[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-76180":3},{"id":4,"name":5,"fullName":6,"owner":5,"repo":5,"description":7,"homepage":8,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":9,"rankLanguage":9,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":24,"topics":25,"createdAt":9,"pushedAt":9,"updatedAt":41,"readmeContent":42,"aiSummary":43,"trendingCount":15,"starSnapshotCount":15,"syncStatus":44,"lastSyncTime":45,"discoverSource":46},76180,"OpenOSINT","OpenOSINT\u002FOpenOSINT","AI-powered OSINT agent with interactive REPL, MCP server, and CLI. 16 tools. Works with Claude, GPT-4, or local models. For authorized security research only.","https:\u002F\u002Fopenosint.tech",null,"Python",602,103,7,3,0,93,115,509,279,10.05,"MIT License",false,"main",true,[26,27,28,29,30,31,32,33,34,35,36,37,38,39,40],"ai-agent","anthropic","claude","cli","cybersecurity","holehe","information-gathering","mcp","open-source","osint","python","recon","security","sherlock","terminal","2026-06-12 02:03:40","# OPENOSINT(1) — General Commands Manual\n\n\u003Cdiv align=\"center\">\n \u003Cimg src=\"docs\u002Flogo.svg\" alt=\"OpenOSINT\" width=\"320\">\n\u003C\u002Fdiv>\n\n\u003Cbr>\n\n[![Release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002FOpenOSINT\u002FOpenOSINT?label=release&style=flat-square)](https:\u002F\u002Fgithub.com\u002FOpenOSINT\u002FOpenOSINT\u002Freleases)\n[![Python](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fpython-3.10%2B-blue?style=flat-square)](https:\u002F\u002Fwww.python.org\u002F)\n[![MCP](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Fprotocol-MCP-blueviolet?style=flat-square)](https:\u002F\u002Fmodelcontextprotocol.io\u002F)\n[![PyPI](https:\u002F\u002Fimg.shields.io\u002Fpypi\u002Fv\u002Fopenosint?style=flat-square)](https:\u002F\u002Fpypi.org\u002Fproject\u002Fopenosint\u002F)\n[![License: MIT](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-MIT-green?style=flat-square)](LICENSE)\n[![Sponsored by IP2Location](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSponsored%20by-IP2Location-0066CC?style=flat-square)](https:\u002F\u002Fwww.ip2location.com)\n\n> ⚠️ **Legal Disclaimer**: OpenOSINT is intended for **legal and authorized use only**.\n> Users are solely responsible for ensuring their use complies with all applicable laws.\n> The authors accept no liability for misuse. See [DISCLAIMER.md](DISCLAIMER.md).\n\n\u003Cdiv align=\"center\">\n \u003Cimg src=\"assets\u002Fdemo.gif\" alt=\"OpenOSINT demo\" width=\"700\">\n\u003C\u002Fdiv>\n\n---\n\n## NAME\n\n**openosint** — AI-powered OSINT agent, MCP server, and CLI for Open Source Intelligence.\n\n---\n\n## SYNOPSIS\n\n```\nopenosint # interactive AI REPL (default)\nopenosint shell # same as above\nopenosint email ADDRESS [-t N] # direct email scan, no AI\nopenosint username HANDLE [-t N] # direct username scan, no AI\nopenosint shodan QUERY [-t N] # Shodan lookup, no AI\nopenosint virustotal TARGET [-t N] # VirusTotal lookup, no AI\nopenosint censys TARGET [-t N] # Censys lookup, no AI\nopenosint multi TARGETS # multi-target parallel investigation\nopenosint --parallel email ADDRESS # parallel: search_email + search_breach\nopenosint --parallel username HANDLE # parallel: search_username + search_paste\nopenosint --json email ADDRESS # JSON output\nopenosint --provider ollama # use local Ollama instead of Anthropic\nopenosint [-v] [--api-key KEY]\n```\n\n---\n\n## DESCRIPTION\n\n**openosint** is a modular OSINT framework with three interfaces:\n\n**Interactive REPL** (default) — a Claude Code-style terminal where you type targets or questions in natural language. The AI agent decides which tools to run, chains them intelligently based on findings, and compiles a structured report.\n\n**Direct CLI** — run individual OSINT tools without AI for scripting or quick lookups.\n\n**MCP Server** — expose all 12 tools to any MCP-compatible AI client (Claude Code, Claude Desktop).\n\nThe framework is built on Python `asyncio`. All external binaries run as managed subprocesses with hard timeout enforcement. The AI layer uses the Anthropic native tool use API — or a local [Ollama](https:\u002F\u002Follama.com) model (no API key required). When using Anthropic, the model issues hard stops when it needs a tool, your code executes it, the real output goes back. Hallucination in tool results is structurally impossible.\n\n---\n\n## ⭐ Support the Project\n\nIf OpenOSINT is useful to you, please consider starring the repository.\nStars help the project grow and reach more developers.\n\n[![GitHub Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002FOpenOSINT\u002FOpenOSINT?style=social)](https:\u002F\u002Fgithub.com\u002FOpenOSINT\u002FOpenOSINT\u002Fstargazers)\n\n---\n\n## ARCHITECTURE\n\n| Layer | Path | Responsibility |\n|-------|------|----------------|\n| Core tools | `openosint\u002Ftools\u002F` | Async wrappers around external OSINT binaries and APIs. Stateless. |\n| AI agent | `openosint\u002Fagent.py` | Anthropic tool use loop. Maintains conversation history. |\n| REPL | `openosint\u002Frepl.py` | Interactive terminal session. prompt_toolkit + Rich. |\n| MCP server | `openosint\u002Fmcp_server.py` | MCP tool schema exposure for AI clients. |\n| CLI | `openosint\u002Fcli.py` | Entry point. Launches REPL or direct commands. |\n\nNo layer imports from a layer above it.\n\n---\n\n## INSTALLATION\n\nRequires Python 3.10 or later.\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002FOpenOSINT\u002FOpenOSINT.git\ncd OpenOSINT\npip install -e .\n```\n\nSet your Anthropic API key (not required when using Ollama):\n\n```bash\nexport ANTHROPIC_API_KEY=sk-ant-...\n```\n\n**Optional: use a local Ollama model instead of Anthropic:**\n\n```bash\n# Install Ollama from https:\u002F\u002Follama.com, then:\nollama pull llama3.2\npip install ollama\nopenosint --provider ollama\n```\n\n**External dependencies** (must be present in `PATH`):\n\n| Binary | Purpose | Install |\n|--------|---------|---------|\n| `holehe` | Email account enumeration | `pip install holehe` |\n| `sherlock` | Username enumeration (300+ platforms) | `pip install sherlock-project` |\n| `sublist3r` | Subdomain enumeration | `pip install sublist3r` |\n| `phoneinfoga` | Phone number intelligence | [Download binary](https:\u002F\u002Fgithub.com\u002Fsundowndev\u002Fphoneinfoga\u002Freleases) |\n\nIf a binary is absent, the corresponding tool returns a descriptive error string. All other tools remain operational.\n\n**Optional environment variables:**\n\n| Variable | Tool | Purpose |\n|----------|------|---------|\n| `HIBP_API_KEY` | `search_breach` | HaveIBeenPwned API key — [get one here](https:\u002F\u002Fhaveibeenpwned.com\u002FAPI\u002FKey) |\n| `IPINFO_TOKEN` | `search_ip` | ipinfo.io token for higher rate limits |\n| `IP2LOCATION_API_KEY` | `search_ip2location` | IP2Location API key — [get one here](https:\u002F\u002Fwww.ip2location.io\u002Fpricing) |\n| `SHODAN_API_KEY` | `search_shodan` | Shodan API key — [get one here](https:\u002F\u002Faccount.shodan.io) |\n| `VIRUSTOTAL_API_KEY` | `search_virustotal` | VirusTotal API key — [get one here](https:\u002F\u002Fwww.virustotal.com\u002Fgui\u002Fmy-apikey) |\n| `CENSYS_API_ID` | `search_censys` | Censys API ID — [get one here](https:\u002F\u002Fcensys.io\u002Faccount) |\n| `CENSYS_SECRET` | `search_censys` | Censys API Secret — [get one here](https:\u002F\u002Fcensys.io\u002Faccount) |\n\n**Optional Python packages:**\n\n| Package | Purpose | Install |\n|---------|---------|---------|\n| `ollama` | Local LLM backend (no API key) | `pip install ollama` |\n| `shodan` | Shodan API client | `pip install shodan` |\n| `reportlab` | PDF report export | `pip install reportlab` |\n| `censys` | Censys API client | `pip install censys` |\n\n---\n\n## INTERACTIVE REPL\n\nRun `openosint` with no arguments to start the AI-powered REPL:\n\n```\nopenosint ❯ investigate target@example.com\n\n → generate_dorks('target@example.com')\n → search_email('target@example.com')\n ✓ Found: Spotify, WordPress, Gravatar, Office365\n\n → search_breach('target@example.com')\n ✓ Found in 2 breaches: LinkedIn (2016), Adobe (2013)\n\n ╭──────────────────── Report ────────────────────╮\n │ ## Summary │\n │ Single target identified — high confidence. │\n │ │\n │ ## Online Presence │\n │ Spotify · WordPress · Gravatar · Office365 │\n │ │\n │ ## Data Breaches │\n │ LinkedIn (2016) · Adobe (2013) │\n │ │\n │ ## Conclusion │\n │ Moderate footprint. Credential rotation │\n │ advised given breach exposure. │\n ╰────────────────────────────────────────────────╯\n\n ✓ Report saved → reports\u002F2026-05-11_14-32-11_report.md\n```\n\n**REPL commands:**\n\n| Command | Description |\n|---------|-------------|\n| `\u003Ctarget>` | Investigate any target — email, username, domain, IP, name |\n| `clear` | Reset conversation memory |\n| `save` | Save last report to `reports\u002F` |\n| `tools` | List available tools and their status |\n| `config` | Show current configuration |\n| `help` | Show all commands |\n| `exit` \u002F Ctrl-D | Exit |\n\nReports are auto-saved after every investigation containing structured findings.\n\n---\n\n## TOOLS\n\n| Tool | Method | What it finds |\n|------|--------|---------------|\n| `search_email` | holehe | Social accounts linked to an email |\n| `search_username` | sherlock | Accounts across 300+ platforms |\n| `search_breach` | HaveIBeenPwned API | Data breach exposure |\n| `search_whois` | python-whois | Domain registrant info |\n| `search_ip` | ipinfo.io | Geolocation, ASN, hostname |\n| `search_domain` | sublist3r | Subdomain enumeration |\n| `generate_dorks` | built-in | Google dork URL generation |\n| `search_paste` | psbdmp.ws | Pastebin dump mentions |\n| `search_phone` | phoneinfoga | Carrier, country, line type |\n| `search_shodan` | Shodan API | Open ports, banners, CVEs |\n| `search_virustotal` | VirusTotal API v3 | Malicious\u002Fclean verdict from 70+ engines |\n| `search_censys` | Censys API | Open ports, services, certificate history |\n| `search_ip2location` | IP2Location API | Geolocation, ISP, VPN\u002FProxy\u002FTor\u002FDatacenter detection |\n\n### search_email\n\nEnumerates online services linked to an email address using [holehe](https:\u002F\u002Fgithub.com\u002Fmegadose\u002Fholehe).\n\n**MCP parameter:** `email` (string, required)\n\n**CLI:**\n```bash\n$ openosint email target@example.com\n$ openosint email target@example.com -t 60\n```\n\n**Output:**\n```\nOSINT results for 'target@example.com':\n[+] Spotify https:\u002F\u002Fopen.spotify.com\u002Fuser\u002Ftarget\n[+] WordPress https:\u002F\u002Fwordpress.com\u002Ftarget\n[+] Gravatar https:\u002F\u002Fgravatar.com\u002Ftarget\n[+] Office365 email used\n```\n\n---\n\n### search_username\n\nSearches for a username across 300+ platforms using [sherlock](https:\u002F\u002Fgithub.com\u002Fsherlock-project\u002Fsherlock).\n\n**MCP parameter:** `username` (string, required)\n\n**CLI:**\n```bash\n$ openosint username johndoe99\n$ openosint username johndoe99 -t 120\n```\n\n**Output:**\n```\nOSINT results for username 'johndoe99':\n[+] GitHub https:\u002F\u002Fgithub.com\u002Fjohndoe99\n[+] Twitter https:\u002F\u002Ftwitter.com\u002Fjohndoe99\n[+] Reddit https:\u002F\u002Freddit.com\u002Fuser\u002Fjohndoe99\n```\n\n---\n\n### search_breach\n\nChecks data breach exposure via [HaveIBeenPwned v3 API](https:\u002F\u002Fhaveibeenpwned.com\u002FAPI\u002Fv3). Requires `HIBP_API_KEY`.\n\n**MCP parameter:** `email` (string, required)\n\n**Output:**\n```\nFound in 2 breach(es) for 'target@example.com':\n[+] LinkedIn (2016-05-05) — leaked: Email addresses, Passwords\n[+] Adobe (2013-10-04) — leaked: Email addresses, Password hints\n```\n\n---\n\n### search_whois\n\nRetrieves WHOIS data for a domain using [python-whois](https:\u002F\u002Fgithub.com\u002Frichardpenman\u002Fwhois).\n\n**MCP parameter:** `domain` (string, required)\n\n**Output:**\n```\nWHOIS results for 'example.com':\n[+] Registrar: ICANN\n[+] Created: 1995-08-14\n[+] Expires: 2024-08-13\n[+] Name Servers: A.IANA-SERVERS.NET\n```\n\n---\n\n### search_ip\n\nRetrieves geolocation and ASN data via [ipinfo.io](https:\u002F\u002Fipinfo.io). Free tier: 50k\u002Fmonth.\n\n**MCP parameter:** `ip` (string, required)\n\n**Output:**\n```\nIP intelligence for '8.8.8.8':\n[+] Hostname: dns.google\n[+] Org: AS15169 Google LLC\n[+] City: Mountain View, CA, US\n```\n\n---\n\n### search_domain\n\nEnumerates subdomains using [sublist3r](https:\u002F\u002Fgithub.com\u002Faboul3la\u002FSublist3r).\n\n**MCP parameter:** `domain` (string, required)\n\n**Output:**\n```\nSubdomains found for 'example.com':\n[+] mail.example.com\n[+] dev.example.com\n[+] api.example.com\n```\n\n---\n\n### generate_dorks\n\nGenerates 12 targeted Google dork URLs for any target. No network calls.\n\n**MCP parameter:** `target` (string, required)\n\n**Output:**\n```\nGoogle dork URLs for 'johndoe':\n[+] \"johndoe\" site:linkedin.com\n https:\u002F\u002Fwww.google.com\u002Fsearch?q=%22johndoe%22+site%3Alinkedin.com\n[+] \"johndoe\" leaked OR breach OR dump\n https:\u002F\u002Fwww.google.com\u002Fsearch?q=%22johndoe%22+leaked+OR+breach+OR+dump\n```\n\n---\n\n### search_paste\n\nSearches Pastebin dumps via [psbdmp.ws](https:\u002F\u002Fpsbdmp.ws).\n\n**MCP parameter:** `query` (string, required)\n\n**Output:**\n```\nFound in 3 paste(s) for 'target@example.com':\n[+] https:\u002F\u002Fpastebin.com\u002FaB1cD2eF (2023-04-12)\n[+] https:\u002F\u002Fpastebin.com\u002FxY3zA4bC (2022-11-08)\n```\n\n---\n\n### search_phone\n\nGathers phone intelligence using [phoneinfoga](https:\u002F\u002Fgithub.com\u002Fsundowndev\u002Fphoneinfoga). Use E.164 format.\n\n**MCP parameter:** `phone` (string, required)\n\n**Output:**\n```\nPhone intelligence for '+14155552671':\n[+] Country: United States\n[+] Carrier: AT&T\n[+] Line type: Mobile\n```\n\n---\n\n### search_shodan\n\nQueries the [Shodan](https:\u002F\u002Fshodan.io) API. If the query is an IPv4 address, performs a host lookup (open ports, org, vulnerabilities). Otherwise performs a keyword\u002Fbanner search.\n\n**MCP parameter:** `query` (string, required) — IP address or any Shodan search query\n\n**CLI:**\n```bash\n$ openosint shodan 8.8.8.8\n$ openosint shodan \"apache port:80 country:DE\"\n$ openosint shodan 8.8.8.8 -t 30\n```\n\n**Output:**\n```\nShodan host intelligence for '8.8.8.8':\n[+] IP: 8.8.8.8\n[+] Org: Google LLC\n[+] Country: United States\n[+] Open ports: 53, 443\n```\n\nRequires `SHODAN_API_KEY` environment variable.\n\n---\n\n### search_virustotal\n\nChecks an IP address, domain, URL, or file hash against [VirusTotal](https:\u002F\u002Fwww.virustotal.com)'s 70+ antivirus engines using the VirusTotal API v3. Auto-detects the input type.\n\n**MCP parameter:** `target` (string, required) — IPv4 address, domain, full URL, or file hash (MD5\u002FSHA-1\u002FSHA-256)\n\n**CLI:**\n```bash\n$ openosint virustotal 8.8.8.8\n$ openosint virustotal example.com\n$ openosint virustotal https:\u002F\u002Fexample.com\u002Fpath\n$ openosint virustotal 44d88612fea8a8f36de82e1278abb02f # MD5 hash\n$ openosint virustotal 8.8.8.8 -t 30\n```\n\n**Output:**\n```\n[VirusTotal] Type: ip\n[VirusTotal] Country: US\n[VirusTotal] ASN: AS15169 Google LLC\n[VirusTotal] Network: 8.8.8.0\u002F24\n[VirusTotal] Malicious: 0\n[VirusTotal] Suspicious: 0\n[VirusTotal] Harmless: 72\n[VirusTotal] Undetected: 10\n```\n\nIf any engine flags the target as malicious:\n```\n[VirusTotal] Malicious: 3\n⚠️ FLAGGED AS MALICIOUS by 3 engines\n```\n\nRequires `VIRUSTOTAL_API_KEY` environment variable.\n\n---\n\n### search_censys\n\nQueries the [Censys](https:\u002F\u002Fcensys.io) API for internet-facing infrastructure data. Auto-detects the input type: IPv4 address → host view (open ports, services, ASN, country); domain → certificate search (SANs, issuer, first\u002Flast seen).\n\n**MCP parameter:** `target` (string, required) — IPv4 address or domain name\n\n**CLI:**\n```bash\n$ openosint censys 8.8.8.8\n$ openosint censys example.com\n$ openosint censys 8.8.8.8 -t 30\n```\n\n**Output (IP):**\n```\n[Censys] Type: ip\n[Censys] IP: 8.8.8.8\n[Censys] Open Ports: 53, 443, 853\n[Censys] Services: DNS, HTTPS, DNS-over-TLS\n[Censys] ASN: AS15169 Google LLC\n[Censys] Country: United States\n[Censys] Last Updated: 2026-05-18\n```\n\n**Output (domain):**\n```\n[Censys] Type: domain\n[Censys] Domain: example.com\n[Censys] Certificates Found: 12\n[Censys] Issuer: Let's Encrypt\n[Censys] SANs: example.com, www.example.com, api.example.com\n[Censys] First Seen: 2020-01-15\n[Censys] Last Seen: 2026-05-10\n```\n\nRequires `CENSYS_API_ID` and `CENSYS_SECRET` environment variables.\n\n---\n\n### search_ip2location\n\nQueries the [IP2Location.io](https:\u002F\u002Fwww.ip2location.io) API for enhanced IP intelligence. Returns geolocation (country, region, city, coordinates, ZIP), ISP, domain, and ASN. On the Security Plan, also detects whether the address is a VPN, proxy, Tor exit node, or datacenter host. Sponsored integration.\n\n**MCP parameter:** `ip` (string, required) — IPv4 or IPv6 address\n\n**Requires:** `IP2LOCATION_API_KEY` environment variable — [get one here](https:\u002F\u002Fwww.ip2location.io\u002Fpricing)\n\n**CLI:**\n```bash\n$ openosint ip2location 8.8.8.8\n$ openosint ip2location 2001:4860:4860::8888\n$ openosint ip2location 8.8.8.8 -t 30\n```\n\n**Output:**\n```\n[IP2Location] IP: 8.8.8.8\n[IP2Location] Country: United States (US)\n[IP2Location] Region: California\n[IP2Location] City: Mountain View\n[IP2Location] Latitude: 37.38605\n[IP2Location] Longitude: -122.08385\n[IP2Location] ZIP: 94035\n[IP2Location] ISP: Google LLC\n[IP2Location] Domain: google.com\n[IP2Location] ASN: AS15169 Google LLC\n[IP2Location] Proxy: No\n[IP2Location] VPN: No\n[IP2Location] TOR: No\n[IP2Location] Datacenter: Yes\n[IP2Location] Threat: clean\n```\n\nIf a VPN, proxy, or Tor exit node is detected:\n```\n⚠️ FLAGGED: VPN\u002FProxy\u002FTor detected\n```\n\nRequires `IP2LOCATION_API_KEY` environment variable.\n\n---\n\n## DIRECT CLI COMMANDS\n\n```\nemail ADDRESS [-t SECONDS]\n```\nEnumerate services for *ADDRESS* via holehe. Default timeout: 120s.\n\n```\nusername HANDLE [-t SECONDS]\n```\nEnumerate platforms for *HANDLE* via sherlock. Default timeout: 180s.\n\n```\nshodan QUERY [-t SECONDS]\n```\nShodan host lookup (IP) or keyword search. Default timeout: 30s. Requires `SHODAN_API_KEY`.\n\n```\nvirustotal TARGET [-t SECONDS]\n```\nCheck an IPv4 address, domain, URL, or file hash (MD5\u002FSHA-1\u002FSHA-256) against VirusTotal. Auto-detects input type. Default timeout: 30s. Requires `VIRUSTOTAL_API_KEY`.\n\n```\ncensys TARGET [-t SECONDS]\n```\nCensys host view for an IPv4 address (open ports, services, ASN) or certificate search for a domain (SANs, issuer, first\u002Flast seen). Default timeout: 30s. Requires `CENSYS_API_ID` and `CENSYS_SECRET`.\n\n```\nmulti TARGETS\n```\nInvestigate multiple targets in parallel. *TARGETS* is either a comma-separated list or a path to a file with one target per line. Maximum 10 targets. Each target gets its own report; a summary report is also generated.\n\n**Flags:**\n\n| Flag | Description |\n|------|-------------|\n| `-v, --verbose` | Enable debug logging to stderr. |\n| `-t, --timeout N` | Override subprocess timeout (seconds). |\n| `--api-key KEY` | Anthropic API key (overrides env var). |\n| `--parallel` | Run independent complementary tools concurrently via `asyncio.gather()`. For `email`: runs `search_email` + `search_breach` in parallel. For `username`: runs `search_username` + `search_paste` in parallel. |\n| `--json` | Output results as structured JSON instead of formatted text. |\n| `--provider {anthropic,ollama}` | AI provider for the REPL (default: `anthropic`). |\n| `--ollama-model MODEL` | Ollama model name (default: `llama3.2`). |\n| `--ollama-host URL` | Ollama server URL (default: `http:\u002F\u002Flocalhost:11434`). |\n| `--no-pdf` | Disable automatic PDF generation alongside Markdown reports. |\n\n---\n\n## DOCKER\n\n```bash\n# Build and run\ndocker compose up --build\n\n# One-off command\ndocker compose run --rm openosint email target@example.com --json\n```\n\nSet `ANTHROPIC_API_KEY` (and optionally `HIBP_API_KEY`, `IPINFO_TOKEN`) in a `.env` file or export them in your shell before running `docker compose`.\n\nReports are persisted to `.\u002Freports\u002F` via a volume mount.\n\n---\n\n## MCP SERVER CONFIGURATION\n\n### Claude Code\n\n```bash\nclaude mcp add openosint python \u002Fabsolute\u002Fpath\u002Fto\u002FOpenOSINT\u002Fopenosint\u002Fmcp_server.py\nclaude mcp list\n```\n\n### Claude Desktop\n\nAdd to `~\u002FLibrary\u002FApplication Support\u002FClaude\u002Fclaude_desktop_config.json`:\n\n```json\n{\n \"mcpServers\": {\n \"openosint\": {\n \"command\": \"python\",\n \"args\": [\"\u002Fabsolute\u002Fpath\u002Fto\u002FOpenOSINT\u002Fopenosint\u002Fmcp_server.py\"]\n }\n }\n}\n```\n\n---\n\n## EXAMPLES\n\n**Interactive REPL:**\n```bash\n$ openosint\nopenosint ❯ investigate target@example.com\nopenosint ❯ find all accounts for johndoe99\nopenosint ❯ what subdomains does example.com have?\nopenosint ❯ check if +14155552671 is a mobile number\n```\n\n**Direct CLI:**\n```bash\n$ openosint email target@example.com -t 60\n$ openosint username johndoe99\n$ openosint -v email target@example.com\n```\n\n**Agentic via Claude Code:**\n```\n$ claude\n> Investigate target@example.com. Trace any username found\n across other platforms and compile a full report.\n```\n\n---\n\n## FILES\n\n| Path | Description |\n|------|-------------|\n| `openosint\u002Fagent.py` | AI agent loop (Anthropic + Ollama). |\n| `openosint\u002Frepl.py` | Interactive REPL session. |\n| `openosint\u002Fmcp_server.py` | MCP server entry point (stdio). |\n| `openosint\u002Fcli.py` | CLI entry point. |\n| `openosint\u002Fpdf_report.py` | PDF report generator (reportlab). |\n| `openosint\u002Fmulti_target.py` | Multi-target parallel investigation. |\n| `openosint\u002Ftools\u002Fsearch_email.py` | Email enumeration. |\n| `openosint\u002Ftools\u002Fsearch_username.py` | Username enumeration. |\n| `openosint\u002Ftools\u002Fsearch_breach.py` | Data breach check. |\n| `openosint\u002Ftools\u002Fsearch_whois.py` | WHOIS lookup. |\n| `openosint\u002Ftools\u002Fsearch_ip.py` | IP intelligence. |\n| `openosint\u002Ftools\u002Fsearch_domain.py` | Subdomain enumeration. |\n| `openosint\u002Ftools\u002Fgenerate_dorks.py` | Google dork generator. |\n| `openosint\u002Ftools\u002Fsearch_paste.py` | Pastebin search. |\n| `openosint\u002Ftools\u002Fsearch_phone.py` | Phone intelligence. |\n| `openosint\u002Ftools\u002Fsearch_shodan.py` | Shodan host\u002Fsearch lookup. |\n| `openosint\u002Ftools\u002Fsearch_virustotal.py` | VirusTotal IP\u002Fdomain\u002FURL\u002Fhash lookup. |\n| `openosint\u002Ftools\u002Fsearch_censys.py` | Censys IP host view and domain certificate search. |\n| `openosint\u002Ftools\u002Fsearch_ip2location.py` | IP2Location enhanced IP intelligence (geolocation, ISP, VPN\u002FProxy\u002FTor\u002FDatacenter). |\n| `openosint\u002Ftools\u002Fexceptions.py` | Shared exception hierarchy. |\n| `pyproject.toml` | Build configuration (PEP 621). |\n| `DISCLAIMER.md` | Legal notice and ethical use policy. |\n\n---\n\n## INTEGRATIONS\n\n| Provider | Data | Status |\n|---|---|---|\n| Shodan | Network assets, open ports, CVEs | v2.4.0 |\n| VirusTotal | Malware detection, 70+ engines | v2.7.0 |\n| Censys | Open ports, services, certificate history | v2.9.0 |\n| IP2Location | Geolocation, VPN, Tor, Proxy detection | ✅ v2.10.0 — Sponsored |\n\n> IP2Location integration is sponsored by [IP2Location](https:\u002F\u002Fwww.ip2location.com)\n> — providing enhanced IP intelligence including VPN, Tor, and datacenter detection.\n\n---\n\n## EXIT STATUS\n\n| Code | Meaning |\n|------|---------|\n| 0 | Successful execution. |\n| 1 | General error. |\n| 130 | Terminated by SIGINT (Ctrl-C). |\n\n---\n\n## AUTHORS\n\nDeveloped by Tommaso Bertocchi.\n\n---\n\n## Sponsors\n\nOpenOSINT is proudly sponsored by:\n\n**[IP2Location](https:\u002F\u002Fwww.ip2location.com)** — IP geolocation, VPN detection, Tor exit nodes, proxy and datacenter identification. Used by 20% of Fortune 500 companies.\n\n> Want to sponsor OpenOSINT? Open an issue or reach out directly.\n\n---\n\n## LICENSE\n\nMIT License. See [LICENSE](LICENSE).\n\n---\n\n*OpenOSINT 2.11.0 — May 19, 2026*\n","OpenOSINT 是一个基于AI的开源情报(OSINT)代理工具,支持交互式REPL、MCP服务器和CLI。它集成了9种工具,能够与Claude、GPT-4或本地模型协同工作,专为授权的安全研究设计。其核心功能包括通过自然语言处理来智能选择和链接不同的调查工具,并生成结构化报告;同时提供了直接命令行接口用于快速查询以及MCP协议支持以供其他AI客户端调用。该框架采用Python编写,利用了`asyncio`库确保高效并发执行任务。适用于需要进行网络安全研究、信息收集和漏洞侦察的专业场景。",2,"2026-06-11 03:54:44","CREATED_QUERY"]