MCP Hub
Back to servers

OSINT MCP Server

A comprehensive MCP server providing tools for IP, domain, email, and image-based open-source intelligence. It integrates services like Shodan, VirusTotal, and HaveIBeenPwned to facilitate advanced security research and data gathering.

glama
Updated
Mar 9, 2026
View Source
Claim this server

OSINT MCP Server

A comprehensive Model Context Protocol (MCP) server providing a wide range of OSINT (Open Source Intelligence) tools.

Features

  • IP Intelligence: Geolocation (ip-api.com), Shodan, GreyNoise, OTX
  • Domain Intelligence: WHOIS (RDAP, Shodan), DNS (Robtex, HackerTarget), SSL Certificates (crt.sh), Subdomain Enumeration
  • Email OSINT: HaveIBeenPwned breach checking, Hunter.io domain search
  • Search: Exa Web Search, ZoomEye
  • Image OSINT: Reverse Image Search (SauceNAO), Image Tagging (Imagga), Visual Analysis (Google Vision)

Prerequisites

  • Node.js 20+
  • API Keys for various services (optional but recommended for full functionality)

Installation

  1. Clone the repository
  2. Install dependencies: 
    npm install
  3. Build the project: 
    npm run build

Configuration

You can configure API keys using environment variables or a config.json file in the root directory.

Example config.json

{
  "SHODAN_API_KEY": "your_shodan_key",
  "HIBP_API_KEY": "your_hibp_key",
  "EXA_API_KEY": "your_exa_key",
  "VIRUSTOTAL_API_KEY": "your_vt_key",
  "HUNTER_API_KEY": "your_hunter_key",
  "GREYNOISE_API_KEY": "your_greynoise_key",
  "ALIENVAULT_API_KEY": "your_otx_key",
  "SECURITYTRAILS_API_KEY": "your_st_key",
  "ZOOMEYE_API_KEY": "your_zoomeye_key",
  "SAUCENAO_API_KEY": "your_saucenao_key",
  "IMAGGA_API_KEY": "your_imagga_key",
  "IMAGGA_API_SECRET": "your_imagga_secret",
  "GOOGLE_CLOUD_API_KEY": "your_google_key",
  "PORT": 3000,
  "HOST": "0.0.0.0"
}

Usage

Stdio Transport (Default for many MCP clients)

node dist/index.js --stdio

HTTP Transport

npm start

The server will be available at http://localhost:3000/mcp.

Tools

Tool NameDescription
ip_geolocationGet geolocation data for an IP address
whois_lookupPerform RDAP WHOIS lookup for a domain
dns_lookupGet passive DNS records from Robtex
check_breachesCheck if an email has been compromised (HIBP)
shodan_hostGet host details from Shodan
shodan_whoisPerform WHOIS lookup via Shodan Labs
ssl_certsLookup SSL certificates on crt.sh
url_reputationCheck URL reputation on VirusTotal
dns_enumerationPerform DNS enumeration via HackerTarget
subdomain_enumFind subdomains using multiple sources
hunter_domain_searchSearch for email addresses on a domain
greynoise_ip_contextGet IP context from GreyNoise
otx_indicator_detailsGet threat intel from AlienVault OTX
securitytrails_subdomainsFind subdomains via SecurityTrails
zoomeye_host_searchSearch hosts on ZoomEye
reverse_image_search_animeSearch anime/art images on SauceNAO
image_taggingTag and categorize images with Imagga
google_vision_analyzeAnalyze images with Google Vision
web_searchPerform web search via Exa

License

MIT

Reviews

No reviews yet

Sign in to write a review