New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

osintbuddy

Package Overview
Dependencies
Maintainers
1
Versions
28
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

osintbuddy

The OSINTBuddy plugins framework for graph-based information analysis and offline local-first investigative workflows.

Source
pipPyPI
Version
2.1.0
Maintainers
1

Introducing OSINTBuddy: Reloaded

Logo

I have no data yet. It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts.

The OSINTBuddy Plugins Framework

PyPI version Python 3.12+ License: MIT

The plugin framework for OSINTBuddy, a graph-based OSINT platform for recon, OSINT investigations, link analysis, and more. Offline. Local-first workflows. No cloud dependency.

Overview

OSINTBuddy's plugin system enables you to define entities (nodes in the graph) and transforms (operations that create new entities from existing ones). The framework provides:

  • Entity definitions with rich metadata, icons, colors, and form elements
  • Transform decorators with dependency management and version targeting
  • Result types for subgraphs, custom edges, and file attachments
  • Field types for semantic type-based transform matching
  • Settings framework for persistent configuration
  • CLI tools for development and integration

Installation

pip install osintbuddy[all]

For development:

git clone https://github.com/osintbuddy/plugins.git
cd plugins/
pip install -e ".[dev]"

Quick Start

Define an Entity

from osintbuddy import Plugin
from osintbuddy.elements import TextInput, CopyText
from osintbuddy.types import FieldType

class EmailEntity(Plugin):
    version = "1.0.0"
    label = "Email"
    icon = "mail"
    color = "#3B82F6"
    category = "Identity"

    elements = [
        TextInput(label="Email", icon="mail", field_type=FieldType.EMAIL),
        CopyText(label="Domain"),
    ]

Create a Transform

from osintbuddy import transform, Entity, Edge

@transform(
    target="email@>=1.0.0",
    label="Extract Domain",
    icon="world",
)
async def extract_domain(entity):
    email = entity.email
    domain = email.split("@")[1] if "@" in email else None

    if domain:
        return Entity(
            data=DomainEntity.blueprint(domain=domain),
            edge=Edge(label="has domain"),
        )

Run a Transform

ob run -T '{"label": "email", "version": "1.0.0", "transform": "extract_domain", "data": {"email": "user@example.com"}}'

Documentation

GuideDescription
Getting StartedInstallation, project setup, and first plugin
Plugins & EntitiesDefining entities with the Plugin class
TransformsCreating transforms with the @transform decorator
ElementsInput and display elements for entity forms
Field TypesSemantic types for fields and type-based matching
SettingsTransform configuration and persistence
CLI ReferenceCommand-line interface documentation
API ReferenceComplete API documentation

Key Concepts

Plugins & Entities

Every node type in the graph is defined as a Plugin subclass. Plugins are automatically registered when defined:

class IPAddress(Plugin):
    version = "1.0.0"
    label = "IP Address"
    elements = [TextInput(label="IP", field_type=FieldType.IP_ADDRESS)]

Transforms

Transforms operate on entities to produce new entities. They target specific entity versions:

@transform(target="ip_address@>=1.0.0", label="GeoIP Lookup", deps=["geoip2"])
async def geoip_lookup(entity):
    # Transform logic
    return Entity(data=Location.blueprint(city="..."))

Result Types

Transforms return Entity, Edge, File, or Subgraph objects:

return Entity(
    data=TargetEntity.blueprint(field="value"),
    edge=Edge(label="discovered", color="#22C55E"),
    files=[File(path="/tmp/report.pdf")],
)

Project Structure

For plugin development and registry submissions, organize your code as:

my-plugins-repo/
├── entities/
│   ├── email.py
│   ├── domain.py
│   └── ip_address.py
└── transforms/
    ├── email_transforms.py
    ├── domain_transforms.py
    ├── network_traceroute_transform.py
    └── network_transforms.py

Load plugins via:

from osintbuddy import load_plugins_fs
load_plugins_fs("/path/to/my-plugins", "my_plugins")

CLI Commands

# List entities and transforms
ob ls entities
ob ls transforms -L email

# Run a transform
ob transform '{"label": "email", "version": "1.0.0", "transform": "to_domain", "data": {...}}'

# Get entity blueprints
ob blueprints -L email

# Initialize a new plugins project
ob init

# Sync manifest and README metadata after repo changes
ob sync

# Compile JSON entity to Python
ob compile entity.json -O entity.py

Requirements

  • Python 3.13+

License

MIT License, see LICENSE for details.

Links

Keywords

osint
open source intelligence
transform-pipeline
intelligence
plugins
graph

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026