OpenOSINT MCP工具 是 AI Skill Hub 本期精选MCP工具之一。综合评分 8.2 分,整体质量较高。我们强烈推荐将其纳入你的 AI 工具库,帮助提升工作效率。
AI驱动的开源情报(OSINT)代理工具,集成MCP服务器和CLI界面,提供9个专业工具模块。支持交互式REPL环境,适合网络安全研究者、渗透测试人员和情报分析人员快速收集和分析网络公开信息。
OpenOSINT MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
AI驱动的开源情报(OSINT)代理工具,集成MCP服务器和CLI界面,提供9个专业工具模块。支持交互式REPL环境,适合网络安全研究者、渗透测试人员和情报分析人员快速收集和分析网络公开信息。
OpenOSINT MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
# 方式一:通过 Claude Code CLI 一键安装
claude skill install https://github.com/OpenOSINT/OpenOSINT
# 方式二:手动配置 claude_desktop_config.json
{
"mcpServers": {
"openosint-mcp--": {
"command": "npx",
"args": ["-y", "openosint"]
}
}
}
# 配置文件位置
# macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
# Windows: %APPDATA%/Claude/claude_desktop_config.json
# 安装后在 Claude 对话中直接使用 # 示例: 用户: 请帮我用 OpenOSINT MCP工具 执行以下任务... Claude: [自动调用 OpenOSINT MCP工具 MCP 工具处理请求] # 查看可用工具列表 # 在 Claude 中输入:"列出所有可用的 MCP 工具"
// claude_desktop_config.json 配置示例
{
"mcpServers": {
"openosint_mcp__": {
"command": "npx",
"args": ["-y", "openosint"],
"env": {
// "API_KEY": "your-api-key-here"
}
}
}
}
// 保存后重启 Claude Desktop 生效
mcp-name: io.github.OpenOSINT/openosint
OSINT agent for security researchers and analysts: 18 investigation tools behind a natural-language interface.
Use it as a REPL, CLI, MCP server, or browser Web UI.
The AI issues hard-stop tool calls; your code executes the real binary — hallucinated findings are structurally impossible.
</div>
Run a real OSINT investigation in your browser — bring your own Anthropic / OpenRouter / Ollama key, no signup.
</div>
pip install openosint
| Capability | Details |
|---|---|
| AI tool chaining | The agent selects and chains tools based on findings; describe the target in plain language |
| 18 modular tools | Email, username, breach, WHOIS, IP, subdomain, dorks, paste, phone, Shodan, VirusTotal, Censys, IP2Location, AbuseIPDB, GitHub, DNS, live dork search, URL scraping |
| Three AI backends | Anthropic Claude (default), local Ollama, or any OpenAI-compatible endpoint (LiteLLM, vLLM, LM Studio, ...) |
| Native MCP server | All 18 tools exposed to Claude Code, Claude Desktop, and any MCP-compatible client — no extra config |
| Parallel execution | --parallel runs complementary tools concurrently via asyncio.gather() |
| Reports | PDF + Markdown auto-saved after every investigation (reportlab optional) |
| Session history | All REPL sessions saved to ~/.openosint/history/; browse with openosint history |
| Web UI | Browser-based AI chat with streaming output, tool cards, light/dark theme |
---
Legal Disclaimer: OpenOSINT is intended for legal and authorized use only. Users are solely responsible for ensuring their use complies with all applicable laws and regulations. The authors accept no liability for misuse. See DISCLAIMER.md.
ollama pull llama3.2 openosint web
```bash
```bash
docker compose up --build
```bash
Start the REPL and investigate any target — the agent decides which tools to run and chains them on findings:
openosint > investigate target@example.com
-> generate_dorks('target@example.com')
-> search_email('target@example.com')
Found: Spotify, WordPress, Gravatar, Office365
-> search_breach('target@example.com')
Found in 2 breaches: LinkedIn (2016), Adobe (2013)
-> search_username('johndoe99') <- pivoted from email findings
Found: GitHub, Reddit, Twitter
Report saved -> reports/2026-05-11_14-32-11_report.md
This domain is for use in illustrative examples in documents. ```
---
export OPENOSINT_DEMO_KEY=sk-ant-... # your Anthropic key — never committed
openosint --web & # start the web server on :8080
make demo # record -> encode -> write docs/assets/demo-web-graph.*
git add docs/assets/demo-web-graph.*
See scripts/record-demo/README.md for full prerequisites and pipeline details.
```
Store keys in a .env file at the project root (copy .env.example). python-dotenv loads it automatically at startup.
| Variable | Tool | Required | Purpose |
|---|---|---|---|
ANTHROPIC_API_KEY | AI agent | Yes (or Ollama / OpenAI) | Anthropic API key |
OPENAI_BASE_URL | AI agent | Optional | Base URL of an OpenAI-compatible endpoint (e.g. http://localhost:4000/v1) |
OPENAI_API_KEY | AI agent | Optional | API key for the endpoint (local servers may ignore it) |
OPENAI_MODEL | AI agent | Optional | Model name to request (default: gpt-4o-mini) |
HIBP_API_KEY | search_breach | Optional | HaveIBeenPwned v3 — [get one](https://haveibeenpwned.com/API/Key) |
IPINFO_TOKEN | search_ip | Optional | ipinfo.io higher rate limits |
SHODAN_API_KEY | search_shodan | Optional | Shodan API — [get one](https://account.shodan.io) |
VIRUSTOTAL_API_KEY | search_virustotal | Optional | VirusTotal API v3 — [get one](https://www.virustotal.com/gui/my-apikey) |
IP2LOCATION_API_KEY | search_ip2location | Optional | IP2Location.io — [get one](https://www.ip2location.io/pricing) *(sponsored)* |
CENSYS_API_ID + CENSYS_SECRET | search_censys | Optional | Censys — [get one](https://censys.io/account) |
ABUSEIPDB_API_KEY | search_abuseipdb | Optional | AbuseIPDB v2 — [get one](https://www.abuseipdb.com/account/api) |
GITHUB_TOKEN | search_github | Optional | GitHub API — raises rate limit 60 → 5000 req/h — [get one](https://github.com/settings/tokens) |
BRIGHTDATA_API_KEY | search_dorks_live, scrape_url | Optional | Bright Data — [get one](https://get.brightdata.com/984ni58s2oad?utm_source=github&utm_medium=readme)¹ (free tier: 5,000 req/month) |
BRIGHTDATA_SERP_ZONE | search_dorks_live | Optional | Your Bright Data SERP zone name (e.g. serp_api1) |
BRIGHTDATA_UNLOCKER_ZONE | scrape_url | Optional | Your Bright Data Web Unlocker zone name (e.g. web_unlocker1) |
openosint web
export OPENAI_BASE_URL="http://localhost:4000/v1" openosint web
| Flag / Subcommand | Description |
|---|---|
openosint | Interactive AI REPL (default) |
openosint web [--port N] [--no-browser] | Launch browser UI |
openosint email ADDRESS [-t N] | Direct email scan |
openosint username HANDLE [-t N] | Direct username scan |
openosint shodan QUERY [-t N] | Shodan lookup |
openosint virustotal TARGET [-t N] | VirusTotal lookup |
openosint censys TARGET [-t N] | Censys lookup |
openosint ip2location IP [-t N] | IP2Location lookup |
openosint abuseipdb IP [-t N] | AbuseIPDB reputation check |
openosint github QUERY [-t N] | GitHub profile/repo/email discovery |
openosint dns DOMAIN [-t N] | DNS records + email security analysis |
openosint multi TARGETS | Parallel multi-target investigation (max 10) |
openosint history [--all] [open N] [clear] | View/manage REPL session history |
-v, --verbose | Enable debug logging to stderr |
-t, --timeout N | Override subprocess timeout (seconds) |
--api-key KEY | Anthropic API key (overrides env var) |
--parallel | Run complementary tools concurrently |
--json | Output results as structured JSON |
--provider {anthropic,ollama,openai} | AI provider (default: anthropic) |
--ollama-model MODEL | Ollama model name (default: llama3.2) |
--ollama-host URL | Ollama server URL (default: http://localhost:11434) |
--openai-base-url URL | OpenAI-compatible endpoint base URL (env: OPENAI_BASE_URL) |
--openai-model MODEL | Model to request from the endpoint (default: gpt-4o-mini; env: OPENAI_MODEL) |
--openai-api-key KEY | API key for the endpoint (env: OPENAI_API_KEY) |
--no-pdf | Disable automatic PDF generation |
Need OpenOSINT wired into your SOC, fraud, threat-intel, or AI-agent stack? I build bespoke OSINT & MCP integrations for teams — you bring the data sources and compliance requirements, I deliver a working integration.
---
| Service | URL | Tool | Tier | Auth |
|---|---|---|---|---|
| IP2Location.io | https://www.ip2location.io | search_ip2location | Featured (sponsored) | API key — free tier |
| AbuseIPDB | https://www.abuseipdb.com | search_abuseipdb | Community | API key — free tier |
| Censys | https://censys.io | search_censys | Community | API key — free tier |
| GitHub | https://github.com | search_github | Community | Token optional |
| HaveIBeenPwned | https://haveibeenpwned.com | search_breach | Community | API key — paid |
| holehe | https://github.com/megadose/holehe | search_email | Community | None — local binary |
| ipinfo.io | https://ipinfo.io | search_ip | Community | Token optional |
| phoneinfoga | https://github.com/sundowndev/phoneinfoga | search_phone | Community | None — local binary |
| psbdmp.ws | https://psbdmp.ws | search_paste | Community | None |
| sherlock | https://github.com/sherlock-project/sherlock | search_username | Community | None — local binary |
| Shodan | https://shodan.io | search_shodan | Community | API key — free tier |
| sublist3r | https://github.com/aboul3la/Sublist3r | search_domain | Community | None — local binary |
| VirusTotal | https://www.virustotal.com | search_virustotal | Community | API key — free tier |
| WHOIS (IANA) | https://www.iana.org/whois | search_whois | Community | None |
| DNS (system resolver) | — | search_dns | Community | None |
| Google Search | https://www.google.com | generate_dorks | Community | None |
OpenOSINT 是一款专为安全研究人员和分析师打造的 OSINT(开源情报)智能体。它通过自然语言交互界面,集成了 18 种强大的调查工具,能够将复杂的调查任务转化为简单的对话。用户可以通过 REPL 交互式命令行、CLI、MCP server 或浏览器 Web UI 等多种方式灵活使用,极大地提升了情报搜集与分析的效率。
OpenOSINT 具备强大的 AI tool chaining 能力,能够根��调查发现自动选择并串联工具,用户只需使用自然语言描述目标即可。系统内置了 18 个模块化工具,涵盖 Email、Username、Breach、WHOIS、IP、Subdomain、Shodan、VirusTotal、GitHub 及 DNS 等多种维度。此外,它支持三种 AI 后端:Anthropic Claude(默认)、本地 Ollama 以及 OpenAI,满足不同场景的需求。
运行 OpenOSINT 需要安装 Ollama 运行时环境。如果您希望实现完全本地化运行(无需 API key),请确保已通过 `ollama pull llama3.2` 下载对应的模型。对于需要调用云端能力的场景,则需准备相应的 API 访问权限。
您可以通过多种方式部署 OpenOSINT。对于希望快速启动的用户,推荐使用 Docker 进行容器化部署,只需运行 `docker compose up --build` 即可完成构建与启动。此外,也可以通过源码构建或使用 pip 进行安装,具体取决于您的开发环境需求。
OpenOSINT 支持交互式 REPL 模式。启动后,您可以直接输入调查指令,例如 `investigate target@example.com`。智能体会自动分析指令,自主决定调用哪些工具(如 `generate_dorks` 或 `search_email`),并根据前一步的发现自动进行链式搜索(如发现泄露信息后自动触发 `search_breach`),实现自动化情报追踪。
项目配置通过根目录下的 `.env` 文件进行管理(请先从 `.env.example` 复制)。系统使用 `python-dotenv` 在启动时自动加载变量。您可以配置 `ANTHROPIC_API_KEY` 用于 Claude 驱动,或通过 `OPENAI_BASE_URL` 接入兼容 OpenAI 协议的服务。对于本地化部署,可在 Settings 中切换至 Ollama 模型。
OpenOSINT 提供 Web 界面供用户交互。同时,它支持 OpenAI 兼容的 Endpoint,这意味着您可以轻松地将其接入 LiteLLM、vLLM、LM Studio 等工具。通过设置环境变量 `export OPENAI_BASE_URL="http://localhost:4000/v1"`,即可实现无缝的 API 集成与调用。
OpenOSINT 支持高度定制化的集成方案。如果您需要将 OpenOSINT 接入企业的 SOC(安全运营中心)、欺诈检测、威胁情报或 AI-agent 技术栈,可以进行 Bespoke(定制化)开发。通过引入特定的数据源和满足合规性要求,OpenOSINT 可以转化为专属的 OSINT 与 MCP 集成模块,为团队提供定制化的情报能力。
专业OSINT工具链整合方案,MCP架构设计先进,AI代理能力强。项目活跃维护,适合安全团队部署。
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ MIT 协议 — 最宽松的开源协议之一,可自由商用、修改、分发,仅需保留版权声明。
经综合评估,OpenOSINT MCP工具 在MCP工具赛道中表现稳健,质量优秀。如果你已有明确的使用需求,可以直接上手体验;如果还在评估阶段,建议对比同类工具后再做决策。
| 原始名称 | OpenOSINT |
| 原始描述 | 开源MCP工具:AI-powered OSINT agent with interactive REPL, MCP server, and CLI. 9 tools. Work。⭐34 · Python |
| Topics | OSINT网络安全AI代理MCP工具信息收集 |
| GitHub | https://github.com/OpenOSINT/OpenOSINT |
| License | MIT |
| 语言 | Python |
收录时间:2026-05-16 · 更新时间:2026-05-19 · License:MIT · AI Skill Hub 不对第三方内容的准确性作法律背书。
选择 Agent 类型,复制安装指令后粘贴到对应客户端