Metadata-Version: 2.4
Name: oswatcher-plugins
Version: 0.14.0
Summary: Analysis plugins for OSWatcher — extract and analyze OS artifacts into Neo4j
License: Apache-2.0
License-File: LICENSE
Author: Mathieu Tarral
Author-email: mathieu.tarral@protonmail.com
Requires-Python: >=3.11,<4.0
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Requires-Dist: attrs (>=23.2.0,<24.0.0)
Requires-Dist: click (>=8.1.7,<9.0.0)
Requires-Dist: dynaconf (>=3.2.5,<4.0.0)
Requires-Dist: gitpython (>=3.1.0,<4.0.0)
Requires-Dist: ipdb (>=0.13.13,<0.14.0)
Requires-Dist: jsonschema (>=4.21.1,<5.0.0)
Requires-Dist: lief (==0.14.0)
Requires-Dist: neogit (>=0.16.0,<0.17.0)
Requires-Dist: poethepoet (>=0.26.1,<0.27.0)
Requires-Dist: pypeln (>=0.4.9,<0.5.0)
Requires-Dist: python-magic (>=0.4.27,<0.5.0)
Requires-Dist: regipy (>=4.1.1,<5.0.0)
Requires-Dist: requests (>=2.31,<3.0)
Requires-Dist: setuptools
Requires-Dist: volatility3 (>=2.26.2,<3.0.0)
Project-URL: Homepage, https://github.com/OSWatcher/oswatcher-plugins
Project-URL: Repository, https://github.com/OSWatcher/oswatcher-plugins
Description-Content-Type: text/markdown

# OSWatcher Plugins

Analysis plugins for [OSWatcher](https://github.com/OSWatcher) — extract and analyze operating system artifacts (filesystem, registry, PDB symbols, syscalls) and store them as a queryable graph in Neo4j.

## Installation

```bash
pip install oswatcher-plugins
```

## Plugins

| Plugin | Description |
|--------|-------------|
| `FileTypePlugin` | Identifies file types within OS filesystem snapshots |
| `SymbolsPlugin` | Extracts PDB symbols and struct layouts from PE binaries |
| `WinRegistryPlugin` | Parses and inserts Windows registry hives |
| `SyscallsPlugin` | Extracts Windows/Linux syscall tables |
| `LinuxSymbolsPlugin` | Extracts Linux kernel debug symbols |

## Usage

Plugins are run via the `runner` CLI against a [neogit](https://github.com/OSWatcher/neogit) branch:

```bash
runner <plugin_name> <branch_name>
# example:
runner symbols Windows_10_21H2
```

## Requirements

- Python 3.11+
- A running Neo4j instance (configured via `neogit` settings)
- [neogit](https://github.com/OSWatcher/neogit) — the underlying graph storage library

## Documentation

- [Syscall Data Model Specification](docs/syscall-data-model.md)
- [Neo4j Insertion Pattern](docs/neo4j-insertion-pattern.md)

## License

Apache 2.0 — see [LICENSE](LICENSE).

