OSINT MCP
OSINT intelligence MCP server for AI agents — 37 tools, 12 sources. Shodan, VirusTotal, Censys, SecurityTrails, DNS reconnaissance, WHOIS, certificate transparency, BGP routing, Wayback Machine, GeoIP. Automated open source intelligence and attack su
What is OSINT MCP?
OSINT MCP is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to osint intelligence mcp server for ai agents — 37 tools, 12 sources. shodan, virustotal, censys, securitytrails, dns reconnaissance, whois, certificate transparency, bgp routing, wayback machine, geoip...
OSINT intelligence MCP server for AI agents — 37 tools, 12 sources. Shodan, VirusTotal, Censys, SecurityTrails, DNS reconnaissance, WHOIS, certificate transparency, BGP routing, Wayback Machine, GeoIP. Automated open source intelligence and attack su
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- OSINT intelligence MCP server for AI agents — 37 tools, 12 s
Use Cases
Maintainer
Works with
Installation
NPM
npx -y osint-mcp-serverManual Installation
npx -y osint-mcp-serverConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use OSINT MCP
The OSINT MCP server is a comprehensive open-source intelligence toolkit exposing 37 tools across 12 data sources including Shodan, VirusTotal, Censys, SecurityTrails, DNS reconnaissance, WHOIS/RDAP, certificate transparency via crt.sh, BGP/ASN routing data, Wayback Machine, GeoIP, HackerTarget, and Microsoft 365 tenant discovery. Security researchers, penetration testers, and bug bounty hunters use it to perform automated attack surface mapping and threat intelligence gathering directly through AI assistants. Seven sources (DNS, WHOIS, crt.sh, GeoIP, BGP, HackerTarget, Wayback Machine) work without any API keys, while premium sources unlock with their respective keys.
Prerequisites
- Node.js 18+ and npx on your PATH (for zero-install usage)
- Optional: Shodan API key (SHODAN_API_KEY) for host and exploit search
- Optional: VirusTotal API key (VT_API_KEY) for malware and URL analysis
- Optional: SecurityTrails API key (ST_API_KEY) for DNS history and subdomain data
- Optional: Censys API credentials (CENSYS_API_ID and CENSYS_API_SECRET) for certificate and host search
Test the server without installation
Run the OSINT MCP server directly with npx to verify it works. The free tools (DNS, WHOIS, GeoIP, etc.) work immediately without any API keys.
npx -y osint-mcp-server --listConfigure Claude Code (quickest setup)
Add the server to Claude Code with a single command. API keys can be added as environment variables separately.
claude mcp add osint-mcp-server -- npx osint-mcp-serverTest a free OSINT tool
Run a DNS lookup or full domain reconnaissance scan to verify the server is working correctly.
npx osint-mcp-server --tool dns_lookup '{"domain":"example.com","type":"A"}'
npx osint-mcp-server --tool osint_domain_recon '{"domain":"example.com"}'}Configure premium API keys
Export API keys for premium sources you have access to. Each key unlocks additional tools.
export SHODAN_API_KEY=your-shodan-key
export VT_API_KEY=your-virustotal-key
export ST_API_KEY=your-securitytrails-key
export CENSYS_API_ID=your-censys-id
export CENSYS_API_SECRET=your-censys-secretConfigure Claude Desktop
Add the server to your Claude Desktop configuration with any API keys you want to use.
OSINT MCP Examples
Client configuration
Claude Desktop configuration for the OSINT MCP server with all optional API keys.
{
"mcpServers": {
"osint": {
"command": "npx",
"args": ["-y", "osint-mcp-server"],
"env": {
"SHODAN_API_KEY": "your-shodan-api-key",
"VT_API_KEY": "your-virustotal-api-key",
"ST_API_KEY": "your-securitytrails-api-key",
"CENSYS_API_ID": "your-censys-api-id",
"CENSYS_API_SECRET": "your-censys-api-secret"
}
}
}
}Prompts to try
Example prompts for OSINT investigations through Claude.
- "Perform a full domain reconnaissance on example.com"
- "Look up all subdomains for target.com using certificate transparency logs"
- "What is the BGP ASN and routing information for IP 1.2.3.4?"
- "Check VirusTotal for any malware reports on domain malicious.example.com"
- "Find all open ports and services on IP 192.0.2.1 using Shodan"
- "Show me DNS history for domain.com to find previously used IPs"
- "Check if Microsoft 365 tenant exists for company.com"Troubleshooting OSINT MCP
Shodan or VirusTotal tools not available
Premium source tools only appear when their API keys are configured. Set the appropriate environment variable (SHODAN_API_KEY, VT_API_KEY, ST_API_KEY, CENSYS_API_ID + CENSYS_API_SECRET) in your MCP client config env block or your shell environment before starting Claude.
Rate limit errors from free OSINT sources
Free tools like DNS, HackerTarget, and Wayback Machine are subject to rate limits from those public services. Add delays between large-scale scans, or use the paid API versions of those services where available.
osint_domain_recon returns incomplete results
The domain recon meta-tool aggregates results from multiple sources. Sources without API keys will be skipped. Add the relevant API keys to unlock all 12 data sources for comprehensive reconnaissance.
Frequently Asked Questions about OSINT MCP
What is OSINT MCP?
OSINT MCP is a Model Context Protocol (MCP) server that osint intelligence mcp server for ai agents — 37 tools, 12 sources. shodan, virustotal, censys, securitytrails, dns reconnaissance, whois, certificate transparency, bgp routing, wayback machine, geoip. automated open source intelligence and attack su It connects AI assistants to external tools and data sources through a standardized interface.
How do I install OSINT MCP?
Install via npm with the command: npx -y osint-mcp-server. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).
Which AI clients work with OSINT MCP?
OSINT MCP works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is OSINT MCP free to use?
Yes, OSINT MCP is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.
OSINT MCP Alternatives — Similar Security Servers
Looking for alternatives to OSINT MCP? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up OSINT MCP in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use OSINT MCP?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.