OSINT MCP

v0.2.0Securitystable

OSINT intelligence MCP server for AI agents — 37 tools, 12 sources. Shodan, VirusTotal, Censys, SecurityTrails, DNS reconnaissance, WHOIS, certificate transparency, BGP routing, Wayback Machine, GeoIP. Automated open source intelligence and attack su

ai-agentattack-surfacebgpbug-bountycensys
Share:
18
Stars
0
Downloads
0
Weekly
0/5

What is OSINT MCP?

OSINT MCP is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to osint intelligence mcp server for ai agents — 37 tools, 12 sources. shodan, virustotal, censys, securitytrails, dns reconnaissance, whois, certificate transparency, bgp routing, wayback machine, geoip...

OSINT intelligence MCP server for AI agents — 37 tools, 12 sources. Shodan, VirusTotal, Censys, SecurityTrails, DNS reconnaissance, WHOIS, certificate transparency, BGP routing, Wayback Machine, GeoIP. Automated open source intelligence and attack su

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • OSINT intelligence MCP server for AI agents — 37 tools, 12 s

Use Cases

Open source intelligence gathering
Security research and threat analysis
37 tools across 12 sources
badchars

Maintainer

LicenseMIT License
Languagetypescript
Versionv0.2.0
UpdatedMay 17, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

NPM

npx -y osint-mcp-server

Manual Installation

npx -y osint-mcp-server

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use OSINT MCP

The OSINT MCP server is a comprehensive open-source intelligence toolkit exposing 37 tools across 12 data sources including Shodan, VirusTotal, Censys, SecurityTrails, DNS reconnaissance, WHOIS/RDAP, certificate transparency via crt.sh, BGP/ASN routing data, Wayback Machine, GeoIP, HackerTarget, and Microsoft 365 tenant discovery. Security researchers, penetration testers, and bug bounty hunters use it to perform automated attack surface mapping and threat intelligence gathering directly through AI assistants. Seven sources (DNS, WHOIS, crt.sh, GeoIP, BGP, HackerTarget, Wayback Machine) work without any API keys, while premium sources unlock with their respective keys.

Prerequisites

  • Node.js 18+ and npx on your PATH (for zero-install usage)
  • Optional: Shodan API key (SHODAN_API_KEY) for host and exploit search
  • Optional: VirusTotal API key (VT_API_KEY) for malware and URL analysis
  • Optional: SecurityTrails API key (ST_API_KEY) for DNS history and subdomain data
  • Optional: Censys API credentials (CENSYS_API_ID and CENSYS_API_SECRET) for certificate and host search
1

Test the server without installation

Run the OSINT MCP server directly with npx to verify it works. The free tools (DNS, WHOIS, GeoIP, etc.) work immediately without any API keys.

npx -y osint-mcp-server --list
2

Configure Claude Code (quickest setup)

Add the server to Claude Code with a single command. API keys can be added as environment variables separately.

claude mcp add osint-mcp-server -- npx osint-mcp-server
3

Test a free OSINT tool

Run a DNS lookup or full domain reconnaissance scan to verify the server is working correctly.

npx osint-mcp-server --tool dns_lookup '{"domain":"example.com","type":"A"}'
npx osint-mcp-server --tool osint_domain_recon '{"domain":"example.com"}'}
4

Configure premium API keys

Export API keys for premium sources you have access to. Each key unlocks additional tools.

export SHODAN_API_KEY=your-shodan-key
export VT_API_KEY=your-virustotal-key
export ST_API_KEY=your-securitytrails-key
export CENSYS_API_ID=your-censys-id
export CENSYS_API_SECRET=your-censys-secret
5

Configure Claude Desktop

Add the server to your Claude Desktop configuration with any API keys you want to use.

OSINT MCP Examples

Client configuration

Claude Desktop configuration for the OSINT MCP server with all optional API keys.

{
  "mcpServers": {
    "osint": {
      "command": "npx",
      "args": ["-y", "osint-mcp-server"],
      "env": {
        "SHODAN_API_KEY": "your-shodan-api-key",
        "VT_API_KEY": "your-virustotal-api-key",
        "ST_API_KEY": "your-securitytrails-api-key",
        "CENSYS_API_ID": "your-censys-api-id",
        "CENSYS_API_SECRET": "your-censys-api-secret"
      }
    }
  }
}

Prompts to try

Example prompts for OSINT investigations through Claude.

- "Perform a full domain reconnaissance on example.com"
- "Look up all subdomains for target.com using certificate transparency logs"
- "What is the BGP ASN and routing information for IP 1.2.3.4?"
- "Check VirusTotal for any malware reports on domain malicious.example.com"
- "Find all open ports and services on IP 192.0.2.1 using Shodan"
- "Show me DNS history for domain.com to find previously used IPs"
- "Check if Microsoft 365 tenant exists for company.com"

Troubleshooting OSINT MCP

Shodan or VirusTotal tools not available

Premium source tools only appear when their API keys are configured. Set the appropriate environment variable (SHODAN_API_KEY, VT_API_KEY, ST_API_KEY, CENSYS_API_ID + CENSYS_API_SECRET) in your MCP client config env block or your shell environment before starting Claude.

Rate limit errors from free OSINT sources

Free tools like DNS, HackerTarget, and Wayback Machine are subject to rate limits from those public services. Add delays between large-scale scans, or use the paid API versions of those services where available.

osint_domain_recon returns incomplete results

The domain recon meta-tool aggregates results from multiple sources. Sources without API keys will be skipped. Add the relevant API keys to unlock all 12 data sources for comprehensive reconnaissance.

Frequently Asked Questions about OSINT MCP

What is OSINT MCP?

OSINT MCP is a Model Context Protocol (MCP) server that osint intelligence mcp server for ai agents — 37 tools, 12 sources. shodan, virustotal, censys, securitytrails, dns reconnaissance, whois, certificate transparency, bgp routing, wayback machine, geoip. automated open source intelligence and attack su It connects AI assistants to external tools and data sources through a standardized interface.

How do I install OSINT MCP?

Install via npm with the command: npx -y osint-mcp-server. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).

Which AI clients work with OSINT MCP?

OSINT MCP works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is OSINT MCP free to use?

Yes, OSINT MCP is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.

OSINT MCP Alternatives — Similar Security Servers

Looking for alternatives to OSINT MCP? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "osint": { "command": "npx", "args": ["-y", "osint-mcp-server"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use OSINT MCP?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides