What are the requirements for OSINT MCP Server?

OSINT MCP Server requires the following environment variables: SHODAN_API_KEY (optional), HIBP_API_KEY (optional), GITHUB_TOKEN (optional), VIRUSTOTAL_API_KEY (optional). You'll also need a compatible MCP client like Claude Desktop or Claude Code.

Is OSINT MCP Server free to use?

Yes, OSINT MCP Server is open source and free to use. You can find the source code on GitHub.

What MCP clients support OSINT MCP Server?

OSINT MCP Server works with any MCP-compatible client including Claude Desktop (Anthropic's official desktop app), Claude Code (CLI tool), Cursor, and other editors with MCP support.

How do I configure OSINT MCP Server?

Configure OSINT MCP Server by adding it to your MCP client's config file. For Claude Desktop, edit claude_desktop_config.json and add the server configuration. See the Configuration section above for a ready-to-use example.

OSINT MCP Server

Q: What tools does OSINT MCP Server provide?

ip_geolocation: Get geolocation data for an IP address. whois_lookup: Perform RDAP WHOIS lookup for a domain. check_breaches: Check if an email has been compromised (HIBP). shodan_host: Get host details from Shodan. url_reputation: Check URL reputation on VirusTotal. subdomain_enum: Find subdomains using multiple sources. github_user_info: Get detailed GitHub user metadata. reverse_image_search_anime: Search anime/art images on SauceNAO. phone_lookup: Lookup phone number intelligence.

Q: How do I install OSINT MCP Server?

Install OSINT MCP Server by running: npm install && npm run build

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal

npm install
npm run build

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal

claude mcp add osint-mcp -- node "<FULL_PATH_TO_OSINT_MCP>/dist/index.js" --stdio

Replace <FULL_PATH_TO_OSINT_MCP>/dist/index.js with the actual folder you prepared in step 1.

README.md

A comprehensive MCP server providing a wide range of OSINT tools.

OSINT MCP Server

A comprehensive Model Context Protocol (MCP) server providing a wide range of OSINT (Open Source Intelligence) tools.

Features

IP Intelligence: Geolocation (ip-api.com), Shodan, GreyNoise, AlienVault OTX, MAC Address Lookup
Domain Intelligence: WHOIS (RDAP, Shodan, History), DNS (Robtex, HackerTarget, Direct), SSL Certificates (crt.sh), Subdomain Enumeration, Wayback Machine (Archive.org)
Social & Identity: GitHub (Profile, Repos, Commit Emails, Repo Commits), Reddit (Profile, Posts), Fandom (Profile, Contributions), Username Search (20+ platforms), Keybase Lookup
Web Intelligence: Technology Stack Detection, Social Metadata Scraping, Wayback Machine, Exa Search, VirusTotal, EXIF Metadata Extraction
Email OSINT: HaveIBeenPwned, Hunter.io, Email Permutator, Domain Email Search, Social Profile Check (Gravatar)
Crypto & Phone: Bitcoin/Ethereum Wallet Lookup, Phone Number Intelligence
Image OSINT: Reverse Image Search (SauceNAO), Image Tagging (Imagga), Visual Analysis (Google Vision), EXIF Metadata

Prerequisites

Node.js 20+
API Keys for various services (optional but recommended for full functionality)

Installation

Clone the repository
Install dependencies:
```
npm install
```
Build the project:
```
npm run build
```

Configuration

You can configure API keys using environment variables or a config.json file in the root directory.

Example `config.json`

{
  "SHODAN_API_KEY": "your_shodan_key",
  "HIBP_API_KEY": "your_hibp_key",
  "EXA_API_KEY": "your_exa_key",
  "VIRUSTOTAL_API_KEY": "your_vt_key",
  "HUNTER_API_KEY": "your_hunter_key",
  "GREYNOISE_API_KEY": "your_greynoise_key",
  "ALIENVAULT_API_KEY": "your_otx_key",
  "SECURITYTRAILS_API_KEY": "your_st_key",
  "ZOOMEYE_API_KEY": "your_zoomeye_key",
  "SAUCENAO_API_KEY": "your_saucenao_key",
  "IMAGGA_API_KEY": "your_imagga_key",
  "IMAGGA_API_SECRET": "your_imagga_secret",
  "GOOGLE_CLOUD_API_KEY": "your_google_key",
  "GITHUB_TOKEN": "your_github_pat",
  "WHOISXML_API_KEY": "your_whoisxml_key",
  "ABSTRACT_PHONE_API_KEY": "your_abstract_key",
  "PORT": 3000,
  "HOST": "0.0.0.0"
}

Usage

Stdio Transport (Default for many MCP clients)

node dist/index.js --stdio

HTTP Transport

npm start

The server will be available at http://localhost:3000/mcp.

Tools

Tool Name	Description
`ip_geolocation`	Get geolocation data for an IP address
`whois_lookup`	Perform RDAP WHOIS lookup for a domain
`whois_history`	Lookup WHOIS history for a domain
`dns_lookup_passive`	Get passive DNS records from Robtex
`dns_lookup_direct`	Real-time DNS lookup (A, MX, TXT, etc.)
`reverse_dns`	Lookup hostname for an IP address
`check_breaches`	Check if an email has been compromised (HIBP)
`shodan_host`	Get host details from Shodan
`shodan_whois`	Perform WHOIS lookup via Shodan Labs
`ssl_certs`	Lookup SSL certificates on crt.sh
`url_reputation`	Check URL reputation on VirusTotal
`dns_enumeration`	Perform DNS enumeration via HackerTarget
`subdomain_enum`	Find subdomains using multiple sources
`hunter_domain_search`	Search for email addresses on a domain
`greynoise_ip_context`	Get IP context from GreyNoise
`otx_indicator_details`	Get threat intel from AlienVault OTX
`securitytrails_subdomains`	Find subdomains via SecurityTrails
`zoomeye_host_search`	Search hosts on ZoomEye
`reverse_image_search_anime`	Search anime/art images on SauceNAO
`image_tagging`	Tag and categorize images with Imagga
`google_vision_analyze`	Analyze images with Google Vision
`github_user_info`	Get detailed GitHub user metadata
`github_user_repos`	List public GitHub repositories for a user
`github_commit_emails`	Extract email addresses from public events
`github_repo_commits`	Scan a specific repo for commit emails
`username_search`	Search for a username across 20+ platforms
`fandom_user_info`	Get Fandom/Wiki user data
`fandom_user_contributions`	List recent Fandom wiki contributions
`archive_org_snapshot`	Check for Wayback Machine snapshots
`mac_lookup`	Lookup vendor for a MAC address
`keybase_lookup`	Lookup Keybase identity and linked accounts
`reddit_user_details`	Get basic Reddit user profile info
`reddit_user_posts`	List recent Reddit posts for a user
`url_metadata`	Scrape OpenGraph and meta tags from a URL
`url_tech_stack`	Detect technologies used on a website
`email_permutator`	Generate possible email address combinations
`domain_email_search`	Search for emails associated with a domain
`email_social_check`	Find social profiles linked to an email
`btc_lookup`	Check Bitcoin address balance and transactions
`eth_lookup`	Check Ethereum address balance
`phone_lookup`	Looku

Tools (9)

ip_geolocationGet geolocation data for an IP address

whois_lookupPerform RDAP WHOIS lookup for a domain

check_breachesCheck if an email has been compromised (HIBP)

shodan_hostGet host details from Shodan

url_reputationCheck URL reputation on VirusTotal

subdomain_enumFind subdomains using multiple sources

github_user_infoGet detailed GitHub user metadata

reverse_image_search_animeSearch anime/art images on SauceNAO

phone_lookupLookup phone number intelligence

Environment Variables

SHODAN_API_KEYAPI key for Shodan services

HIBP_API_KEYAPI key for HaveIBeenPwned

GITHUB_TOKENGitHub Personal Access Token

VIRUSTOTAL_API_KEYAPI key for VirusTotal

Configuration

claude_desktop_config.json

{"SHODAN_API_KEY": "your_shodan_key", "HIBP_API_KEY": "your_hibp_key", "EXA_API_KEY": "your_exa_key", "VIRUSTOTAL_API_KEY": "your_vt_key", "HUNTER_API_KEY": "your_hunter_key", "GREYNOISE_API_KEY": "your_greynoise_key", "ALIENVAULT_API_KEY": "your_otx_key", "SECURITYTRAILS_API_KEY": "your_st_key", "ZOOMEYE_API_KEY": "your_zoomeye_key", "SAUCENAO_API_KEY": "your_saucenao_key", "IMAGGA_API_KEY": "your_imagga_key", "IMAGGA_API_SECRET": "your_imagga_secret", "GOOGLE_CLOUD_API_KEY": "your_google_key", "GITHUB_TOKEN": "your_github_pat", "WHOISXML_API_KEY": "your_whoisxml_key", "ABSTRACT_PHONE_API_KEY": "your_abstract_key"}

Try it

→Check if the email address example@example.com has been involved in any data breaches.

→Perform a WHOIS lookup for the domain example.com and list its subdomains.

→Get the geolocation and Shodan host details for the IP address 8.8.8.8.

→Search for the GitHub user profile of 'octocat' and list their public repositories.

→Analyze the reputation of the URL https://example.com using VirusTotal.

Frequently Asked Questions

What are the key features of OSINT MCP Server?

IP Intelligence including geolocation and Shodan integration. Domain Intelligence with WHOIS, DNS, and SSL certificate lookups. Social and Identity search across GitHub, Reddit, and Keybase. Web Intelligence including tech stack detection and Wayback Machine snapshots. Image OSINT with reverse search and EXIF metadata extraction.

What can I use OSINT MCP Server for?

Security researchers investigating suspicious IP addresses or domains. Developers verifying the reputation of URLs or email addresses. OSINT analysts gathering background information on usernames or social profiles. Digital forensics professionals extracting metadata from images.

How do I install OSINT MCP Server?

Install OSINT MCP Server by running: npm install && npm run build

What MCP clients work with OSINT MCP Server?

OSINT MCP Server works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep OSINT MCP Server docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.

Open Conare

View all other servers →

OSINT MCP Server

Set the server up locally

Register it in Claude Code

OSINT MCP Server

Features

Prerequisites

Installation

Configuration

Example `config.json`

Usage

Stdio Transport (Default for many MCP clients)

HTTP Transport

Tools

Tools (9)

Environment Variables

Configuration

Try it

Frequently Asked Questions

Turn this server into reusable context

Related MCP Servers