SIERRA Invoker ScriptDevelopment Guide
Learn how to create custom Invoker scripts to extend SIERRA's functionality and automate your investigation workflows.
What are Invoker Scripts?
Invoker scripts let you run any external tool or script — in any language — directly from the SIERRA canvas. Define them in simple YAML, then run them from your investigation graph to automate tasks, call APIs, and capture results back into the graph for immediate analysis.
Script Structure
An Invoker script is defined by a YAML configuration file, which tells SIERRA how to present parameters, run your command, and handle its output in the graph. It has the following structure:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# [Optional]: Directories where SIERRA should look for the script
# If the same script exists in multiple locations, the first occurrence will be executed
PATHS:
- /path/to/script/directory
- /another/path
# [Mandatory]: Contains the list of Invoker scripts
SCRIPTS:
- Name: Unique Script Name # [Mandatory]
Description: Brief description of the script
Params: # [Mandatory]
- Name: ParameterName # [Mandatory]
Description: Parameter description # [Optional]
# [Mandatory]: The data type of the parameter
# Supported types: STRING (text input), FILE (uploaded file path)
Type: STRING
Options: # [Optional]
- MANDATORY # indicates this parameter cannot be empty
Command: command_to_execute {ParameterName} # [Mandatory]Output Formats
To display results in the graph, your script should return JSON in one of these supported formats:
🌳 Tree Type Output
The type field should be Tree. Perfect for hierarchical data structures.
1
2
3
4
5
6
7
8
9
10
11
12
13
{
"type": "Tree",
"results": [
"Content of Entity A",
"Content of Entity B",
{
"Content of Entity C (parent of D and E)": [
"Content of Entity D",
"Content of Entity E"
]
}
]
}🕸️ Network Type Output
The type field should be Network. Ideal for complex relationship mapping.
1
2
3
4
5
6
7
8
9
10
11
12
13
{
"type": "Network",
"origins": ["AliceID"],
"nodes": [
{ "id": "AliceID", "content": "Alice" },
{ "id": "BobID", "content": "Bob" },
{ "id": "CharlieID", "content": "Charlie" }
],
"edges": [
{ "source": "AliceID", "target": "BobID", "label": "friend" },
{ "source": "AliceID", "target": "CharlieID", "label": "colleague" }
]
}⚠️ Error Handling
When your script encounters an error, return a JSON object with type: "Error".
1
2
3
4
5
6
7
8
9
10
11
// Service error
{
"type": "Error",
"message": "API connection failed"
}
// Input validation error
{
"type": "Error",
"message": "Invalid email format"
}Complete Example
Here's a complete example of an Invoker script configuration for a subdomain lookup utility:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
PATHS:
- /opt/scripts
- /home/user/tools
SCRIPTS:
- Name: Subdomain Finder
Description: Looks up subdomains of a given domain using crt.sh
Params:
- Name: Domain
Description: The domain to find subdomains for
Type: STRING
Options:
- PRIMARY
- MANDATORY
Command: python subfinder.py {Domain}Best Practices
Follow these guidelines for optimal Invoker script development:
•
Validate inputs: Always validate parameters before processing
•
Handle errors gracefully: Return meaningful error messages
•
Use descriptive names: Make script and parameter names self-explanatory
•
Test thoroughly: Verify output formats work correctly in SIERRA
•
Document your scripts: Include helpful descriptions and examples
Ready to Build Your First Invoker?
Start building Invokers to supercharge your investigations, from quick lookups to complex multi-step automations.
Phantom Helix
OSINT tools for modern investigators and security professionals.
© 2025 Phantom Helix Intelligence. All rights reserved.
Made with ❤️ for the OSINT community