osint-mcp 0.1.1

26 free OSINT tools as MCP tools for AI agents — one command installs everything

osint-mcp — Free OSINT Tools as MCP Tools for AI Agents

One command. 26 free OSINT tools. Any AI agent.

uvx osint-mcp   # installs everything and starts the MCP server

---

What is osint-mcp?

osint-mcp is a Python package that wraps 26 free OSINT (Open Source Intelligence) tools as MCP (Model Context Protocol) tools, giving AI agents like Claude, GPT-4, and any MCP-compatible agent the ability to perform real OSINT investigations directly from a conversation.

The problem it solves: Running OSINT tools traditionally requires installing a dozen separate binaries, writing glue scripts, and manually parsing outputs. osint-mcp automates the entire setup — it detects your OS, installs all tools via Homebrew / apt / Go / pip, and exposes them to your AI agent through a single MCP server.

Who it is for:

• Security researchers and penetration testers who want AI-assisted reconnaissance
• Developers building AI agents with security investigation capabilities
• Bug bounty hunters automating initial footprinting
• Threat intelligence analysts enriching IOCs (Indicators of Compromise)
• Students learning OSINT with AI guidance

---

Key Features

• 26 free OSINT tools spanning network, domain, social media, email, web, phone, and secrets scanning
• Single-command setup — uvx osint-mcp auto-installs all underlying tools on first run
• MCP-native — works out of the box with Claude Desktop, any MCP client, or the Anthropic SDK
• Zero-config for most tools — 15 tools work with no API key at all
• Graceful degradation — tools with optional free API keys (Shodan, VirusTotal) work in reduced mode without them and tell you exactly how to enable full access
• macOS + Linux support (Homebrew, apt, yum, Go, pip — all detected automatically)
• Safe by default — passive recon only unless you explicitly call a port-scan or secrets-scan tool

---

One-Command Setup (Recommended)

uvx is the Python equivalent of npx — it installs the package in an isolated environment and runs it immediately. No pip install, no virtual environment setup needed.

uvx osint-mcp

On first run, this automatically:

1. Installs osint-mcp in an isolated Python environment
2. Detects your OS (macOS or Linux)
3. Installs all 26 OSINT tool binaries via Homebrew / apt / Go / uv pip
4. Starts the MCP server on stdio (ready for Claude Desktop or any MCP client)

On subsequent runs, it boots in under a second — tools are already installed.

---

Connect to Claude Desktop

Add one entry to your Claude Desktop config and you are done.

macOS — ~/Library/Application Support/Claude/claude_desktop_config.json
Linux — ~/.config/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "osint": {
      "command": "uvx",
      "args": ["osint-mcp"]
    }
  }
}

Restart Claude Desktop. You will see 26 new OSINT tools available in the tool list.

---

Alternative: Traditional pip Install

If you prefer managing your own environment:

pip install osint-mcp

# Install all OSINT tool binaries
osint-mcp install

# Check what is available
osint-mcp status

# Start the MCP server
osint-mcp serve

---

How It Works

Claude Desktop / AI Agent
        │
        │  MCP (stdio)
        ▼
  osint-mcp server
        │
        ├── osint_whois        →  python-whois library
        ├── osint_port_scan    →  nmap binary (subprocess)
        ├── osint_subdomain_enum → subfinder binary
        ├── osint_cert_transparency → crt.sh public API (HTTP)
        ├── osint_shodan_host  →  Shodan REST API (optional key)
        ├── osint_virustotal   →  VirusTotal REST API (optional key)
        └── ... 20 more tools

Each tool is a BaseTool subclass. The registry auto-discovers all subclasses at startup and registers them with FastMCP. If a tool's binary is not installed, it returns a clear "not installed — run osint-mcp install" message instead of crashing.

---

Complete Tool Reference (26 Tools)

Network Intelligence

MCP Tool	Underlying Technology	Key Required?	What It Does
osint_whois	python-whois	No	WHOIS lookup — registrar, creation date, expiry, nameservers
osint_dns_lookup	dig	No	DNS records: A, AAAA, MX, NS, TXT, CNAME, SOA, PTR, SRV, CAA
osint_port_scan	nmap	No	Port and service scan with version detection
osint_ip_info	ipinfo.io API	Optional	IP geolocation, ISP, org, timezone, abuse contact
osint_asn_lookup	ipinfo.io API	Optional	ASN number, BGP prefix, network owner

Domain & DNS Intelligence

MCP Tool	Underlying Technology	Key Required?	What It Does
osint_subdomain_enum	subfinder	No	Passive subdomain enumeration from 40+ sources
osint_amass	amass	No	Deep attack-surface mapping across DNS, certs, APIs
osint_cert_transparency	crt.sh API	No	Certificate transparency log search — reveals subdomains via SSL certs
osint_harvester	theHarvester	No	Email addresses, hostnames, employee names from public sources
osint_dnsrecon	dnsrecon	No	Zone transfer attempts, SRV enumeration, reverse lookups

Social Media & Username OSINT

MCP Tool	Underlying Technology	Key Required?	What It Does
osint_username_search	Sherlock	No	Username search across 300+ social platforms
osint_maigret	Maigret	No	Deep username profiling across 3,000+ sites with profile extraction

Email Intelligence

MCP Tool	Underlying Technology	Key Required?	What It Does
osint_email_accounts	Holehe	No	Find which services (Instagram, Twitter, etc.) are linked to an email
osint_email_breach	HaveIBeenPwned	Optional	Check if an email appears in known data breaches

Web & Threat Intelligence

MCP Tool	Underlying Technology	Key Required?	What It Does
osint_wayback	Internet Archive API	No	Retrieve historical snapshots of any URL from the Wayback Machine
osint_urlscan	urlscan.io API	Optional	Scan a URL — returns IPs contacted, tech stack, screenshot, threat score
osint_shodan_host	Shodan API	Required (free)	Open ports, services, banners, CVEs for any IP
osint_shodan_search	Shodan API	Required (free)	Search internet-connected devices with Shodan query syntax
osint_virustotal	VirusTotal API	Required (free)	Check URLs, IPs, domains, or file hashes against 70+ AV engines

Phone Number OSINT

MCP Tool	Underlying Technology	Key Required?	What It Does
osint_phone_info	PhoneInfoga	No	Carrier, country, line type, and public source search for phone numbers

Secrets & Code Scanning

MCP Tool	Underlying Technology	Key Required?	What It Does
osint_scan_secrets	TruffleHog	No	Scan a Git repo URL or local path for exposed secrets and API keys
osint_gitleaks	Gitleaks	No	Detect hardcoded passwords and tokens in Git history

Meta / Utility

MCP Tool	What It Does
osint_install_status	JSON list of all tools with availability status — useful for agents to check before running
osint_config_get	Read a stored API key (masked)
osint_config_set	Store an API key from within an agent conversation
osint_config_list	List all configured API keys

---

Optional Free API Keys

These tools work without a key but unlock significantly more data with one. All are free to register.

Tool	Config Key	Free Tier	Register At
Shodan	shodan_key	1 query/sec, 100 results	https://account.shodan.io
VirusTotal	virustotal_key	4 requests/min	https://www.virustotal.com/gui/join-us
ipinfo.io	ipinfo_key	50,000 req/month	https://ipinfo.io/signup
HaveIBeenPwned	hibp_key	Free for email checks	https://haveibeenpwned.com/API/Key
urlscan.io	urlscan_key	100 scans/day	https://urlscan.io/user/signup

# Set a key via CLI
osint-mcp config set shodan_key=YOUR_KEY

# Or let your AI agent set it during a conversation (via osint_config_set tool)

---

Example AI Agent Conversations

Once connected to Claude Desktop, you can ask questions like:

"Investigate the domain example.com — find subdomains, check for data breaches on contact emails, and look it up on Shodan."

"Scan the GitHub repo github.com/org/repo for exposed secrets and API keys."

"Find all social media accounts associated with the username johndoe123."

"Check if the IP 1.2.3.4 is listed on Shodan and what ports are open."

"Look up the phone number +14155552671 and find what carrier and country it's registered to."

The agent automatically chains multiple tools, interprets the results, and presents a coherent investigation summary — no manual tool orchestration needed.

---

CLI Reference

osint-mcp                          Start the MCP server (default, same as serve)
osint-mcp serve                    Start the MCP server explicitly
osint-mcp serve --no-auto-install  Skip first-run tool installation
osint-mcp install                  Install all missing OSINT tools
osint-mcp install --category X     Install only tools in category (network/domain/social…)
osint-mcp install --dry-run        Preview what would be installed
osint-mcp status                   Show a table of all tools and their availability
osint-mcp config set KEY=VALUE     Store an API key
osint-mcp config get KEY           Read a stored key (masked)
osint-mcp config list              List all stored keys
osint-mcp config delete KEY        Remove a key
osint-mcp --version                Print version
osint-mcp --help                   Show help

---

Supported Platforms

Platform	How Tools Are Installed
macOS	Homebrew (brew install) · go install · uv pip install
Linux (Debian / Ubuntu)	apt-get install · go install · uv pip install
Linux (RHEL / Fedora / CentOS)	yum / dnf · go install · uv pip install

Prerequisites auto-handled:

• Homebrew — must be pre-installed on macOS (https://brew.sh)
• Go 1.21+ — required for subfinder, amass, phoneinfoga, gitleaks (installer skips gracefully if absent)
• Python 3.10+ — required (bundled when using uvx)

---

Frequently Asked Questions

Q: What is MCP (Model Context Protocol)?
A: MCP is an open standard by Anthropic that lets AI models call external tools in a structured, secure way. It is to AI agents what HTTP is to web browsers — a universal protocol for tool use. Learn more at modelcontextprotocol.io.

Q: Does osint-mcp work with AI agents other than Claude?
A: Yes. Any MCP-compatible client works — including OpenAI's agent framework (via MCP adapters), LangChain, LlamaIndex, and custom agents built with the Anthropic SDK. The server communicates over stdio using the standard MCP JSON-RPC protocol.

Q: Does it cost anything?
A: The package itself is free and open source. All 26 tools are free. Some tools (Shodan, VirusTotal) require a free API key registration for full functionality but offer a usable free tier.

Q: Is it safe? Will it run scans without my permission?
A: Passive tools (WHOIS, certificate transparency, breach databases, username search) run automatically. Active tools (port scanning with nmap, secret scanning with TruffleHog) only run when you or your agent explicitly calls them — and the server instructions remind the agent to confirm with the user before active scans.

Q: How is this different from running OSINT tools manually?
A: Three ways: (1) Installation — one command installs everything vs. hours of setup. (2) Integration — your AI agent can chain multiple tools automatically and interpret combined results. (3) Conversation — you describe what you want in plain English instead of memorising CLI flags.

Q: What is the difference between uvx and pip for installing osint-mcp?
A: uvx osint-mcp (recommended) runs the package in an isolated environment — no global pip install, no virtual environment setup. pip install osint-mcp installs it into your current environment. Both work; uvx is simpler and avoids dependency conflicts.

Q: Can I add my own OSINT tools?
A: Yes. Create a subclass of BaseTool in any file under src/osint_mcp/tools/<category>/ — the registry auto-discovers it on next start. No registration step needed. See tools/base.py for the interface.

---

Ethical and Legal Use

osint-mcp is designed for authorised security research, penetration testing with written permission, threat intelligence, bug bounty hunting, and education.

Do not use these tools to:

• Investigate individuals without their consent or legal authority
• Access or probe systems you do not own or have permission to test
• Violate the terms of service of any third-party API or data source

Applicable laws include the Computer Fraud and Abuse Act (CFAA, US), Computer Misuse Act (UK), GDPR (EU), and equivalent legislation in your jurisdiction. The authors accept no liability for misuse.

---

Contributing

Contributions are welcome — new tools, better install recipes, bug fixes, and documentation improvements.

git clone https://github.com/rjn32s/osint-mcp
cd osint-mcp
uv venv && uv pip install -e ".[dev]"
osint-mcp status   # verify your setup

To add a new OSINT tool, create a BaseTool subclass in src/osint_mcp/tools/<category>/yourfile.py. The class needs name, description, input_schema, and an async run(args) method. The registry picks it up automatically.

---

Related Projects

• Sherlock — username OSINT across social networks
• subfinder — fast passive subdomain enumeration
• amass — OWASP attack-surface mapping
• theHarvester — email and host harvesting
• TruffleHog — secrets detection in git
• MCP Python SDK — the protocol this server implements

---

License

MIT © 2026 Rajan Shukla

---

mcp-name: io.github.rjn32s/osint-mcp