CCM
/MCP
SkillsMCPMarketplacesDigestToolsAdvertise

This week in Claude

Every Monday: Claude Code, Agent SDK, MCP, and the Anthropic platform moves worth your time.

Skills by Category
Frontend DevelopmentBackend & APIsTesting & QASecurityDevOps & CI/CDGit & Pull RequestsDocumentationCode Review & QualityAI & Agent BuildingSkill Development
MCP Servers by Category
Sales & MarketingWeb & Browser AutomationDatabasesAI & LLM ToolsCloud & InfrastructureCommunication & MessagingDeveloper ToolsDesign & CreativeDocuments & KnowledgeSearch & Web Crawling
Marketplaces by Category
AI Agents & OrchestrationLLM IntegrationDevelopment ToolsFrontend & UIBackend & APIsDatabasesTesting & Code QualityDevOps & CloudSecurity & ComplianceGit & Version Control

Claude Code Marketplaces

Discover Claude Code plugins, extensions, and tools. Automatically updated directory of Anthropic Claude AI marketplaces with development tools, productivity plugins, and integrations.

Resources

  • Browse Skills
  • Browse MCP Servers
  • Browse Marketplaces
  • Plugins Reference

Community

  • About
  • Tools
  • Feedback
  • Privacy Policy
  • Advertise

Built for the Claude Code community with Claude Code by @mertduzgun

Independent project, not affiliated with Anthropic

OpenOSINT

openosint/openosint
605authSTDIOregistry active
Summary

A comprehensive OSINT toolkit that exposes 16 intelligence gathering tools through the Model Context Protocol. It wraps external binaries like holehe, sherlock, sublist3r, and phoneinfoga alongside direct API integrations for Shodan, VirusTotal, Censys, AbuseIPDB, HaveIBeenPwned, and GitHub. The agent chains tools together based on findings, so investigating an email might trigger breach lookups, username enumeration across 300+ platforms, and paste dump searches in sequence. Reports auto-save to PDF and Markdown. All tools run as real system calls, meaning Claude gets actual command output rather than LLM-generated approximations. You'll need API keys for the premium sources and the external binaries installed in your PATH. Best suited for security researchers doing reconnaissance workflows where you want Claude to orchestrate the toolchain rather than running commands manually.

CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →

mcp-name: io.github.OpenOSINT/openosint

OpenOSINT

OpenOSINT

OSINT agent for security researchers and analysts: 18 investigation tools behind a natural-language interface.

Use it as a REPL, CLI, MCP server, or browser Web UI.

The AI issues hard-stop tool calls; your code executes the real binary — hallucinated findings are structurally impossible.

Release PyPI PyPI downloads License MIT GitHub Stars MCP MCP Registry Sponsored by IP2Location Sponsored by RapidProxy

▶ Try the live demo

Run a real OSINT investigation in your browser — bring your own Anthropic / OpenRouter / Ollama key, no signup.

OpenOSINT Web UI — live entity correlation graph demo: investigating openosint.tech

Try the live demo →

pip install openosint

Quick Start

# Interactive AI REPL (default)
openosint

# Web interface
openosint web

# Direct tool (no AI)
openosint email target@example.com

New to OSINT methodology? Grab the free 5-prompt starter set before your first run.

Usage

Start the REPL and investigate any target — the agent decides which tools to run and chains them on findings:

openosint > investigate target@example.com

  -> generate_dorks('target@example.com')
  -> search_email('target@example.com')
  Found: Spotify, WordPress, Gravatar, Office365

  -> search_breach('target@example.com')
  Found in 2 breaches: LinkedIn (2016), Adobe (2013)

  -> search_username('johndoe99')   <- pivoted from email findings
  Found: GitHub, Reddit, Twitter

  Report saved -> reports/2026-05-11_14-32-11_report.md

Features

CapabilityDetails
AI tool chainingThe agent selects and chains tools based on findings; describe the target in plain language
18 modular toolsEmail, username, breach, WHOIS, IP, subdomain, dorks, paste, phone, Shodan, VirusTotal, Censys, IP2Location, AbuseIPDB, GitHub, DNS, live dork search, URL scraping
Three AI backendsAnthropic Claude (default), local Ollama, or any OpenAI-compatible endpoint (LiteLLM, vLLM, LM Studio, ...)
Native MCP serverAll 18 tools exposed to Claude Code, Claude Desktop, and any MCP-compatible client — no extra config
Parallel execution--parallel runs complementary tools concurrently via asyncio.gather()
ReportsPDF + Markdown auto-saved after every investigation (reportlab optional)
Session historyAll REPL sessions saved to ~/.openosint/history/; browse with openosint history
Web UIBrowser-based AI chat with streaming output, tool cards, light/dark theme

Legal Disclaimer: OpenOSINT is intended for legal and authorized use only. Users are solely responsible for ensuring their use complies with all applicable laws and regulations. The authors accept no liability for misuse. See DISCLAIMER.md.

Sponsors

IP2Location — IP geolocation and threat intelligence provider
IP2Location
IP Geolocation & Threat Intelligence
Enhanced IP geolocation, ISP, VPN/Proxy/Tor detection.
RapidProxy — residential proxy provider
RapidProxy
Residential Proxies
90M+ rotating residential IPs across 200+ countries — smart rotation & geo-targeting.
Your logo here
Open: breach data · email/identity
One vendor per category — exclusive placement across README, docs, CLI, and Web UI.

Media kit & pricing → · Open Collective · commercial@openosint.tech

Reliable Residential Proxies for Data Collection & Automation

Access 90M+ real residential IPs across 200+ countries with smart rotation, geo-targeting, high-concurrency support, and non-expiring traffic.

Use Cases: Web Scraping · Data Collection · AI Automation · Developer Tools

🎁 10% discount with code RAPID10 → Start Free Testing

Custom Integrations

Need OpenOSINT wired into your SOC, fraud, threat-intel, or AI-agent stack? I build bespoke OSINT & MCP integrations for teams — you bring the data sources and compliance requirements, I deliver a working integration.

→ Get in touch


Tools

ToolPowered byWhat it investigates
search_emailholeheSocial accounts linked to an email address
search_usernamesherlockUsername presence across 300+ platforms
search_breachHaveIBeenPwned v3 APIData breach exposure
search_whoispython-whoisDomain registrant and DNS info
search_ipipinfo.ioGeolocation, ASN, hostname
search_domainsublist3rSubdomain enumeration
generate_dorksbuilt-in12 targeted Google dork URLs (no network calls)
search_pastepsbdmp.wsPastebin dump mentions
search_phonephoneinfogaCarrier, country, line type
search_shodanShodan APIOpen ports, banners, CVEs
search_virustotalVirusTotal API v3Verdict from 70+ antivirus engines
search_ip2locationIP2Location.io APIEnhanced IP intel: VPN/Proxy/Tor/datacenter flags (sponsored)
search_censysCensys Search APIInternet-facing infrastructure, certificates
search_abuseipdbAbuseIPDB v2 APIIP abuse reputation: confidence score, reports, country, ISP
search_githubGitHub REST APIProfile, repos, commit-discovered emails, username/keyword search
search_dnsdnspython (built-in)A/AAAA/MX/NS/TXT/CNAME/SOA records; SPF, DMARC, DKIM analysis
search_dorks_liveBright Data SERP APILive Google search results for dork queries (title, URL, snippet)
scrape_urlBright Data Web UnlockerFetch any URL bypassing Cloudflare/CAPTCHA — returns clean Markdown

Full per-tool documentation, CLI flags, and output formats: openosint.tech.

search_email

Enumerates online services linked to an email address using holehe.

openosint email target@example.com
[+] Spotify        https://open.spotify.com/user/target
[+] WordPress      https://wordpress.com/target
[+] Gravatar       https://gravatar.com/target
[+] Office365      email used

search_username

Searches for a username across 300+ platforms using sherlock.

openosint username johndoe99
[+] GitHub         https://github.com/johndoe99
[+] Twitter        https://twitter.com/johndoe99
[+] Reddit         https://reddit.com/user/johndoe99

search_breach

Checks data breach exposure via HaveIBeenPwned v3 API. Requires HIBP_API_KEY.

[+] LinkedIn (2016-05-05) — leaked: Email addresses, Passwords
[+] Adobe (2013-10-04) — leaked: Email addresses, Password hints

search_whois

Retrieves WHOIS data using python-whois.

[+] Registrar: ICANN
[+] Created: 1995-08-14
[+] Expires: 2024-08-13
[+] Name Servers: A.IANA-SERVERS.NET

search_ip

Retrieves geolocation and ASN data via ipinfo.io. Free tier: 50k/month.

[+] Hostname: dns.google
[+] Org: AS15169 Google LLC
[+] City: Mountain View, CA, US

search_domain

Enumerates subdomains using sublist3r.

[+] mail.example.com
[+] dev.example.com
[+] api.example.com

generate_dorks

Generates 12 targeted Google dork URLs for any target. No network calls.

[+] "johndoe" site:linkedin.com
    https://www.google.com/search?q=%22johndoe%22+site%3Alinkedin.com
[+] "johndoe" leaked OR breach OR dump
    https://www.google.com/search?q=%22johndoe%22+leaked+OR+breach+OR+dump

search_paste

Searches Pastebin dumps via psbdmp.ws.

[+] https://pastebin.com/aB1cD2eF (2023-04-12)
[+] https://pastebin.com/xY3zA4bC (2022-11-08)

search_phone

Gathers phone intelligence using phoneinfoga. Use E.164 format.

[+] Country: United States
[+] Carrier: AT&T
[+] Line type: Mobile

search_shodan

IPv4 input → host lookup (open ports, org, CVEs). Any other query → banner/keyword search. Requires SHODAN_API_KEY.

openosint shodan 8.8.8.8
openosint shodan "apache port:80 country:DE"
[+] Org: Google LLC  |  Open ports: 53, 443

search_virustotal

Checks an IP, domain, URL, or file hash against VirusTotal's 70+ engines. Auto-detects input type. Requires VIRUSTOTAL_API_KEY.

openosint virustotal 8.8.8.8
openosint virustotal example.com
openosint virustotal 44d88612fea8a8f36de82e1278abb02f
[VirusTotal] Malicious: 0 / Harmless: 72

search_ip2location

Queries IP2Location.io for enhanced IP intelligence: geolocation, ISP, ASN, and — on the Security Plan — VPN/Proxy/Tor/datacenter detection. Sponsored integration. Requires IP2LOCATION_API_KEY.

openosint ip2location 8.8.8.8
[IP2Location] City: Mountain View, CA, US  |  ISP: Google LLC
[IP2Location] VPN: No  |  Proxy: No  |  TOR: No  |  Datacenter: Yes

search_censys

IPv4 → host view (open ports, services, ASN). Domain → certificate search (SANs, issuer). Requires CENSYS_API_ID and CENSYS_SECRET.

openosint censys 8.8.8.8
openosint censys example.com
[Censys] Open Ports: 53, 443, 853  |  ASN: AS15169 Google LLC

search_abuseipdb

Checks an IP against AbuseIPDB v2. Returns abuse confidence score, total reports, country, ISP, and last reported timestamp. Requires ABUSEIPDB_API_KEY.

openosint abuseipdb 198.51.100.1
[AbuseIPDB] Abuse Confidence Score: 87%  |  Total Reports: 143
⚠️  HIGH ABUSE CONFIDENCE — flagged by AbuseIPDB

Warning appears when abuseConfidenceScore exceeds 50%.

search_github

Queries GitHub REST API. Username → profile, repos, commit-discovered emails. Keyword → user/repo search. Optional GITHUB_TOKEN raises rate limit from 60 to 5000 req/h.

openosint github johndoe99
[GitHub] Repos: 42  |  Followers: 128
[GitHub] Commit email: johndoe@example.com

search_dns

Queries A/AAAA/MX/NS/TXT/CNAME/SOA records and analyzes SPF, DMARC, and DKIM configuration using dnspython (no external API).

openosint dns example.com
[DNS] A: 93.184.216.34
[DNS] MX: mail.example.com (priority 10)
[DNS] SPF: v=spf1 include:_spf.google.com ~all

search_dorks_live

Executes live Google dork queries through the Bright Data SERP API¹, returning structured results (title, URL, snippet). Defaults to 5 dorks per run; each is a separate billable API call. Requires BRIGHTDATA_API_KEY and BRIGHTDATA_SERP_ZONE.

openosint search-dorks-live "john doe" --max-dorks 3
[+] Dork: "john doe" site:linkedin.com
    Title:   John Doe | LinkedIn
    URL:     https://www.linkedin.com/in/john-doe-12345

scrape_url

Fetches any public URL through Bright Data Web Unlocker¹, bypassing Cloudflare/CAPTCHA. Returns clean Markdown. Requires BRIGHTDATA_API_KEY and BRIGHTDATA_UNLOCKER_ZONE.

openosint scrape https://example.com
[Web Unlocker] Remote status: 200
# Example Domain
This domain is for use in illustrative examples in documents.

Interfaces

Web UI

pip install "openosint[web]"
openosint web
# Opens http://localhost:8080 automatically

Browser-based AI chat with streaming tool output, inline result cards, light/dark theme toggle. Supports local inference via Ollama or any OpenAI-compatible endpoint — no Anthropic API key required.

# Fully local (no API key) — requires Ollama runtime: https://ollama.com
ollama pull llama3.2
openosint web
# Settings -> Ollama (local) -> model: llama3.2

# OpenAI-compatible endpoint (LiteLLM, vLLM, LM Studio, ...)
export OPENAI_BASE_URL="http://localhost:4000/v1"
openosint web
# Settings -> OpenAI API

Interactive REPL

Run openosint with no arguments to start the AI-powered REPL:

OpenOSINT terminal REPL demo

REPL commands:

CommandDescription
<target>Investigate any target — email, username, domain, IP, name
clearReset conversation memory
saveSave last report to reports/
toolsList available tools and their status
configShow current configuration
historyBrowse saved sessions
helpShow all commands
exit / Ctrl-DExit

All sessions are auto-saved to ~/.openosint/history/. Browse with openosint history.

For the REPL/CLI with an OpenAI-compatible backend:

pip install "openosint[openai]"
openosint --provider openai \
  --openai-base-url http://localhost:4000/v1 \
  --openai-model gpt-4o-mini

Live Documentation

Full per-tool reference, CLI flags, and configuration options at openosint.tech.

openosint.tech documentation tour

MCP Server

Expose all 18 OpenOSINT tools to any MCP-compatible AI client. Once connected, Claude can natively invoke all 18 tools during conversations.

Claude Code:

claude mcp add openosint python /absolute/path/to/OpenOSINT/openosint/mcp_server.py
claude mcp list

Claude Desktop — add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "openosint": {
      "command": "python",
      "args": ["/absolute/path/to/OpenOSINT/openosint/mcp_server.py"]
    }
  }
}

Agentic use via Claude Code:

$ claude
> Investigate target@example.com. Trace any username found
  across other platforms and compile a full report.

Installation

# From PyPI (recommended)
pip install openosint

# From source
git clone https://github.com/OpenOSINT/OpenOSINT.git
cd OpenOSINT
pip install -e .

External binaries (must be in PATH):

BinaryPurposeInstall
holeheEmail account enumerationpip install holehe
sherlockUsername enumeration (300+ platforms)pip install sherlock-project
sublist3rSubdomain enumerationpip install sublist3r
phoneinfogaPhone number intelligenceDownload binary

If a binary is absent, the corresponding tool returns a descriptive error. All other tools remain operational.

Optional Python packages:

PackagePurposeInstall
ollamaLocal LLM backend (no API key)pip install ollama (also requires Ollama runtime)
openaiOpenAI-compatible backendpip install "openosint[openai]"
shodanShodan API clientpip install shodan
reportlabPDF report exportpip install reportlab
censysCensys API clientpip install censys

Configuration

Store keys in a .env file at the project root (copy .env.example). python-dotenv loads it automatically at startup.

VariableToolRequiredPurpose
ANTHROPIC_API_KEYAI agentYes (or Ollama / OpenAI)Anthropic API key
OPENAI_BASE_URLAI agentOptionalBase URL of an OpenAI-compatible endpoint (e.g. http://localhost:4000/v1)
OPENAI_API_KEYAI agentOptionalAPI key for the endpoint (local servers may ignore it)
OPENAI_MODELAI agentOptionalModel name to request (default: gpt-4o-mini)
HIBP_API_KEYsearch_breachOptionalHaveIBeenPwned v3 — get one
IPINFO_TOKENsearch_ipOptionalipinfo.io higher rate limits
SHODAN_API_KEYsearch_shodanOptionalShodan API — get one
VIRUSTOTAL_API_KEYsearch_virustotalOptionalVirusTotal API v3 — get one
IP2LOCATION_API_KEYsearch_ip2locationOptionalIP2Location.io — get one (sponsored)
CENSYS_API_ID + CENSYS_SECRETsearch_censysOptionalCensys — get one
ABUSEIPDB_API_KEYsearch_abuseipdbOptionalAbuseIPDB v2 — get one
GITHUB_TOKENsearch_githubOptionalGitHub API — raises rate limit 60 → 5000 req/h — get one
BRIGHTDATA_API_KEYsearch_dorks_live, scrape_urlOptionalBright Data — get one¹ (free tier: 5,000 req/month)
BRIGHTDATA_SERP_ZONEsearch_dorks_liveOptionalYour Bright Data SERP zone name (e.g. serp_api1)
BRIGHTDATA_UNLOCKER_ZONEscrape_urlOptionalYour Bright Data Web Unlocker zone name (e.g. web_unlocker1)

CLI Reference

Flag / SubcommandDescription
openosintInteractive AI REPL (default)
openosint web [--port N] [--no-browser]Launch browser UI
openosint email ADDRESS [-t N]Direct email scan
openosint username HANDLE [-t N]Direct username scan
openosint shodan QUERY [-t N]Shodan lookup
openosint virustotal TARGET [-t N]VirusTotal lookup
openosint censys TARGET [-t N]Censys lookup
openosint ip2location IP [-t N]IP2Location lookup
openosint abuseipdb IP [-t N]AbuseIPDB reputation check
openosint github QUERY [-t N]GitHub profile/repo/email discovery
openosint dns DOMAIN [-t N]DNS records + email security analysis
openosint multi TARGETSParallel multi-target investigation (max 10)
openosint history [--all] [open N] [clear]View/manage REPL session history
-v, --verboseEnable debug logging to stderr
-t, --timeout NOverride subprocess timeout (seconds)
--api-key KEYAnthropic API key (overrides env var)
--parallelRun complementary tools concurrently
--jsonOutput results as structured JSON
--provider {anthropic,ollama,openai}AI provider (default: anthropic)
--ollama-model MODELOllama model name (default: llama3.2)
--ollama-host URLOllama server URL (default: http://localhost:11434)
--openai-base-url URLOpenAI-compatible endpoint base URL (env: OPENAI_BASE_URL)
--openai-model MODELModel to request from the endpoint (default: gpt-4o-mini; env: OPENAI_MODEL)
--openai-api-key KEYAPI key for the endpoint (env: OPENAI_API_KEY)
--no-pdfDisable automatic PDF generation

Docker

# Build and run
docker compose up --build

# One-off command
docker compose run --rm openosint email target@example.com --json

Set ANTHROPIC_API_KEY (and optionally HIBP_API_KEY, IPINFO_TOKEN) in a .env file or export them before running docker compose. Reports are persisted to ./reports/ via a volume mount.

DigitalOcean App Platform: see .do/app.yaml for App Platform configuration.

Integrations

ServiceURLToolTierAuth
IP2Location.iohttps://www.ip2location.iosearch_ip2locationFeatured (sponsored)API key — free tier
RapidProxyhttps://www.rapidproxy.io/?ref=openosint—Featured (sponsored)—
AbuseIPDBhttps://www.abuseipdb.comsearch_abuseipdbCommunityAPI key — free tier
Censyshttps://censys.iosearch_censysCommunityAPI key — free tier
GitHubhttps://github.comsearch_githubCommunityToken optional
HaveIBeenPwnedhttps://haveibeenpwned.comsearch_breachCommunityAPI key — paid
holehehttps://github.com/megadose/holehesearch_emailCommunityNone — local binary
ipinfo.iohttps://ipinfo.iosearch_ipCommunityToken optional
phoneinfogahttps://github.com/sundowndev/phoneinfogasearch_phoneCommunityNone — local binary
psbdmp.wshttps://psbdmp.wssearch_pasteCommunityNone
sherlockhttps://github.com/sherlock-project/sherlocksearch_usernameCommunityNone — local binary
Shodanhttps://shodan.iosearch_shodanCommunityAPI key — free tier
sublist3rhttps://github.com/aboul3la/Sublist3rsearch_domainCommunityNone — local binary
VirusTotalhttps://www.virustotal.comsearch_virustotalCommunityAPI key — free tier
WHOIS (IANA)https://www.iana.org/whoissearch_whoisCommunityNone
DNS (system resolver)—search_dnsCommunityNone
Google Searchhttps://www.google.comgenerate_dorksCommunityNone

Learn the Method

OpenOSINT is the tool. The AI OSINT Operator's Playbook (paid guide, $39) is the method — step-by-step workflows for running investigations with ChatGPT, Claude, and OpenOSINT.

→ Get the Playbook

Resources

Free Starter Set

New to AI-assisted OSINT? The free starter set gives you 5 structured prompts — one per stage of a real investigation — that make ChatGPT and Claude collect real public data instead of hallucinating it.

  • Scope → Collect → Pivot → Verify → Document
  • Works with any AI assistant (Claude, ChatGPT, Gemini)
  • Free PDF, instant download — just your email

→ Get the free starter set

AI OSINT Prompt Pack

OpenOSINT gives you the tooling. The AI OSINT Prompt Pack gives you the method: 30+ tested prompts that make ChatGPT / Claude collect → pivot → verify against real public sources instead of hallucinating.

  • Email, username, domain, IP, phone, company due-diligence, image & reporting prompts
  • One repeatable investigation flow + an ethics & legal primer
  • 7-page PDF · instant download · pairs directly with OpenOSINT

Not ready to buy? Start with the free 5-prompt starter set.

→ Get the Prompt Pack ($29)

Also available: AI OSINT Operator's Playbook — paid guide, $39, covering full investigation workflows.

Buying it directly funds OpenOSINT's development.

Sponsor this project

OpenOSINT is used by OSINT practitioners, security researchers, and developers actively evaluating intelligence APIs. Every time a user configures an integration, the docs route them to that provider's sign-up page — high-intent exposure at the moment of adoption.

Featured Integration ($2,000/year or $220/month): recommended/default provider for one tool category, exclusive. Logo + badge across README, docs, CLI banner, and Web UI. One vendor per category.

Open categories: breach/credential data · email/identity lookup

→ Full media kit and pricing: openosint.tech/sponsors.html

Current sponsors

Featured Integrations

IP2Location.io — powers search_ip2location

Enhanced IP geolocation, ISP, VPN/Proxy/Tor, and datacenter detection

RapidProxy

Reliable Residential Proxies for Data Collection & Automation — 90M+ IPs across 200+ countries. 10% off: RAPID10.

Want to sponsor OpenOSINT? See SPONSORSHIP.md for tiers and rates.

Open Collective · commercial@openosint.tech · SPONSORSHIP.md

SERVICES

The framework is free and MIT-licensed. This is an optional paid setup service offered by the maintainer.

OSINT-MCP Setup Sprint — done-for-you installation and configuration of an autonomous OSINT-MCP pipeline on your environment. Fully async, no calls required.

Includes:

  • Pre-configured OpenOSINT setup tailored to your stack (Claude Code, Claude Desktop, or any MCP client)
  • API keys wired in (Shodan, VirusTotal, IP2Location, HaveIBeenPwned, and others as needed)
  • One investigation workflow built around your use case
  • Written step-by-step setup guide + screen-recorded walkthrough

Delivery: 3–5 days, fully async.

For: SOC analysts · threat-intel teams · fraud/AML · pentesters · OSINT investigators

Need it set up for you?

Get OpenOSINT wired into your stack in 3–5 days — done-for-you, fully async, no calls.

Book the Setup Sprint → $350 (founding price, first 5 teams)

→ Or email commercial@openosint.tech · LinkedIn

For authorized use only. See DISCLAIMER.md.

Commercial License & Support

OpenOSINT is free and MIT-licensed for everyone — personal projects, commercial products, SaaS, and closed-source are all covered with no purchase required. Organizations that additionally need a vendor contract, written warranty, indemnification, SLA, or priority support for procurement and compliance can purchase a commercial plan. Three tiers available from €300/year — see COMMERCIAL.md for full details and pricing. Contact: commercial@openosint.tech.

Contributing

Issues and pull requests are welcome. See CONTRIBUTING.md for the development workflow, integration registration checklist, and coding conventions. Please read DISCLAIMER.md before contributing.

Regenerating the demo GIF/MP4

export OPENOSINT_DEMO_KEY=sk-ant-...   # your Anthropic key — never committed
openosint --web &                      # start the web server on :8080
make demo                              # record -> encode -> write docs/assets/demo-web-graph.*
git add docs/assets/demo-web-graph.*

See scripts/record-demo/README.md for full prerequisites and pipeline details.

Maintainer

Tommaso Bertocchi

  • X (personal): https://x.com/SonoTommy_
  • X (OpenOSINT): https://x.com/openosint_oss
  • LinkedIn: https://www.linkedin.com/company/openosintoss
  • Email: commercial@openosint.tech

Contributors

ContributorContribution
@consociovenv/uv-tool binary resolution fix — co-installed tools are now found without a separate activation step (#6)

License

OpenOSINT is open source under the MIT License — free for any use, including personal, commercial, academic, and closed-source.


¹ Bright Data links in this README are affiliate/referral links — OpenOSINT earns a commission if you sign up through them, at no extra cost to you.

For authorized security research only. See DISCLAIMER.md.

OpenOSINT v2.25.0 — July 2026

Star History

Star History Chart

Featured
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →

Configuration

ANTHROPIC_API_KEY*secret

Anthropic API key — required for the AI agent REPL

HIBP_API_KEYsecret

HaveIBeenPwned API key for breach detection (search_breach tool)

IPINFO_TOKENsecret

ipinfo.io token for higher IP lookup rate limits (search_ip tool)

IP2LOCATION_API_KEYsecret

IP2Location API key for enhanced IP intelligence (search_ip2location tool)

ABUSEIPDB_API_KEYsecret

AbuseIPDB API key for IP abuse reputation checks (search_abuseipdb tool)

Categories
AI & LLM ToolsCommunication & MessagingDeveloper Tools
Registryactive
Packageopenosint
TransportSTDIO
AuthRequired
UpdatedMay 26, 2026
View on GitHub

Related AI & LLM Tools MCP Servers

View all →
SkillFM LLM Cost Optimizer

io.github.ericm1018/skillfm-llm-cost-optimizer-openai-anthropic-usage

LLM cost optimizer for OpenAI, Anthropic, token usage, BYOK, and SkillFM Beacon audits.
Llm Orchestration Agent

io.github.mikerawsonnz/llm-orchestration-agent

Run a prompt through a LangChain (system + human) chain over Gemini on Vertex AI; optional LangSmith
Authenticated Llm Agent

io.github.mikerawsonnz/authenticated-llm-agent

JWT-gated LLM gateway: authenticate (bcrypt/JWT), then run a LangChain-on-Vertex Gemini completion.
Copilot Memory MCP

labforgedev/copilot-memory-mcp

Persistent semantic memory for AI agents using local ChromaDB vector search. No cloud required.
1
Agent Prompt Injection Firewall Mcp

csoai-org/agent-prompt-injection-firewall-mcp

The WAF for agents. Pattern-based + heuristic firewall scans prompts, RAG documents, tool argume...
Authenticated Multi Llm Agent

io.github.mikerawsonnz/authenticated-multi-llm-agent

Google-OAuth-gated LLM gateway: verify a Google ID token, then run a Gemini (Vertex AI) completion f