Metadata-Version: 2.4
Name: osint-mcp
Version: 0.1.1
Summary: 26 free OSINT tools as MCP tools for AI agents — one command installs everything
Project-URL: Homepage, https://github.com/rjn32s/osint-mcp
Project-URL: Repository, https://github.com/rjn32s/osint-mcp
Project-URL: Bug Tracker, https://github.com/rjn32s/osint-mcp/issues
Author: Rajan Shukla
License: MIT
License-File: LICENSE
Keywords: ai,mcp,osint,reconnaissance,security
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Requires-Python: >=3.10
Requires-Dist: click>=8.0.0
Requires-Dist: httpx>=0.27.0
Requires-Dist: mcp>=1.0.0
Requires-Dist: pydantic>=2.0.0
Requires-Dist: python-whois>=0.9.5
Requires-Dist: requests>=2.31.0
Requires-Dist: rich>=13.0.0
Requires-Dist: shodan>=1.31.0
Requires-Dist: vt-py>=0.18.0
Provides-Extra: dev
Requires-Dist: pytest-asyncio>=0.23.0; extra == 'dev'
Requires-Dist: pytest>=8.0.0; extra == 'dev'
Requires-Dist: ruff>=0.4.0; extra == 'dev'
Description-Content-Type: text/markdown

# osint-mcp — Free OSINT Tools as MCP Tools for AI Agents

> **One command. 26 free OSINT tools. Any AI agent.**

[![PyPI version](https://img.shields.io/pypi/v/osint-mcp.svg)](https://pypi.org/project/osint-mcp/)
[![Python 3.10+](https://img.shields.io/badge/python-3.10%2B-blue.svg)](https://www.python.org/downloads/)
[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
[![Platform](https://img.shields.io/badge/platform-macOS%20%7C%20Linux-lightgrey.svg)](#supported-platforms)
[![MCP Compatible](https://img.shields.io/badge/MCP-compatible-purple.svg)](https://modelcontextprotocol.io)

```bash
uvx osint-mcp   # installs everything and starts the MCP server
```

---

## What is osint-mcp?

**osint-mcp** is a Python package that wraps 26 free [OSINT (Open Source Intelligence)](https://en.wikipedia.org/wiki/Open-source_intelligence) tools as [MCP (Model Context Protocol)](https://modelcontextprotocol.io) tools, giving AI agents like Claude, GPT-4, and any MCP-compatible agent the ability to perform real OSINT investigations directly from a conversation.

**The problem it solves:** Running OSINT tools traditionally requires installing a dozen separate binaries, writing glue scripts, and manually parsing outputs. `osint-mcp` automates the entire setup — it detects your OS, installs all tools via Homebrew / apt / Go / pip, and exposes them to your AI agent through a single MCP server.

**Who it is for:**
- Security researchers and penetration testers who want AI-assisted reconnaissance
- Developers building AI agents with security investigation capabilities
- Bug bounty hunters automating initial footprinting
- Threat intelligence analysts enriching IOCs (Indicators of Compromise)
- Students learning OSINT with AI guidance

---

## Key Features

- **26 free OSINT tools** spanning network, domain, social media, email, web, phone, and secrets scanning
- **Single-command setup** — `uvx osint-mcp` auto-installs all underlying tools on first run
- **MCP-native** — works out of the box with Claude Desktop, any MCP client, or the Anthropic SDK
- **Zero-config for most tools** — 15 tools work with no API key at all
- **Graceful degradation** — tools with optional free API keys (Shodan, VirusTotal) work in reduced mode without them and tell you exactly how to enable full access
- **macOS + Linux** support (Homebrew, apt, yum, Go, pip — all detected automatically)
- **Safe by default** — passive recon only unless you explicitly call a port-scan or secrets-scan tool

---

## One-Command Setup (Recommended)

`uvx` is the Python equivalent of `npx` — it installs the package in an isolated environment and runs it immediately. No `pip install`, no virtual environment setup needed.

```bash
uvx osint-mcp
```

On **first run**, this automatically:
1. Installs `osint-mcp` in an isolated Python environment
2. Detects your OS (macOS or Linux)
3. Installs all 26 OSINT tool binaries via Homebrew / apt / Go / uv pip
4. Starts the MCP server on stdio (ready for Claude Desktop or any MCP client)

On **subsequent runs**, it boots in under a second — tools are already installed.

---

## Connect to Claude Desktop

Add one entry to your Claude Desktop config and you are done.

**macOS** — `~/Library/Application Support/Claude/claude_desktop_config.json`  
**Linux** — `~/.config/Claude/claude_desktop_config.json`

```json
{
  "mcpServers": {
    "osint": {
      "command": "uvx",
      "args": ["osint-mcp"]
    }
  }
}
```

Restart Claude Desktop. You will see 26 new OSINT tools available in the tool list.

---

## Alternative: Traditional pip Install

If you prefer managing your own environment:

```bash
pip install osint-mcp

# Install all OSINT tool binaries
osint-mcp install

# Check what is available
osint-mcp status

# Start the MCP server
osint-mcp serve
```

---

## How It Works

```
Claude Desktop / AI Agent
        │
        │  MCP (stdio)
        ▼
  osint-mcp server
        │
        ├── osint_whois        →  python-whois library
        ├── osint_port_scan    →  nmap binary (subprocess)
        ├── osint_subdomain_enum → subfinder binary
        ├── osint_cert_transparency → crt.sh public API (HTTP)
        ├── osint_shodan_host  →  Shodan REST API (optional key)
        ├── osint_virustotal   →  VirusTotal REST API (optional key)
        └── ... 20 more tools
```

Each tool is a `BaseTool` subclass. The registry auto-discovers all subclasses at startup and registers them with [FastMCP](https://github.com/modelcontextprotocol/python-sdk). If a tool's binary is not installed, it returns a clear `"not installed — run osint-mcp install"` message instead of crashing.

---

## Complete Tool Reference (26 Tools)

### Network Intelligence

| MCP Tool | Underlying Technology | Key Required? | What It Does |
|---|---|---|---|
| `osint_whois` | python-whois | No | WHOIS lookup — registrar, creation date, expiry, nameservers |
| `osint_dns_lookup` | dig | No | DNS records: A, AAAA, MX, NS, TXT, CNAME, SOA, PTR, SRV, CAA |
| `osint_port_scan` | nmap | No | Port and service scan with version detection |
| `osint_ip_info` | ipinfo.io API | Optional | IP geolocation, ISP, org, timezone, abuse contact |
| `osint_asn_lookup` | ipinfo.io API | Optional | ASN number, BGP prefix, network owner |

### Domain & DNS Intelligence

| MCP Tool | Underlying Technology | Key Required? | What It Does |
|---|---|---|---|
| `osint_subdomain_enum` | subfinder | No | Passive subdomain enumeration from 40+ sources |
| `osint_amass` | amass | No | Deep attack-surface mapping across DNS, certs, APIs |
| `osint_cert_transparency` | crt.sh API | No | Certificate transparency log search — reveals subdomains via SSL certs |
| `osint_harvester` | theHarvester | No | Email addresses, hostnames, employee names from public sources |
| `osint_dnsrecon` | dnsrecon | No | Zone transfer attempts, SRV enumeration, reverse lookups |

### Social Media & Username OSINT

| MCP Tool | Underlying Technology | Key Required? | What It Does |
|---|---|---|---|
| `osint_username_search` | Sherlock | No | Username search across 300+ social platforms |
| `osint_maigret` | Maigret | No | Deep username profiling across 3,000+ sites with profile extraction |

### Email Intelligence

| MCP Tool | Underlying Technology | Key Required? | What It Does |
|---|---|---|---|
| `osint_email_accounts` | Holehe | No | Find which services (Instagram, Twitter, etc.) are linked to an email |
| `osint_email_breach` | HaveIBeenPwned | Optional | Check if an email appears in known data breaches |

### Web & Threat Intelligence

| MCP Tool | Underlying Technology | Key Required? | What It Does |
|---|---|---|---|
| `osint_wayback` | Internet Archive API | No | Retrieve historical snapshots of any URL from the Wayback Machine |
| `osint_urlscan` | urlscan.io API | Optional | Scan a URL — returns IPs contacted, tech stack, screenshot, threat score |
| `osint_shodan_host` | Shodan API | Required (free) | Open ports, services, banners, CVEs for any IP |
| `osint_shodan_search` | Shodan API | Required (free) | Search internet-connected devices with Shodan query syntax |
| `osint_virustotal` | VirusTotal API | Required (free) | Check URLs, IPs, domains, or file hashes against 70+ AV engines |

### Phone Number OSINT

| MCP Tool | Underlying Technology | Key Required? | What It Does |
|---|---|---|---|
| `osint_phone_info` | PhoneInfoga | No | Carrier, country, line type, and public source search for phone numbers |

### Secrets & Code Scanning

| MCP Tool | Underlying Technology | Key Required? | What It Does |
|---|---|---|---|
| `osint_scan_secrets` | TruffleHog | No | Scan a Git repo URL or local path for exposed secrets and API keys |
| `osint_gitleaks` | Gitleaks | No | Detect hardcoded passwords and tokens in Git history |

### Meta / Utility

| MCP Tool | What It Does |
|---|---|
| `osint_install_status` | JSON list of all tools with availability status — useful for agents to check before running |
| `osint_config_get` | Read a stored API key (masked) |
| `osint_config_set` | Store an API key from within an agent conversation |
| `osint_config_list` | List all configured API keys |

---

## Optional Free API Keys

These tools work without a key but unlock significantly more data with one. All are free to register.

| Tool | Config Key | Free Tier | Register At |
|---|---|---|---|
| Shodan | `shodan_key` | 1 query/sec, 100 results | https://account.shodan.io |
| VirusTotal | `virustotal_key` | 4 requests/min | https://www.virustotal.com/gui/join-us |
| ipinfo.io | `ipinfo_key` | 50,000 req/month | https://ipinfo.io/signup |
| HaveIBeenPwned | `hibp_key` | Free for email checks | https://haveibeenpwned.com/API/Key |
| urlscan.io | `urlscan_key` | 100 scans/day | https://urlscan.io/user/signup |

```bash
# Set a key via CLI
osint-mcp config set shodan_key=YOUR_KEY

# Or let your AI agent set it during a conversation (via osint_config_set tool)
```

---

## Example AI Agent Conversations

Once connected to Claude Desktop, you can ask questions like:

> *"Investigate the domain example.com — find subdomains, check for data breaches on contact emails, and look it up on Shodan."*

> *"Scan the GitHub repo github.com/org/repo for exposed secrets and API keys."*

> *"Find all social media accounts associated with the username johndoe123."*

> *"Check if the IP 1.2.3.4 is listed on Shodan and what ports are open."*

> *"Look up the phone number +14155552671 and find what carrier and country it's registered to."*

The agent automatically chains multiple tools, interprets the results, and presents a coherent investigation summary — no manual tool orchestration needed.

---

## CLI Reference

```
osint-mcp                          Start the MCP server (default, same as serve)
osint-mcp serve                    Start the MCP server explicitly
osint-mcp serve --no-auto-install  Skip first-run tool installation
osint-mcp install                  Install all missing OSINT tools
osint-mcp install --category X     Install only tools in category (network/domain/social…)
osint-mcp install --dry-run        Preview what would be installed
osint-mcp status                   Show a table of all tools and their availability
osint-mcp config set KEY=VALUE     Store an API key
osint-mcp config get KEY           Read a stored key (masked)
osint-mcp config list              List all stored keys
osint-mcp config delete KEY        Remove a key
osint-mcp --version                Print version
osint-mcp --help                   Show help
```

---

## Supported Platforms

| Platform | How Tools Are Installed |
|---|---|
| macOS | Homebrew (`brew install`) · `go install` · `uv pip install` |
| Linux (Debian / Ubuntu) | `apt-get install` · `go install` · `uv pip install` |
| Linux (RHEL / Fedora / CentOS) | `yum` / `dnf` · `go install` · `uv pip install` |

**Prerequisites auto-handled:**
- Homebrew — must be pre-installed on macOS (https://brew.sh)
- Go 1.21+ — required for subfinder, amass, phoneinfoga, gitleaks (installer skips gracefully if absent)
- Python 3.10+ — required (bundled when using uvx)

---

## Frequently Asked Questions

**Q: What is MCP (Model Context Protocol)?**  
A: MCP is an open standard by Anthropic that lets AI models call external tools in a structured, secure way. It is to AI agents what HTTP is to web browsers — a universal protocol for tool use. Learn more at [modelcontextprotocol.io](https://modelcontextprotocol.io).

**Q: Does osint-mcp work with AI agents other than Claude?**  
A: Yes. Any MCP-compatible client works — including OpenAI's agent framework (via MCP adapters), LangChain, LlamaIndex, and custom agents built with the Anthropic SDK. The server communicates over stdio using the standard MCP JSON-RPC protocol.

**Q: Does it cost anything?**  
A: The package itself is free and open source. All 26 tools are free. Some tools (Shodan, VirusTotal) require a free API key registration for full functionality but offer a usable free tier.

**Q: Is it safe? Will it run scans without my permission?**  
A: Passive tools (WHOIS, certificate transparency, breach databases, username search) run automatically. Active tools (port scanning with nmap, secret scanning with TruffleHog) only run when you or your agent explicitly calls them — and the server instructions remind the agent to confirm with the user before active scans.

**Q: How is this different from running OSINT tools manually?**  
A: Three ways: (1) **Installation** — one command installs everything vs. hours of setup. (2) **Integration** — your AI agent can chain multiple tools automatically and interpret combined results. (3) **Conversation** — you describe what you want in plain English instead of memorising CLI flags.

**Q: What is the difference between uvx and pip for installing osint-mcp?**  
A: `uvx osint-mcp` (recommended) runs the package in an isolated environment — no global pip install, no virtual environment setup. `pip install osint-mcp` installs it into your current environment. Both work; uvx is simpler and avoids dependency conflicts.

**Q: Can I add my own OSINT tools?**  
A: Yes. Create a subclass of `BaseTool` in any file under `src/osint_mcp/tools/<category>/` — the registry auto-discovers it on next start. No registration step needed. See [tools/base.py](src/osint_mcp/tools/base.py) for the interface.

---

## Ethical and Legal Use

`osint-mcp` is designed for **authorised** security research, penetration testing with written permission, threat intelligence, bug bounty hunting, and education.

**Do not** use these tools to:
- Investigate individuals without their consent or legal authority
- Access or probe systems you do not own or have permission to test
- Violate the terms of service of any third-party API or data source

Applicable laws include the Computer Fraud and Abuse Act (CFAA, US), Computer Misuse Act (UK), GDPR (EU), and equivalent legislation in your jurisdiction. The authors accept no liability for misuse.

---

## Contributing

Contributions are welcome — new tools, better install recipes, bug fixes, and documentation improvements.

```bash
git clone https://github.com/rjn32s/osint-mcp
cd osint-mcp
uv venv && uv pip install -e ".[dev]"
osint-mcp status   # verify your setup
```

To add a new OSINT tool, create a `BaseTool` subclass in `src/osint_mcp/tools/<category>/yourfile.py`. The class needs `name`, `description`, `input_schema`, and an `async run(args)` method. The registry picks it up automatically.

---

## Related Projects

- [Sherlock](https://github.com/sherlock-project/sherlock) — username OSINT across social networks
- [subfinder](https://github.com/projectdiscovery/subfinder) — fast passive subdomain enumeration
- [amass](https://github.com/owasp-amass/amass) — OWASP attack-surface mapping
- [theHarvester](https://github.com/laramies/theHarvester) — email and host harvesting
- [TruffleHog](https://github.com/trufflesecurity/trufflehog) — secrets detection in git
- [MCP Python SDK](https://github.com/modelcontextprotocol/python-sdk) — the protocol this server implements

---

## License

MIT © 2026 Rajan Shukla

---

mcp-name: io.github.rjn32s/osint-mcp
