MCP OSINT Server

MCP server providing Open Source Intelligence (OSINT) capabilities to AI agents — enabling agents to gather publicly available information about individuals, organizations, domains, IP addresses, and digital assets. Integrates OSINT tools and techniques into agent-driven threat intelligence and security research workflows.

Evaluated Mar 06, 2026 (0d ago) vcurrent
Homepage ↗ Repo ↗ Security osint open-source-intelligence security mcp-server reconnaissance threat-intelligence
⚙ Agent Friendliness
64
/ 100
Can an agent use this?
🔒 Security
76
/ 100
Is it safe for agents?
⚡ Reliability
59
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
60
Documentation
60
Error Messages
58
Auth Simplicity
80
Rate Limits
72

🔒 Security

TLS Enforcement
85
Auth Strength
78
Scope Granularity
70
Dep. Hygiene
68
Secret Handling
78

Authorized use only. OSINT collection may implicate privacy laws. Ensure legal authorization for all data collection. Multiple API keys may be needed — manage credentials carefully.

⚡ Reliability

Uptime/SLA
58
Version Stability
60
Breaking Changes
58
Error Recovery
60
AF Security Reliability

Best When

An authorized security researcher or threat intelligence analyst needs AI-assisted OSINT gathering — combining public data sources with agent reasoning for structured intelligence collection.

Avoid When

The purpose is surveillance rather than authorized security research — OSINT must be used ethically and within legal frameworks. Always verify purpose and authorization.

Use Cases

  • Gathering publicly available information about targets from authorized security research agents
  • Domain and IP reconnaissance from penetration testing agents
  • Investigating digital footprints for corporate threat intelligence from SOC agents
  • Supporting authorized red team exercises with OSINT data collection

Not For

  • Unauthorized surveillance or stalking of individuals
  • Scraping personally identifiable information without consent where restricted by GDPR/CCPA
  • Competitive intelligence gathering that violates ToS of target platforms

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: api_key
OAuth: No Scopes: No

Various API keys may be required depending on OSINT data sources configured (Shodan, VirusTotal, WHOIS APIs, etc.). Configuration depends on which sources are enabled.

Pricing

Model: free
Free tier: Yes
Requires CC: No

Free open source MCP server. Underlying OSINT data sources have their own costs. Some sources (WHOIS, DNS) are free; others (Shodan, proprietary databases) have fees.

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • ETHICAL/LEGAL: OSINT must be conducted for authorized security research — verify legal jurisdiction
  • GDPR/CCPA may restrict collection of PII even from public sources — know your jurisdiction
  • Rate limits on external OSINT APIs can block agent loops — implement request budgets
  • Data freshness varies by source — cross-validate findings across multiple sources
  • Community tool with limited testing — verify OSINT source quality and accuracy

Alternatives

shodan-mcp-server maltego-mcp recon-ng-mcp

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for MCP OSINT Server.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5220
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered