recon, OSINT investigations, link analysis, and more. Offline. Local-first workflows. No cloud dependency.
Overview
OSINTBuddy's plugin system enables you to define entities (nodes in the graph) and transforms (operations that create new entities from existing ones). The framework provides:
- Entity definitions with rich metadata, icons, colors, and form elements
- Transform decorators with dependency management and version targeting
- Result types for subgraphs, custom edges, and file attachments
- Field types for semantic type-based transform matching
- Settings framework for persistent configuration
- CLI tools for development and integration
Installation
pip install osintbuddy[all]
For development:
git clone https://github.com/osintbuddy/plugins.git
cd plugins/
pip install -e ".[dev]"
Quick Start
Define an Entity
from osintbuddy import Plugin
from osintbuddy.elements import TextInput, CopyText
from osintbuddy.types import FieldType
class EmailEntity(Plugin):
version = "1.0.0"
label = "Email"
icon = "mail"
color = "#3B82F6"
category = "Identity"
elements = [
TextInput(label="Email", icon="mail", field_type=FieldType.EMAIL),
CopyText(label="Domain"),
]
Create a Transform
from osintbuddy import transform, Entity, Edge
@transform(
target="email@>=1.0.0",
label="Extract Domain",
icon="world",
)
async def extract_domain(entity):
email = entity.email
domain = email.split("@")[1] if "@" in email else None
if domain:
return Entity(
data=DomainEntity.blueprint(domain=domain),
edge=Edge(label="has domain"),
)
Run a Transform
ob run -T '{"label": "email", "version": "1.0.0", "transform": "extract_domain", "data": {"email": "user@example.com"}}'
Documentation
| Guide | Description |
|---|---|
| Getting Started | Installation, project setup, and first plugin |
| Plugins & Entities | Defining entities with the Plugin class |
| Transforms | Creating transforms with the @transform decorator |
| Elements | Input and display elements for entity forms |
| Field Types | Semantic types for fields and type-based matching |
| Settings | Transform configuration and persistence |
| CLI Reference | Command-line interface documentation |
| API Reference | Complete API documentation |
Key Concepts
Plugins & Entities
Every node type in the graph is defined as a Plugin subclass. Plugins are automatically registered when defined:
class IPAddress(Plugin):
version = "1.0.0"
label = "IP Address"
elements = [TextInput(label="IP", field_type=FieldType.IP_ADDRESS)]
Transforms
Transforms operate on entities to produce new entities. They target specific entity versions:
@transform(target="ip_address@>=1.0.0", label="GeoIP Lookup", deps=["geoip2"])
async def geoip_lookup(entity):
# Transform logic
return Entity(data=Location.blueprint(city="..."))
Result Types
Transforms return Entity, Edge, File, or Subgraph objects:
return Entity(
data=TargetEntity.blueprint(field="value"),
edge=Edge(label="discovered", color="#22C55E"),
files=[File(path="/tmp/report.pdf")],
)
Project Structure
For plugin development and registry submissions, organize your code as:
my-plugins-repo/
├── entities/
│ ├── email.py
│ ├── domain.py
│ └── ip_address.py
└── transforms/
├── email_transforms.py
├── domain_transforms.py
├── network_traceroute_transform.py
└── network_transforms.py
Load plugins via:
from osintbuddy import load_plugins_fs
load_plugins_fs("/path/to/my-plugins", "my_plugins")
CLI Commands
# List entities and transforms
ob ls entities
ob ls transforms -L email
# Run a transform
ob transform '{"label": "email", "version": "1.0.0", "transform": "to_domain", "data": {...}}'
# Get entity blueprints
ob blueprints -L email
# Compile JSON entity to Python
ob compile entity.json -O entity.py
Requirements
- Python 3.12+
License
MIT License, see LICENSE for details.
Links
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file osintbuddy-2.0.0.tar.gz.
File metadata
- Download URL: osintbuddy-2.0.0.tar.gz
- Upload date:
- Size: 47.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
01e51c2b8220c90767720f43c3ae5b274fa02085877bfca828535f175ba916ea
|
|
| MD5 |
e232c207d36dbc500fa2c9bb42baf75d
|
|
| BLAKE2b-256 |
09d03b264f9eb5706d2ff71f714f839aef2b8b1af77a8bc85ba7a3d04e439005
|
Provenance
The following attestation bundles were made for osintbuddy-2.0.0.tar.gz:
Publisher:
publish.yml on osintbuddy/framework
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
osintbuddy-2.0.0.tar.gz -
Subject digest:
01e51c2b8220c90767720f43c3ae5b274fa02085877bfca828535f175ba916ea - Sigstore transparency entry: 944714876
- Sigstore integration time:
-
Permalink:
osintbuddy/framework@09fab51fca5d2475581dff35d7a58d5d6aed3c3f -
Branch / Tag:
refs/heads/main - Owner: https://github.com/osintbuddy
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@09fab51fca5d2475581dff35d7a58d5d6aed3c3f -
Trigger Event:
push
-
Statement type:
File details
Details for the file osintbuddy-2.0.0-py3-none-any.whl.
File metadata
- Download URL: osintbuddy-2.0.0-py3-none-any.whl
- Upload date:
- Size: 54.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
05bad2dd8f8a56f1f34218536e316348072b3f0fb11b3ea5f9e24603d90081aa
|
|
| MD5 |
5f68e8ff9e5e6c75dc243f0461badef8
|
|
| BLAKE2b-256 |
d2cf07fd9cc880374d66c0c5ea54d8fe22427e9e0aa4a470d9a5f2f89fc8b4bb
|
Provenance
The following attestation bundles were made for osintbuddy-2.0.0-py3-none-any.whl:
Publisher:
publish.yml on osintbuddy/framework
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
osintbuddy-2.0.0-py3-none-any.whl -
Subject digest:
05bad2dd8f8a56f1f34218536e316348072b3f0fb11b3ea5f9e24603d90081aa - Sigstore transparency entry: 944714894
- Sigstore integration time:
-
Permalink:
osintbuddy/framework@09fab51fca5d2475581dff35d7a58d5d6aed3c3f -
Branch / Tag:
refs/heads/main - Owner: https://github.com/osintbuddy
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@09fab51fca5d2475581dff35d7a58d5d6aed3c3f -
Trigger Event:
push
-
Statement type:
