Intelligent OSINT investigation system with MCP tools
Project description
Hostile Command Suite - OSINT Package
Author: cycloarcane
Contact: cycloarkane@gmail.com
License: PolyForm Noncommercial License 1.0.0
Intelligent Open Source Intelligence Investigation System
A terminal-based OSINT investigation framework with AI-powered analysis and intelligent agent decision-making. Features automated profile scraping, multi-platform username investigation, and local LLM integration for enhanced intelligence gathering.
๐ Quick Start
Prerequisites
- Install ollama (for AI analysis):
curl -fsSL https://ollama.ai/install.sh | sh
ollama pull qwen3:8b # recommended model
- Install OSINT tools:
# Arch Linux
yay -S sherlock-git mosint
# Ubuntu/Debian
pip install sherlock-project
# For mosint, download from: https://github.com/alpkeskin/mosint
Installation
git clone https://github.com/cycloarcane/Hostile-Command-Suite.git
cd Hostile-Command-Suite
python -m venv .venv
source .venv/bin/activate # Linux/Mac
pip install -r requirements.txt
Usage
Interactive comprehensive investigation:
python3 HCSO.py --interactive
# Then provide ALL target information: names, usernames, emails, addresses, etc.
Command line investigation:
# Single targets (backward compatibility)
python3 HCSO.py cycloarcane
python3 HCSO.py user@example.com
# Comprehensive targets (multiple data points)
python3 HCSO.py "John Smith, @johnsmith123, john@example.com, works at Acme Corp"
python3 HCSO.py --model llama3.2 "Jane Doe jane.doe@company.com https://linkedin.com/in/janedoe"
๐ ๏ธ Features
Core Capabilities
- ๐ Username Investigation: Sherlock integration across 400+ social media platforms
- ๐ง Email Investigation: Mosint integration for email intelligence and breach analysis
- ๐ Profile Scraping: Automated extraction of profile details from discovered accounts
- ๐ Web Search Intelligence: DuckDuckGo search integration for comprehensive OSINT gathering
- ๐ค AI Agent: Local ollama integration for intelligent decision-making and analysis
- โก Intelligent Workflow: Automatic tool chaining and investigation pivoting
- ๐จ Rich Terminal: Professional red/black themed interface with progress indicators
Supported Targets
| Target Type | Primary Tool | Secondary Tools | AI Analysis |
|---|---|---|---|
| Username | Sherlock โ Profile Scraper | DuckDuckGo Search, Link Analyzer | โ Full Analysis |
| Mosint | DuckDuckGo Search | โ Full Analysis | |
| Any Target | DuckDuckGo Search | Context-dependent pivoting | โ Full Analysis |
MCP Tool Architecture
The system uses Model Context Protocol (MCP) based tool servers:
sherlock_server.py: Username investigation across platformsmosint_server.py: Email enumeration and breach investigationprofile_scraper_server.py: Intelligent profile content extractionduckduckgo_server.py: Web search for comprehensive intelligence gatheringlink_analyzer_server.py: Deep analysis of URLs and GitHub profiles
AI-Powered Intelligence
The AI agent provides:
- Comprehensive Data Extraction: Uses LLM to parse and categorize all provided target information
- Intelligent Tool Selection: Automatically chooses appropriate tools based on data types:
- Names โ DuckDuckGo web search for public records and news
- Usernames โ Sherlock for social media platform discovery
- Emails โ Mosint for breach data and domain analysis
- Organizations โ Web search for corporate intelligence
- URLs โ Link analyzer for deep content analysis
- Investigation Pivoting: Discovers new leads and suggests follow-up actions
- Security Risk Assessment: Evaluates exposure levels and security implications
- Pattern Recognition: Identifies connections across platforms and data sources
- Decision Making: Determines when investigations are complete vs need continuation
๐๏ธ Architecture
Intelligent Agent Design
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ HCSO Agent โโโโถโ Ollama AI โโโโโถโ Investigation โ
โ โ โ Decision Engine โ โ Recommendations โ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ MCP Tool โโโโถโ Tool Results โโโโโถโ Profile Scraper โ
โ Manager โ โ Analysis โ โ Auto-Trigger โ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ Sherlock โ โ Mosint โ โ Profile โ
โ Username Search โ โ Email Intel โ โ Scraper โ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
Investigation Workflow
- Comprehensive Input: User provides ALL available target information (names, usernames, emails, addresses, organizations, URLs, etc.)
- AI Data Extraction: LLM parses and categorizes information into structured data types
- Intelligent Tool Selection: System automatically selects appropriate tools for each data type:
- Names โ Web search for public intelligence
- Usernames โ Social media platform discovery
- Emails โ Breach analysis and domain intelligence
- Organizations โ Corporate and public records search
- URLs โ Deep content and profile analysis
- Parallel Investigation: Multiple tools execute simultaneously based on extracted data
- AI Analysis: Intelligent analysis of all findings and cross-reference discovery
- Decision Point: AI recommends additional investigations or marks complete
- Iterative Enhancement: Follow-up investigations based on discovered leads
๐ Example Output
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โโ โโ โโโโโโโ โโโโโโ โโโโโโโ โโโโโโโ โโ โโโ โโ โโโโโโโโ โ
โ โโ โโ โโ โโ โโ โโ โโ โโ โโโโ โโ โโ โ
โ โโโโโโโ โโโโโโโ โโ โโโโโ โโ โโ โโโโโโโ โโ โโ โโ โโ โโ โ
โ โโ โโ โโ โโ โโ โโ โโ โโ โโ โโ โโ โโ โ
โ โโ โโ โโโโโโโ โโโโโโ โโโโโโโ โโโโโโโ โโ โโ โโโโ โโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Hostile Command Suite - OSINT Package
Intelligent Open Source Intelligence Investigation System
Using AI Model: qwen3:8b
Available Tools: sherlock, mosint, profile_scraper, duckduckgo_search, link_analyzer
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโ COMPREHENSIVE TARGET INFORMATION โโโ
Provide ALL available information about your target for intelligent analysis
Include: names, usernames, emails, addresses, organizations, social profiles, etc.
Enter ALL target information: John Smith, @johnsmith123, john.smith@techcorp.com, works at TechCorp
Analyzing Provided Information
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Extracted Target Intelligence
โโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Data Type โ Extracted Values โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ Names โ John Smith โ
โ Usernames โ johnsmith123 โ
โ Emails โ john.smith@techcorp.com โ
โ Organizations โ TechCorp โ
โโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Investigating Name: John Smith
SHERLOCK Investigation Results
โโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโ
โ Metric โ Value โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ Target โ cycloarcane โ
โ Accounts Found โ 17 โ
โ Status โ Success โ
โโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Found 17 profiles, scraping for additional intelligence...
PROFILE_SCRAPER Investigation Results
โโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโ
โ Metric โ Value โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ Total Scraped โ 5 โ
โ Successful โ 4 โ
โ With Useful Info โ 4 โ
โ Status โ Success โ
โโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
AI Agent Analyzing...
โญโ AI Investigation Analysis โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ ANALYSIS: Investigation revealed GitHub profile with security research โ
โ interests (LLMs + red team). High-value intelligence gathered from โ
โ multiple platforms. Profile scraping provided sufficient context. โ
โ โ
โ RECOMMENDATION: Investigation complete - sufficient intelligence gathered โ
โ TOOL: NONE โ
โ TARGET: N/A โ
โ REASONING: Profile analysis reveals technical expertise and security โ
โ focus. No additional tools needed for current investigation scope. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
๐ก๏ธ Security & Ethics
Responsible Use
- Legal Compliance: All investigations must comply with applicable laws
- Authorization: Only investigate targets you have permission to research
- Rate Limiting: Respects platform rate limits and implements delays
- Local Processing: All AI analysis happens locally via ollama (no cloud)
Privacy & Security
- No Data Persistence: Investigation results are not stored long-term
- Local LLM: AI analysis never leaves your machine
- Tool Isolation: Each OSINT tool runs independently
- Professional Focus: Designed for defensive security and legitimate research
๐ง Configuration
AI Model Selection
# Use different ollama models
python3 HCSO.py --model llama3.2 target
python3 HCSO.py --model qwen3:8b target
python3 HCSO.py --model mixtral target
Configurable Prompts
Agent behavior is configurable via YAML files:
prompts/agent_system.yaml: Core agent instructions and tool selection logicprompts/tool_prompts.yaml: Tool-specific analysis templates
Tool Capabilities
| Tool | Input | Capabilities | Auto-Trigger |
|---|---|---|---|
| DuckDuckGo Search | Names, Organizations | Web intelligence, news, public records | Auto for names |
| Sherlock | Username | 400+ platform search | Auto for usernames |
| Mosint | Breach data, domain intel | Auto for emails | |
| Link Analyzer | URLs | GitHub profiles, web content analysis | Auto for URLs |
| Profile Scraper | URLs | Bio, followers, verification | After Sherlock |
๐ง Development
Adding New OSINT Tools
- Create MCP server in
mcp_tools/new_tool_server.py - Add tool detection in
MCPToolManager.check_available_tools() - Implement tool calling in
MCPToolManager.call_tool() - Add result display in
display_investigation_result() - Update agent prompts for tool selection logic
Architecture Benefits
Previous Complex Architecture:
- 15+ microservices with FastMCP
- PostgreSQL database requirement
- Web UI and API complexity
- Multiple authentication layers
Current Intelligent Agent Architecture:
- Single intelligent agent with MCP tools
- No database required
- Pure terminal interface with AI
- Local ollama for decision-making
- Automatic tool chaining and pivoting
๐ Roadmap
Phase 1: Core Intelligence โ
- Sherlock username investigation with AI analysis
- Mosint email investigation with AI analysis
- Intelligent profile scraping from social media
- AI-powered investigation decision making
- MCP-based tool architecture
Phase 2: Enhanced Analysis ๐ง
- Link analyzer for deep GitHub/social media analysis
- Domain investigation capabilities
- Phone number OSINT integration
- Correlation analysis across findings
Phase 3: Advanced Intelligence ๐
- Investigation session management
- Custom tool integration framework
- Automated investigation workflows
- Advanced AI reasoning and pivoting
๐ค Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/new-tool) - Add your MCP tool server following existing patterns
- Update agent prompts for tool integration
- Test with various target types
- Submit a pull request
Development Setup
git clone https://github.com/cycloarcane/Hostile-Command-Suite.git
cd Hostile-Command-Suite
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python3 HCSO.py --interactive
๐ License
This project is licensed under the PolyForm Noncommercial License 1.0.0 - see the LICENSE file for details.
Copyright ยฉ cycloarcane (cycloarkane@gmail.com)
Intelligent. Terminal. Effective.
Advanced OSINT investigation with AI-powered decision making
For questions or feature requests, contact cycloarkane@gmail.com
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iflow_mcp_cycloarcane_hostile_command_suite-0.1.1.tar.gz.
File metadata
- Download URL: iflow_mcp_cycloarcane_hostile_command_suite-0.1.1.tar.gz
- Upload date:
- Size: 21.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Debian GNU/Linux","version":"13","id":"trixie","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2981899f81b09f480cc0f59402b6cc3a63b1cad390ccaeaaaceb94239323bea4
|
|
| MD5 |
620cccc26a156c48a3bf3383d85ac2ca
|
|
| BLAKE2b-256 |
87fec4b58cf1f5ffe48307b7f9767d366497c8ec13695fb51fa416cf29a895c6
|
File details
Details for the file iflow_mcp_cycloarcane_hostile_command_suite-0.1.1-py3-none-any.whl.
File metadata
- Download URL: iflow_mcp_cycloarcane_hostile_command_suite-0.1.1-py3-none-any.whl
- Upload date:
- Size: 25.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Debian GNU/Linux","version":"13","id":"trixie","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2a0e1543a887eb2791a4ba05261931b01a63b7d3663b11bcce8151d61db863a4
|
|
| MD5 |
64724ee31a5f89a2da7200663ec0c3a0
|
|
| BLAKE2b-256 |
1d40dc515127db06a36777eeaf6d9e02992dcb75a85eeb11206f9ddd4a932388
|
