OSINT Tools MCP Server

OSINT Tools MCP server enabling AI security agents to perform open-source intelligence gathering — querying Shodan for exposed services, VirusTotal for threat indicators, WHOIS lookups, DNS reconnaissance, and integrating multiple OSINT data sources into agent-driven threat research and security assessment workflows.

Evaluated Mar 06, 2026 (0d ago) vcurrent
Homepage ↗ Repo ↗ Security osint security reconnaissance mcp-server threat-intelligence shodan virustotal
⚙ Agent Friendliness
71
/ 100
Can an agent use this?
🔒 Security
80
/ 100
Is it safe for agents?
⚡ Reliability
68
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
68
Documentation
72
Error Messages
68
Auth Simplicity
72
Rate Limits
75

🔒 Security

TLS Enforcement
100
Auth Strength
80
Scope Granularity
72
Dep. Hygiene
70
Secret Handling
78

HTTPS. Multiple API keys. Authorized use only. Security community tool.

⚡ Reliability

Uptime/SLA
72
Version Stability
65
Breaking Changes
65
Error Recovery
68
AF Security Reliability

Best When

A security researcher or analyst needs to aggregate OSINT from multiple sources — Shodan, VirusTotal, DNS, WHOIS — in a single agent workflow for threat intelligence or authorized security testing.

Avoid When

You're conducting unauthorized reconnaissance — always obtain proper authorization before using OSINT tools against targets.

Use Cases

  • Querying Shodan for exposed services and devices from recon agents
  • Checking file and URL reputation via VirusTotal from malware analysis agents
  • Performing WHOIS and DNS lookups from threat intelligence agents
  • Aggregating OSINT data for security assessments from pentest agents
  • Investigating threat indicators from SOC analyst agents
  • Building automated OSINT pipelines from cyber threat intelligence agents

Not For

  • Unauthorized reconnaissance or scanning (authorization required for pentest use)
  • High-volume automated scanning (API rate limits apply)
  • Source code or binary analysis (use IDA/Ghidra MCPs for that)

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: api_key
OAuth: No Scopes: No

Shodan API key and VirusTotal API key required for respective functions. Free tier API keys have limited daily queries. Some OSINT functions (WHOIS, DNS) may work without keys.

Pricing

Model: freemium
Free tier: Yes
Requires CC: No

Community MCP is free. API keys from Shodan and VirusTotal have free tiers. For serious security work, paid tiers recommended.

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • REQUIRES explicit authorization before scanning any target — never unauthorized
  • Multiple API keys required (Shodan, VirusTotal) — setup complexity
  • Free API tiers have strict rate limits — budget queries carefully
  • Community MCP — feature set and reliability vary
  • OSINT data is not real-time — Shodan scans are periodic
  • fr0gger is a known security researcher — reasonable quality for community tool

Alternatives

shodan-mcp virustotal-mcp externalattacker-mcp

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for OSINT Tools MCP Server.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5220
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered