OSINT & reconnaissance intelligence for AI agents.
English | 简体中文 | 繁體中文 | 한국어 | Deutsch | Español | Français | Italiano | Dansk | 日本語 | Polski | Русский | Bosanski | العربية | Norsk | Português (Brasil) | ไทย | Türkçe | Українська | বাংলা | Ελληνικά | Tiếng Việt | हिन्दी
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/badchars/osint-mcp-server/main/.github/banner-dark.svg">
<source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/badchars/osint-mcp-server/main/.github/banner-light.svg">
OSINT & reconnaissance intelligence for AI agents.
Shodan, VirusTotal, Censys, SecurityTrails, DNS, WHOIS, BGP, Wayback Machine — unified into a single MCP server. Your AI agent gets full-spectrum OSINT on demand, not 12 browser tabs and manual correlation.
The Problem • How It's Different • Quick Start • What The AI Can Do • Tools (37) • Data Sources • Architecture • Changelog • Contributing
The Problem
OSINT collection is the first step of every penetration test, bug bounty, and threat assessment. The data you need is scattered across a dozen platforms — each with its own API, its own auth, its own rate limits, its own output format. Today you open Shodan in one tab, VirusTotal in another, run dig in a terminal, copy-paste from WHOIS, switch to crt.sh for certificates, and then spend 30 minutes manually correlating everything.
Traditional OSINT workflow:
resolve DNS records → dig / nslookup CLI
check WHOIS registration → whois CLI or web tool
enumerate subdomains → crt.sh + SecurityTrails + VirusTotal (3 different UIs)
scan for open ports/services → Shodan web interface
check domain reputation → VirusTotal web interface
map IP infrastructure → Censys + BGP lookups
find archived pages → Wayback Machine web UI
check email security → manual MX/SPF/DMARC lookups
correlate everything → copy-paste into a spreadsheet
─────────────────────────────────
Total: 45+ minutes per target, most of it switching contexts
osint-mcp-server gives your AI agent 37 tools across 12 data sources via the Model Context Protocol. The agent queries all sources in parallel, correlates data, identifies risks, and presents a unified intelligence picture — in a single conversation.
With osint-mcp-server:
You: "Do a full recon on target.com"
Agent: → DNS: 4 A records, 3 MX (Google Workspace), 2 NS
→ WHOIS: Registered 2019, expires 2025, GoDaddy
→ crt.sh: 47 unique subdomains from CT logs
→ HackerTarget: 23 hosts with IPs
→ Email: SPF soft-fail (~all), DMARC p=none, no DKIM
→ Shodan: 3 IPs, 12 open ports, Apache 2.4.49 (CVE-2021-41773)
→ VirusTotal: Clean reputation, 0 detections
→ "target.com has
Tools (1)
osint_queryPerforms unified reconnaissance and data correlation across 12 integrated OSINT sources.Environment Variables
SHODAN_API_KEYAPI key for Shodan integrationVIRUSTOTAL_API_KEYAPI key for VirusTotal integrationCENSYS_API_IDAPI ID for Censys integrationCENSYS_API_SECRETAPI Secret for Censys integrationConfiguration
{"mcpServers": {"osint": {"command": "npx", "args": ["-y", "osint-mcp-server"], "env": {"SHODAN_API_KEY": "your_key_here"}}}}