BBOT OSINT
Deploy a secure OSINT service based on BBOT with FastAPI API, Neo4j for full-fidelity storage (events, hosts, domains, IPs, URLs, emails), and MCP server for Cursor integration. Optimized for continuous low-concurrency scanning to reduce blocking ris
What is BBOT OSINT?
BBOT OSINT is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to deploy a secure osint service based on bbot with fastapi api, neo4j for full-fidelity storage (events, hosts, domains, ips, urls, emails), and mcp server for cursor integration. optimized for continuo...
Deploy a secure OSINT service based on BBOT with FastAPI API, Neo4j for full-fidelity storage (events, hosts, domains, IPs, URLs, emails), and MCP server for Cursor integration. Optimized for continuous low-concurrency scanning to reduce blocking ris
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Deploy a secure OSINT service based on BBOT with FastAPI API
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx bbot-osintConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use BBOT OSINT
BBOT OSINT MCP is a containerised, continuous OSINT monitoring stack built on BBOT, FastAPI, and Neo4j. It provides MCP tools for Cursor and Claude integration that let AI agents query live reconnaissance data including subdomains, hosts, IP addresses, URLs, and email addresses discovered through automated low-concurrency scanning cycles.
Prerequisites
- Ubuntu/Debian Linux server (VPS or dedicated) with root access
- Docker and Docker Compose installed
- A domain name for the central server with ports 80 and 443 open (for HTTPS)
- Optional API keys for BBOT enrichment modules: SecurityTrails, Shodan, VirusTotal
- Cursor IDE or another MCP-compatible client for the MCP integration
Install system dependencies
Ensure Docker and Docker Compose are installed on your Ubuntu server. The quick installer script handles this automatically, but you can install them manually if preferred.
sudo apt-get update && sudo apt-get install -y docker.io docker-compose git
sudo systemctl enable --now dockerClone and run the quick installer
Clone the repository to /opt and run the quick-install script which sets up Docker containers, generates secrets, and starts all services including the FastAPI server, Neo4j database, and BBOT scanner.
cd /opt
sudo git clone https://github.com/dn9uy3n/bbot-osint-mcp.git
cd bbot-osint-mcp
chmod +x scripts/quick-install.sh
./scripts/quick-install.shConfigure environment and targets
Edit the .env file to set your domain, Let's Encrypt email, Neo4j password, and rate limits. Edit init_config.json to specify the target domains you want to scan continuously and add any BBOT enrichment API keys.
# .env (central server)
LE_DOMAIN=osint.example.com
[email protected]
NEO4J_PASSWORD=strongpassword
PUBLIC_BASE_URL=https://osint.example.com
RATE_LIMIT_PER_MINUTE=120
MAX_CONCURRENT_SCANS=2
EVENT_RETENTION_DAYS=30Configure scan targets and BBOT modules
Edit init_config.json to define which domains to scan and which BBOT modules to enable. The scanner runs continuously in low-concurrency cycles to avoid rate limiting.
{
"targets": ["example.com", "example.org"],
"deployment_role": "central",
"scan_defaults": {
"presets": ["subdomain-enum"],
"flags": ["safe"],
"max_workers": 2,
"target_sleep_seconds": 300,
"cycle_sleep_seconds": 3600
},
"bbot_modules": {
"securitytrails": {"api_key": "YOUR_SECURITYTRAILS_KEY"},
"shodan_dns": {"api_key": "YOUR_SHODAN_KEY"},
"virustotal": {"api_key": "YOUR_VIRUSTOTAL_KEY"}
}
}Retrieve API token and configure MCP client
All API calls require the X-API-Token header. Retrieve the generated token from the secrets file and add it to your MCP client configuration.
# Get your API token
grep '^API_TOKEN:' /opt/bbot-osint-mcp/secrets/credentials.txt | awk '{print $2}'Add to your MCP client configuration
Configure Cursor or another MCP-compatible client to connect to the BBOT OSINT MCP server running on your domain. The server provides three MCP tools: osint.query, osint.events.query, and osint.status.
{
"mcpServers": {
"bbot-osint": {
"url": "https://osint.example.com/mcp",
"headers": {
"X-API-Token": "your-api-token-here"
}
}
}
}Monitor scanner activity
Stream logs to verify the BBOT scanner is running and uploading results to Neo4j. Filter for key scanner lifecycle events.
sudo docker logs -f bbot_osint 2>&1 | grep -E "Scanning|Sleep|Cycle"
# Health check
curl -H "X-API-Token: $API_TOKEN" https://osint.example.com/healthzBBOT OSINT Examples
Client configuration
MCP client configuration to connect to the BBOT OSINT server with API token authentication.
{
"mcpServers": {
"bbot-osint": {
"url": "https://osint.example.com/mcp",
"headers": {
"X-API-Token": "your-64-char-api-token"
}
}
}
}Prompts to try
Example prompts to query OSINT data through the AI agent integration.
- "Query all online subdomains of example.com discovered in the last 7 days"
- "Show me all open ports and services discovered for IP ranges belonging to example.org"
- "List email addresses found during OSINT enumeration of target.com and check for known breaches"Troubleshooting BBOT OSINT
The quick-install script fails partway through with a Docker permission error
Add your user to the docker group: sudo usermod -aG docker $USER, then log out and back in. Alternatively, run the install script with sudo.
MCP tools return empty results even though the scanner has been running
Check that Neo4j is healthy with 'sudo docker ps' and verify the scanner container is uploading events. The first full scan cycle may take 30-60 minutes depending on target scope. Use osint.status to check scanner state.
API calls return 401 Unauthorized with the correct token
Pass the token in the X-API-Token header, not as a Bearer token. Verify the token matches exactly what is in secrets/credentials.txt with no leading or trailing whitespace.
Frequently Asked Questions about BBOT OSINT
What is BBOT OSINT?
BBOT OSINT is a Model Context Protocol (MCP) server that deploy a secure osint service based on bbot with fastapi api, neo4j for full-fidelity storage (events, hosts, domains, ips, urls, emails), and mcp server for cursor integration. optimized for continuous low-concurrency scanning to reduce blocking ris It connects AI assistants to external tools and data sources through a standardized interface.
How do I install BBOT OSINT?
Follow the installation instructions on the BBOT OSINT GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with BBOT OSINT?
BBOT OSINT works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is BBOT OSINT free to use?
Yes, BBOT OSINT is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
BBOT OSINT Alternatives — Similar Security Servers
Looking for alternatives to BBOT OSINT? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up BBOT OSINT in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use BBOT OSINT?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.