claudeers.

🔓 unclaimed — this page was auto-generated from GitHub. Are you the creator?

Claim this page →
// Automation & Workflows

OpenOSINT

AI-powered OSINT agent with interactive REPL, MCP server, and CLI. 16 tools. Works with Claude, GPT-4, or local models. For authorized security research only.

// Automation & Workflows[ cli ][ api ][ desktop ][ web ][ mobile ][ claude ]#claude#ai-agent#anthropic#cli#cybersecurity#holehe#llm#maigret#automationMIT$open-sourceupdated 15 days ago
Actively maintained
100/100
last commit 4 days ago
last release 21 days ago
releases 26
open issues 3
// install
git clone https://github.com/OpenOSINT/OpenOSINT

mcp-name: io.github.OpenOSINT/openosint

OpenOSINT

OpenOSINT

AI-powered OSINT agent. Interactive REPL · CLI · MCP Server · Web UI

18 tools. Works natively with Claude Code, Claude Desktop, and any MCP-compatible client (Cursor, Windsurf, …). Powered by Anthropic Claude, local Ollama, or any OpenAI-compatible endpoint. For authorized security research only.

New to OSINT? Start here → openosint.tech/learn

See DISCLAIMER.md for legal and ethical use information.

Donate to OpenOSINT on Open Collective

OpenOSINT terminal demo
pip install openosint
  • 18 modular tools — email, username, IP, domain, WHOIS, breach, phone, paste, Shodan, VirusTotal, Censys, AbuseIPDB, GitHub, DNS, live dork search, and URL scraping
  • MCP server built in — expose all 18 tools natively to Claude Code, Claude Desktop, and any MCP-compatible client; no extra config needed
  • Three AI backends — Anthropic Claude (default), local Ollama, or any OpenAI-compatible endpoint; tool results come from real subprocess calls, never hallucinated
  • Fully async — parallel tool execution via asyncio.gather() with hard subprocess timeouts
  • MIT licensed — no embedded LLM; bring your own API key or run fully offline

Legal Disclaimer: OpenOSINT is intended for legal and authorized use only. Users are solely responsible for ensuring their use complies with all applicable laws and regulations. The authors accept no liability for misuse. See DISCLAIMER.md.

Sponsors

IP2Location — IP geolocation and threat intelligence provider
IP2Location
IP Geolocation & IP Intelligence
Enhanced IP geolocation, ISP, VPN/Proxy/Tor detection.
Your logo here
Open: proxy detection · breach data · threat intel · email/identity
One vendor per category — exclusive placement across README, docs, CLI, and Web UI.

Media kit & pricing → · Open Collective · [email protected]

Custom Integrations

Need OpenOSINT wired into your SOC, fraud, threat-intel, or AI-agent stack? I build bespoke OSINT & MCP integrations for teams — you bring the data sources and compliance requirements, I deliver a working integration.

Get in touch


What is OpenOSINT?

OpenOSINT is an AI agent for Open Source Intelligence with three interfaces: an interactive terminal REPL, a direct CLI, and an MCP server exposable to Claude Code, Claude Desktop, or any MCP-compatible client — plus a browser-based Web UI added in v2.12.0. The AI layer uses Anthropic's native tool use API (or a local Ollama model, or any OpenAI-compatible endpoint): the model issues hard stops when it needs a tool, your code executes the real binary, the actual output goes back — hallucination in tool results is structurally impossible.

Features

  • AI tool chaining — the agent decides which of 18 tools to run, chains them based on findings, and compiles a structured report
  • 18 modular tools covering email, username, breach, WHOIS, IP, subdomain, dorks, paste, phone, Shodan, VirusTotal, Censys, IP2Location, AbuseIPDB, GitHub, DNS, live dork search, and URL scraping
  • Anthropic, Ollama, or any OpenAI-compatible endpoint — use Claude via API key, run fully offline with a local Ollama model, or point at any OpenAI-compatible server (LiteLLM, llama-swap, vLLM, LM Studio, …)
  • MCP server — expose all tools natively to Claude Code and Claude Desktop
  • Parallel execution--parallel runs complementary tools concurrently via asyncio.gather()
  • PDF + Markdown reports — auto-saved after every investigation; PDF export via reportlab
  • Session history — all REPL sessions saved to ~/.openosint/history/; browse with openosint history
  • Web UI — browser-based AI chat with streaming output, tool cards, and light/dark theme toggle

🎁 Free: 5 AI OSINT prompts (starter set)

New to AI-assisted OSINT? The free starter set gives you 5 structured prompts — one per stage of a real investigation — that make ChatGPT and Claude collect real public data instead of hallucinating it.

  • Scope → Collect → Pivot → Verify → Document
  • Works with any AI assistant (Claude, ChatGPT, Gemini)
  • Free PDF, instant download — enter $0, no card needed

Free download on Gumroad

🧠 Full method — AI OSINT Prompt Pack

OpenOSINT gives you the tooling. The AI OSINT Prompt Pack gives you the method: 30+ tested prompts that make ChatGPT / Claude collect → pivot → verify against real public sources instead of hallucinating.

  • Email, username, domain, IP, phone, company due-diligence, image & reporting prompts
  • One repeatable investigation flow + an ethics & legal primer
  • 7-page PDF · instant download · pairs directly with OpenOSINT

Get the Prompt Pack ($29)

Buying it directly funds OpenOSINT's development. 🙏

Installation

# Install from PyPI (recommended)
pip install openosint
# Or install from source
git clone https://github.com/OpenOSINT/OpenOSINT.git
cd OpenOSINT
pip install -e .

External binaries (must be in PATH):

BinaryPurposeInstall
holeheEmail account enumerationpip install holehe
sherlockUsername enumeration (300+ platforms)pip install sherlock-project
sublist3rSubdomain enumerationpip install sublist3r
phoneinfogaPhone number intelligenceDownload binary

If a binary is absent, the corresponding tool returns a descriptive error string. All other tools remain operational.

Quick Start

# Interactive AI REPL (default)
openosint

# Web interface
openosint web

# Direct tool (no AI)
openosint email [email protected]

Configuration

Store all keys in a .env file at the project root (copy .env.example). python-dotenv loads it automatically at startup.

VariableToolRequiredPurpose
ANTHROPIC_API_KEYAI agentYes (or use Ollama / OpenAI)Anthropic API key
OPENAI_BASE_URLAI agentOptionalBase URL of an OpenAI-compatible endpoint (e.g. http://localhost:4000/v1). When set and ANTHROPIC_API_KEY is absent, it is used as the AI backend (takes precedence over Ollama). The model must support tool/function calling.
OPENAI_API_KEYAI agentOptionalAPI key for the OpenAI-compatible endpoint (local servers may ignore it)
OPENAI_MODELAI agentOptionalModel name to request from the endpoint (default: gpt-4o-mini)
HIBP_API_KEYsearch_breachOptionalHaveIBeenPwned v3 — get one
IPINFO_TOKENsearch_ipOptionalipinfo.io higher rate limits
SHODAN_API_KEYsearch_shodanOptionalShodan API — get one
VIRUSTOTAL_API_KEYsearch_virustotalOptionalVirusTotal API v3 — get one
IP2LOCATION_API_KEYsearch_ip2locationOptionalIP2Location.io enhanced IP intelligence — get one (sponsored)
CENSYS_API_ID + CENSYS_SECRETsearch_censysOptionalCensys Search API — get one
ABUSEIPDB_API_KEYsearch_abuseipdbOptionalAbuseIPDB v2 — get one
GITHUB_TOKENsearch_githubOptionalGitHub API — raises rate limit from 60 to 5000 req/h — get one
BRIGHTDATA_API_KEYsearch_dorks_live, scrape_urlOptionalBright Data API key — get one¹ (free tier: 5,000 req/month).
BRIGHTDATA_SERP_ZONEsearch_dorks_liveOptionalYour Bright Data SERP API zone name (e.g. serp_api1). Create one in the Bright Data dashboard¹.
BRIGHTDATA_UNLOCKER_ZONEscrape_urlOptionalYour Bright Data Web Unlocker zone name (e.g. web_unlocker1). Create one in the Bright Data dashboard¹.

Optional Python packages:

PackagePurposeInstall
ollamaLocal LLM backend (no API key)pip install ollama (Python client only — also install the Ollama runtime)
openaiOpenAI-compatible backend for the REPL/CLI (--provider openai)pip install "openosint[openai]" (not required for the Web UI, which has no extra dependency)
shodanShodan API clientpip install shodan
reportlabPDF report exportpip install reportlab
censysCensys API clientpip install censys

Tools

ToolPowered byWhat it investigates
search_emailholeheSocial accounts linked to an email address
search_usernamesherlockUsername presence across 300+ platforms
search_breachHaveIBeenPwned v3 APIData breach exposure
search_whoispython-whoisDomain registrant and DNS info
search_ipipinfo.ioGeolocation, ASN, hostname
search_domainsublist3rSubdomain enumeration
generate_dorksbuilt-in12 targeted Google dork URLs (no network calls)
search_pastepsbdmp.wsPastebin dump mentions
search_phonephoneinfogaCarrier, country, line type
search_shodanShodan APIOpen ports, banners, CVEs
search_virustotalVirusTotal API v3Verdict from 70+ antivirus engines
search_ip2locationIP2Location.io APIEnhanced IP intel: VPN/Proxy/Tor/datacenter flags (sponsored)
search_censysCensys Search APIInternet-facing infrastructure, certificates
search_abuseipdbAbuseIPDB v2 APIIP abuse reputation: confidence score, reports, country, ISP
search_githubGitHub REST APIProfile, repos, commit-discovered emails, username/keyword search
search_dnsdnspython (built-in)A/AAAA/MX/NS/TXT/CNAME/SOA records; SPF, DMARC, DKIM analysis
search_dorks_liveBright Data SERP APILive Google search results for dork queries (title, URL, snippet)
scrape_urlBright Data Web UnlockerFetch any URL bypassing Cloudflare/CAPTCHA — returns clean Markdown

search_email

Enumerates online services linked to an email address using holehe.

openosint email [email protected]
openosint email [email protected] -t 60
OSINT results for '[email protected]':
[+] Spotify        https://open.spotify.com/user/target
[+] WordPress      https://wordpress.com/target
[+] Gravatar       https://gravatar.com/target
[+] Office365      email used

search_username

Searches for a username across 300+ platforms using sherlock.

openosint username johndoe99
openosint username johndoe99 -t 120
OSINT results for username 'johndoe99':
[+] GitHub         https://github.com/johndoe99
[+] Twitter        https://twitter.com/johndoe99
[+] Reddit         https://reddit.com/user/johndoe99

search_breach

Checks data breach exposure via HaveIBeenPwned v3 API. Requires HIBP_API_KEY.

Found in 2 breach(es) for '[email protected]':
[+] LinkedIn (2016-05-05) — leaked: Email addresses, Passwords
[+] Adobe (2013-10-04) — leaked: Email addresses, Password hints

search_whois

Retrieves WHOIS data for a domain using python-whois.

WHOIS results for 'example.com':
[+] Registrar: ICANN
[+] Created: 1995-08-14
[+] Expires: 2024-08-13
[+] Name Servers: A.IANA-SERVERS.NET

search_ip

Retrieves geolocation and ASN data via ipinfo.io. Free tier: 50k/month.

IP intelligence for '8.8.8.8':
[+] Hostname: dns.google
[+] Org: AS15169 Google LLC
[+] City: Mountain View, CA, US

search_domain

Enumerates subdomains using sublist3r.

Subdomains found for 'example.com':
[+] mail.example.com
[+] dev.example.com
[+] api.example.com

generate_dorks

Generates 12 targeted Google dork URLs for any target. No network calls.

Google dork URLs for 'johndoe':
[+] "johndoe" site:linkedin.com
    https://www.google.com/search?q=%22johndoe%22+site%3Alinkedin.com
[+] "johndoe" leaked OR breach OR dump
    https://www.google.com/search?q=%22johndoe%22+leaked+OR+breach+OR+dump

search_paste

Searches Pastebin dumps via psbdmp.ws.

Found in 3 paste(s) for '[email protected]':
[+] https://pastebin.com/aB1cD2eF (2023-04-12)
[+] https://pastebin.com/xY3zA4bC (2022-11-08)

search_phone

Gathers phone intelligence using phoneinfoga. Use E.164 format.

Phone intelligence for '+14155552671':
[+] Country: United States
[+] Carrier: AT&T
[+] Line type: Mobile

search_shodan

Queries the Shodan API. IPv4 input → host lookup (open ports, org, CVEs). Any other query → banner/keyword search. Requires SHODAN_API_KEY.

openosint shodan 8.8.8.8
openosint shodan "apache port:80 country:DE"
openosint shodan 8.8.8.8 -t 30
Shodan host intelligence for '8.8.8.8':
[+] IP: 8.8.8.8
[+] Org: Google LLC
[+] Country: United States
[+] Open ports: 53, 443

search_virustotal

Checks an IP address, domain, URL, or file hash against VirusTotal's 70+ antivirus engines using API v3. Auto-detects input type. Requires VIRUSTOTAL_API_KEY.

openosint virustotal 8.8.8.8
openosint virustotal example.com
openosint virustotal https://example.com/path
openosint virustotal 44d88612fea8a8f36de82e1278abb02f
[VirusTotal] Type: ip
[VirusTotal] ASN: AS15169 Google LLC
[VirusTotal] Malicious: 0
[VirusTotal] Harmless: 72

If any engine flags the target:

[VirusTotal] Malicious: 3
FLAGGED AS MALICIOUS by 3 engines

search_censys

Queries the Censys API. IPv4 input → host view (open ports, services, ASN); domain input → certificate search (SANs, issuer, first/last seen). Requires CENSYS_API_ID and CENSYS_SECRET.

openosint censys 8.8.8.8
openosint censys example.com
[Censys] IP: 8.8.8.8
[Censys] Open Ports: 53, 443, 853
[Censys] Services: DNS, HTTPS, DNS-over-TLS
[Censys] ASN: AS15169 Google LLC
[Censys] Country: United States
[Censys] Domain: example.com
[Censys] Certificates Found: 12
[Censys] Issuer: Let's Encrypt
[Censys] SANs: example.com, www.example.com, api.example.com

search_ip2location

Queries the IP2Location.io API for enhanced IP intelligence: geolocation (country, region, city, coordinates, ZIP), ISP, domain, ASN, and — on the Security Plan — VPN, proxy, Tor exit node, and datacenter detection. Sponsored integration. Requires IP2LOCATION_API_KEY.

openosint ip2location 8.8.8.8
openosint ip2location 2001:4860:4860::8888
[IP2Location] IP: 8.8.8.8
[IP2Location] Country: United States (US)
[IP2Location] Region: California
[IP2Location] City: Mountain View
[IP2Location] ISP: Google LLC
[IP2Location] ASN: AS15169 Google LLC
[IP2Location] VPN: No  |  Proxy: No  |  TOR: No  |  Datacenter: Yes
[IP2Location] Threat: clean

If a VPN, proxy, or Tor exit node is detected:

FLAGGED: VPN/Proxy/Tor detected

search_abuseipdb

Checks an IP address against the AbuseIPDB v2 API for abuse reputation. Returns abuse confidence score (0–100%), total reports, country, ISP, domain, and last reported timestamp. Requires ABUSEIPDB_API_KEY.

openosint abuseipdb 198.51.100.1
openosint abuseipdb 198.51.100.1 -t 30
Abuse intelligence for '198.51.100.1':

[AbuseIPDB] IP: 198.51.100.1
[AbuseIPDB] Abuse Confidence Score: 87%
[AbuseIPDB] Total Reports: 143
[AbuseIPDB] Country: US
[AbuseIPDB] ISP: Example ISP LLC
[AbuseIPDB] Domain: example-isp.net
[AbuseIPDB] Last Reported: 2026-05-20T14:33:00+00:00
⚠️  HIGH ABUSE CONFIDENCE — flagged by AbuseIPDB

The warning line only appears when abuseConfidenceScore exceeds 50%.

search_dorks_live

Executes live Google dork queries for a target through the Bright Data SERP API¹, returning structured results (title, URL, snippet) for each dork. Reuses the same templates as generate_dorks — the offline tool remains unchanged. Each dork is a separate billable API call; defaults to 5 dorks per run. Requires BRIGHTDATA_API_KEY and BRIGHTDATA_SERP_ZONE.

openosint search-dorks-live "john doe"
openosint search-dorks-live "[email protected]" --max-dorks 3
openosint search-dorks-live example.com --max-dorks 5 -t 30
Bright Data live dork search for 'john doe' (5 queries):

[+] Dork: "john doe"
    Title:   John Doe — LinkedIn
    URL:     https://www.linkedin.com/in/johndoe
    Snippet: Software engineer with 10 years of experience...

[+] Dork: "john doe" site:linkedin.com
    Title:   John Doe | LinkedIn
    URL:     https://www.linkedin.com/in/john-doe-12345
    ...

scrape_url

Fetches any public URL through the Bright Data Web Unlocker API¹, bypassing Cloudflare, CAPTCHA, and other bot-protection mechanisms. Returns clean Markdown using the API's native data_format: "markdown" conversion. A general primitive the AI agent can chain after discovering URLs with other tools. Requires BRIGHTDATA_API_KEY and BRIGHTDATA_UNLOCKER_ZONE.

openosint scrape https://example.com
openosint scrape https://protected-site.com -t 60
[Web Unlocker] URL: https://example.com
[Web Unlocker] Remote status: 200

# Example Domain

This domain is for use in illustrative examples in documents.
You may use this domain in literature without prior coordination or asking for permission.
...

Interfaces

Interactive REPL

Run openosint with no arguments to start the AI-powered REPL:

openosint > investigate [email protected]

  -> generate_dorks('[email protected]')
  -> search_email('[email protected]')
  Found: Spotify, WordPress, Gravatar, Office365

  -> search_breach('[email protected]')
  Found in 2 breaches: LinkedIn (2016), Adobe (2013)

  Report saved -> reports/2026-05-11_14-32-11_report.md

REPL commands:

CommandDescription
<target>Investigate any target — email, username, domain, IP, name
clearReset conversation memory
saveSave last report to reports/
toolsList available tools and their status
configShow current configuration
historyBrowse saved sessions
helpShow all commands
exit / Ctrl-DExit

All sessions are auto-saved to ~/.openosint/history/. Browse with openosint history.

Web UI

Introduced in v2.12.0:

openosint web
# Opens http://localhost:8080 automatically

Browser-based AI chat interface with streaming tool output, inline result cards, light/dark theme toggle, and support for fully local inference via Ollama or any OpenAI-compatible endpoint. No Anthropic API key required when using a local backend.

# Install web extras
pip install "openosint[web]"
openosint web

# Use Ollama for fully local inference (no API key)
# Step 1: install the Ollama runtime (separate from the Python library)
#   macOS/Linux:  curl -fsSL https://ollama.com/install.sh | sh
#   Windows:      https://ollama.com/download/windows
# Step 2: start Ollama and pull a model
ollama serve          # start in a terminal (runs automatically as a service on some platforms)
ollama pull llama3.2  # download the model (~2 GB)
# Step 3: launch OpenOSINT and switch to Ollama
openosint web
# Settings -> Ollama (local) -> set model to llama3.2

# Or point at any OpenAI-compatible endpoint (LiteLLM, llama-swap, vLLM, LM Studio, …).
# The selected model must support tool/function calling.
export OPENAI_BASE_URL="http://localhost:4000/v1"
export OPENAI_API_KEY="sk-..."        # optional for local servers
export OPENAI_MODEL="gpt-4o-mini"
openosint web
# Settings -> OpenAI API  (or just start chatting — it is auto-selected when no ANTHROPIC_API_KEY is set)

For the REPL/CLI, the same backend is available via --provider openai:

pip install "openosint[openai]"
openosint --provider openai \
  --openai-base-url http://localhost:4000/v1 \
  --openai-model gpt-4o-mini
Web UI — launch with openosint web

Live Documentation

The interactive documentation at openosint.tech covers every tool, CLI flag, and configuration option.

openosint.tech documentation tour

MCP Server

Expose all 18 OpenOSINT tools to any MCP-compatible AI client. Once connected, Claude can natively invoke all 18 tools during conversations.

Claude Code:

claude mcp add openosint python /absolute/path/to/OpenOSINT/openosint/mcp_server.py
claude mcp list

Claude Desktop — add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "openosint": {
      "command": "python",
      "args": ["/absolute/path/to/OpenOSINT/openosint/mcp_server.py"]
    }
  }
}

Agentic use via Claude Code:

$ claude
> Investigate [email protected]. Trace any username found
  across other platforms and compile a full report.

Docker

# Build and run
docker compose up --build

# One-off command
docker compose run --rm openosint email [email protected] --json

Set ANTHROPIC_API_KEY (and optionally HIBP_API_KEY, IPINFO_TOKEN) in a .env file or export them before running docker compose. Reports are persisted to ./reports/ via a volume mount.

DigitalOcean App Platform: see .do/app.yaml for App Platform configuration.

CLI Reference

Flag / SubcommandDescription
openosintInteractive AI REPL (default)
openosint web [--port N] [--no-browser]Launch browser UI
openosint email ADDRESS [-t N]Direct email scan
openosint username HANDLE [-t N]Direct username scan
openosint shodan QUERY [-t N]Shodan lookup
openosint virustotal TARGET [-t N]VirusTotal lookup
openosint censys TARGET [-t N]Censys lookup
openosint ip2location IP [-t N]IP2Location lookup
openosint abuseipdb IP [-t N]AbuseIPDB reputation check
openosint github QUERY [-t N]GitHub profile/repo/email discovery
openosint dns DOMAIN [-t N]DNS records + email security analysis
openosint multi TARGETSParallel multi-target investigation (max 10)
openosint history [--all] [open N] [clear]View/manage REPL session history
-v, --verboseEnable debug logging to stderr
-t, --timeout NOverride subprocess timeout (seconds)
--api-key KEYAnthropic API key (overrides env var)
--parallelRun complementary tools concurrently
--jsonOutput results as structured JSON
--provider {anthropic,ollama,openai}AI provider (default: anthropic)
--ollama-model MODELOllama model name (default: llama3.2)
--ollama-host URLOllama server URL (default: http://localhost:11434)
--openai-base-url URLOpenAI-compatible endpoint base URL (env: OPENAI_BASE_URL)
--openai-model MODELModel to request from the endpoint (default: gpt-4o-mini; env: OPENAI_MODEL)
--openai-api-key KEYAPI key for the endpoint (env: OPENAI_API_KEY)
--no-pdfDisable automatic PDF generation

Integrations

ServiceURLToolTierAuth
IP2Location.iohttps://www.ip2location.iosearch_ip2locationFeatured (sponsored)API key — free tier
AbuseIPDBhttps://www.abuseipdb.comsearch_abuseipdbCommunityAPI key — free tier
Censyshttps://censys.iosearch_censysCommunityAPI key — free tier
GitHubhttps://github.comsearch_githubCommunityToken optional
HaveIBeenPwnedhttps://haveibeenpwned.comsearch_breachCommunityAPI key — paid
holehehttps://github.com/megadose/holehesearch_emailCommunityNone — local binary
ipinfo.iohttps://ipinfo.iosearch_ipCommunityToken optional
phoneinfogahttps://github.com/sundowndev/phoneinfogasearch_phoneCommunityNone — local binary
psbdmp.wshttps://psbdmp.wssearch_pasteCommunityNone
sherlockhttps://github.com/sherlock-project/sherlocksearch_usernameCommunityNone — local binary
Shodanhttps://shodan.iosearch_shodanCommunityAPI key — free tier
sublist3rhttps://github.com/aboul3la/Sublist3rsearch_domainCommunityNone — local binary
VirusTotalhttps://www.virustotal.comsearch_virustotalCommunityAPI key — free tier
WHOIS (IANA)https://www.iana.org/whoissearch_whoisCommunityNone
DNS (system resolver)search_dnsCommunityNone
Google Searchhttps://www.google.comgenerate_dorksCommunityNone

Resources

OpenOSINT is used by OSINT practitioners, security researchers, and developers actively evaluating intelligence APIs. Every time a user configures an integration, the docs route them to that provider's sign-up page — high-intent exposure at the moment of adoption.

Featured Integration ($2,000/year or $220/month): recommended/default provider for one tool category, exclusive. Logo + badge across README, docs, CLI banner, and Web UI. One vendor per category.

Open categories: proxy detection · breach/credential data · threat & domain intel · email/identity lookup

→ Full media kit and pricing: openosint.tech/sponsors.html

Current sponsors

IP2Location

IP2Location.io — Featured Integration · IP Geolocation & IP Intelligence

Enhanced IP geolocation, ISP, VPN/Proxy/Tor, and datacenter detection. Powers search_ip2location.

Open Collective · [email protected] · SPONSORSHIP.md

Contributing

Issues and pull requests are welcome. See CONTRIBUTING.md for the development workflow, integration registration checklist, and coding conventions. Please read DISCLAIMER.md before contributing.

Maintainer

Tommaso Bertocchi

Contributors

ContributorContribution
@consociovenv/uv-tool binary resolution fix — co-installed tools are now found without a separate activation step (#6)

SERVICES

The framework is free and MIT-licensed. This is an optional paid setup service offered by the maintainer.

OSINT-MCP Setup Sprint — done-for-you installation and configuration of an autonomous OSINT-MCP pipeline on your environment. Fully async, no calls required.

Includes:

  • Pre-configured OpenOSINT setup tailored to your stack (Claude Code, Claude Desktop, or any MCP client)
  • API keys wired in (Shodan, VirusTotal, IP2Location, HaveIBeenPwned, and others as needed)
  • One investigation workflow built around your use case
  • Written step-by-step setup guide + screen-recorded walkthrough
  • 1-page runbook
  • Async email support for 7 days

Delivery: 3–5 days, fully async.

For: SOC analysts · threat-intel teams · fraud/AML · pentesters · OSINT investigators

Founding pricing available for early teams — inquire.

→ Email [email protected] · LinkedIn ·

For authorized use only. See DISCLAIMER.md.

License

OpenOSINT is open source under the MIT License — free for personal, academic, and open source use.

For commercial use in closed-source products, a separate license is required. → Full details


¹ Bright Data links in this README are affiliate/referral links — OpenOSINT earns a commission if you sign up through them, at no extra cost to you.

For authorized security research only. See DISCLAIMER.md.

OpenOSINT v2.22.0 — June 2026

Star History

Star History Chart

// compatibility

Platformscli, api, desktop, web, mobile
Operating systems
AI compatibilityclaude
LicenseMIT
Pricingopen-source
LanguagePython

// faq

What is OpenOSINT?

AI-powered OSINT agent with interactive REPL, MCP server, and CLI. 16 tools. Works with Claude, GPT-4, or local models. For authorized security research only.. It is open-source on GitHub.

Is OpenOSINT free to use?

OpenOSINT is open-source under the MIT license, so it is free to use.

What category does OpenOSINT belong to?

OpenOSINT is listed under devtools in the Claudeers registry of Claude-compatible tools.

0 views
907 stars
unclaimed
updated 15 days ago

// embed badge

OpenOSINT on Claudeers
[![Claudeers](https://claudeers.com/api/badge/openosint.svg)](https://claudeers.com/openosint)

// retro hit counter

OpenOSINT hit counter
[![Hits](https://claudeers.com/api/counter/openosint.svg)](https://claudeers.com/openosint)

// reviews

// guestbook

0/500

// related in Automation & Workflows

🔓

The API to search, scrape, and interact with the web at scale. 🔥

// automationfirecrawl/TypeScript143,720AGPL-3.0[ claude ]
🔓

The agent that grows with you

// automationNousResearch/Python211,605MIT[ claude ]
🔓

An open-source long-horizon SuperAgent harness that researches, codes, and creates. With the help of sandboxes, memories, tools, skill, subagents and message…

// automationbytedance/Python76,016MIT[ claude ]
🔓

🗂 The essential checklist for modern web development, for humans and AI agents

// automationthedaviddias/MDX73,123[ claude ]
→ see how OpenOSINT connects across the ecosystem