osint-mcp-server

Overview

The osint-mcp-server provides AI agents with comprehensive open-source intelligence capabilities through Model Context Protocol. It aggregates 37 tools from 12 different sources including Shodan, VirusTotal, Censys, SecurityTrails, and more. The server enables parallel querying across all sources, automatic data correlation, and intelligent analysis of attack surfaces. Unlike traditional OSINT workflows that require manually switching between multiple platforms, this MCP server allows AI agents to execute reconnaissance operations through natural language requests, receiving consolidated intelligence with actionable insights. The implementation is production-ready with 21 free tools and 16 premium tools requiring optional API keys.

Try asking AI

After installing, here are 7 things you can ask your AI assistant:

• dns_lookup

  Resolve A, AAAA, MX, TXT, NS, SOA, CNAME, SRV records

  Try:What are the DNS records for example.com?Try:Show me the MX records for company.org
• dns_reverse

  Reverse DNS (PTR) lookup for an IP address

  Try:What's the reverse DNS for 192.168.1.1?Try:Find the hostname for 8.8.8.8
• dns_email_security

  SPF + DMARC + DKIM analysis with risk scoring

  Try:Analyze email security for example.comTry:Check SPF and DMARC settings for company.org
• whois_domain

  RDAP domain lookup - registrar, dates, contacts

  Try:Who owns example.com?Try:Get registrar info for company.org
• whois_ip

  RDAP IP lookup - network name, CIDR, entities

  Try:Who owns the IP 8.8.8.8?Try:Get network info for 192.168.1.1
• crtsh_search

  Search CT logs via crt.sh - subdomain discovery

  Try:Find all subdomains of example.comTry:What certificates exist for company.org
• shodan_host

  IP details: open ports, services, vulnerabilities

  Try:Scan 192.168.1.1 for open portsTry:What services are running on example.com
• shodan_search

  Search Shodan query language for hosts

  Try:Find Apache servers in the USTry:Search for IoT devices with open ports
• shodan_exploits

  Search public exploit database

  Try:Find exploits for Apache 2.4.49Try:Search for CVE-2021-41773 PoC
• vt_domain

  Domain reputation and detection stats

  Try:Check reputation of example.comTry:Is company.org flagged as suspicious?
• vt_ip

  IP reputation and detection stats

  Try:Check reputation of 8.8.8.8Try:Is 192.168.1.1 malicious?
• vt_subdomains

  Discover subdomains via VirusTotal

  Try:Find subdomains of example.comTry:What subdomains does company.org have?

Comparable tools

Installation

npx osint-mcp-server

git clone https://github.com/badchars/osint-mcp-server.git
cd osint-mcp-server
bun install

# Premium OSINT sources — all optional
export SHODAN_API_KEY=your-key           # Enables 4 Shodan tools
export VT_API_KEY=your-key               # Enables 4 VirusTotal tools
export ST_API_KEY=your-key               # Enables 3 SecurityTrails tools
export CENSYS_API_ID=your-id             # Enables 3 Censys tools
export CENSYS_API_SECRET=your-secret     # Required with CENSYS_API_ID

{
  "mcpServers": {
    "osint": {
      "command": "npx",
      "args": ["-y", "osint-mcp-server"],
      "env": {
        "SHODAN_API_KEY": "optional",
        "VT_API_KEY": "optional",
        "ST_API_KEY": "optional",
        "CENSYS_API_ID": "optional",
        "CENSYS_API_SECRET": "optional"
      }
    }
  }
}

FAQ

How many tools are available without API keys?

21 tools work immediately without any API keys, covering DNS, WHOIS, crt.sh, GeoIP, BGP, Wayback Machine, HackerTarget, and Microsoft 365 tenant discovery.

Which AI agents support this MCP server?

The server works with any MCP-compatible AI client including Claude Desktop, Claude Code, Cursor, Windsurf, and others that support the Model Context Protocol.

Does it require programming knowledge to use?

No. The server is designed to work through natural language conversations with AI agents. Users simply ask questions in plain English and the agent handles the tool execution and correlation.

Compare osint-mcp-server with