BBOT OSINT

v1.0.0Securitystable

Deploy a secure OSINT service based on BBOT with FastAPI API, Neo4j for full-fidelity storage (events, hosts, domains, IPs, URLs, emails), and MCP server for Cursor integration. Optimized for continuous low-concurrency scanning to reduce blocking ris

bbotcursor-aimcposintosint-tool
Share:
8
Stars
0
Downloads
0
Weekly
0/5

What is BBOT OSINT?

BBOT OSINT is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to deploy a secure osint service based on bbot with fastapi api, neo4j for full-fidelity storage (events, hosts, domains, ips, urls, emails), and mcp server for cursor integration. optimized for continuo...

Deploy a secure OSINT service based on BBOT with FastAPI API, Neo4j for full-fidelity storage (events, hosts, domains, IPs, URLs, emails), and MCP server for Cursor integration. Optimized for continuous low-concurrency scanning to reduce blocking ris

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Deploy a secure OSINT service based on BBOT with FastAPI API

Use Cases

Perform comprehensive OSINT scans and store results in Neo4j.
Query security intelligence data for threat analysis.
dn9uy3n

Maintainer

LicenseMIT
Languagepython
Versionv1.0.0
UpdatedApr 8, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx bbot-osint

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use BBOT OSINT

BBOT OSINT MCP is a containerised, continuous OSINT monitoring stack built on BBOT, FastAPI, and Neo4j. It provides MCP tools for Cursor and Claude integration that let AI agents query live reconnaissance data including subdomains, hosts, IP addresses, URLs, and email addresses discovered through automated low-concurrency scanning cycles.

Prerequisites

  • Ubuntu/Debian Linux server (VPS or dedicated) with root access
  • Docker and Docker Compose installed
  • A domain name for the central server with ports 80 and 443 open (for HTTPS)
  • Optional API keys for BBOT enrichment modules: SecurityTrails, Shodan, VirusTotal
  • Cursor IDE or another MCP-compatible client for the MCP integration
1

Install system dependencies

Ensure Docker and Docker Compose are installed on your Ubuntu server. The quick installer script handles this automatically, but you can install them manually if preferred.

sudo apt-get update && sudo apt-get install -y docker.io docker-compose git
sudo systemctl enable --now docker
2

Clone and run the quick installer

Clone the repository to /opt and run the quick-install script which sets up Docker containers, generates secrets, and starts all services including the FastAPI server, Neo4j database, and BBOT scanner.

cd /opt
sudo git clone https://github.com/dn9uy3n/bbot-osint-mcp.git
cd bbot-osint-mcp
chmod +x scripts/quick-install.sh
./scripts/quick-install.sh
3

Configure environment and targets

Edit the .env file to set your domain, Let's Encrypt email, Neo4j password, and rate limits. Edit init_config.json to specify the target domains you want to scan continuously and add any BBOT enrichment API keys.

# .env (central server)
LE_DOMAIN=osint.example.com
[email protected]
NEO4J_PASSWORD=strongpassword
PUBLIC_BASE_URL=https://osint.example.com
RATE_LIMIT_PER_MINUTE=120
MAX_CONCURRENT_SCANS=2
EVENT_RETENTION_DAYS=30
4

Configure scan targets and BBOT modules

Edit init_config.json to define which domains to scan and which BBOT modules to enable. The scanner runs continuously in low-concurrency cycles to avoid rate limiting.

{
  "targets": ["example.com", "example.org"],
  "deployment_role": "central",
  "scan_defaults": {
    "presets": ["subdomain-enum"],
    "flags": ["safe"],
    "max_workers": 2,
    "target_sleep_seconds": 300,
    "cycle_sleep_seconds": 3600
  },
  "bbot_modules": {
    "securitytrails": {"api_key": "YOUR_SECURITYTRAILS_KEY"},
    "shodan_dns": {"api_key": "YOUR_SHODAN_KEY"},
    "virustotal": {"api_key": "YOUR_VIRUSTOTAL_KEY"}
  }
}
5

Retrieve API token and configure MCP client

All API calls require the X-API-Token header. Retrieve the generated token from the secrets file and add it to your MCP client configuration.

# Get your API token
grep '^API_TOKEN:' /opt/bbot-osint-mcp/secrets/credentials.txt | awk '{print $2}'
6

Add to your MCP client configuration

Configure Cursor or another MCP-compatible client to connect to the BBOT OSINT MCP server running on your domain. The server provides three MCP tools: osint.query, osint.events.query, and osint.status.

{
  "mcpServers": {
    "bbot-osint": {
      "url": "https://osint.example.com/mcp",
      "headers": {
        "X-API-Token": "your-api-token-here"
      }
    }
  }
}
7

Monitor scanner activity

Stream logs to verify the BBOT scanner is running and uploading results to Neo4j. Filter for key scanner lifecycle events.

sudo docker logs -f bbot_osint 2>&1 | grep -E "Scanning|Sleep|Cycle"

# Health check
curl -H "X-API-Token: $API_TOKEN" https://osint.example.com/healthz

BBOT OSINT Examples

Client configuration

MCP client configuration to connect to the BBOT OSINT server with API token authentication.

{
  "mcpServers": {
    "bbot-osint": {
      "url": "https://osint.example.com/mcp",
      "headers": {
        "X-API-Token": "your-64-char-api-token"
      }
    }
  }
}

Prompts to try

Example prompts to query OSINT data through the AI agent integration.

- "Query all online subdomains of example.com discovered in the last 7 days"
- "Show me all open ports and services discovered for IP ranges belonging to example.org"
- "List email addresses found during OSINT enumeration of target.com and check for known breaches"

Troubleshooting BBOT OSINT

The quick-install script fails partway through with a Docker permission error

Add your user to the docker group: sudo usermod -aG docker $USER, then log out and back in. Alternatively, run the install script with sudo.

MCP tools return empty results even though the scanner has been running

Check that Neo4j is healthy with 'sudo docker ps' and verify the scanner container is uploading events. The first full scan cycle may take 30-60 minutes depending on target scope. Use osint.status to check scanner state.

API calls return 401 Unauthorized with the correct token

Pass the token in the X-API-Token header, not as a Bearer token. Verify the token matches exactly what is in secrets/credentials.txt with no leading or trailing whitespace.

Frequently Asked Questions about BBOT OSINT

What is BBOT OSINT?

BBOT OSINT is a Model Context Protocol (MCP) server that deploy a secure osint service based on bbot with fastapi api, neo4j for full-fidelity storage (events, hosts, domains, ips, urls, emails), and mcp server for cursor integration. optimized for continuous low-concurrency scanning to reduce blocking ris It connects AI assistants to external tools and data sources through a standardized interface.

How do I install BBOT OSINT?

Follow the installation instructions on the BBOT OSINT GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with BBOT OSINT?

BBOT OSINT works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is BBOT OSINT free to use?

Yes, BBOT OSINT is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

BBOT OSINT Alternatives — Similar Security Servers

Looking for alternatives to BBOT OSINT? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "bbot-osint": { "command": "npx", "args": ["-y", "bbot-osint"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use BBOT OSINT?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides