OPENOSINT AS MCP SERVER
Integrate OSINT into Claude Desktop and Claude Code
Published: 2026-05-15
INTRODUCTION
Model Context Protocol (MCP) lets AI assistants call external tools in real time. OpenOSINT ships a full MCP server that exposes all 14 OSINT tools over stdio, letting Claude Desktop or Claude Code run live intelligence lookups on your behalf — no terminal switching required.
When an investigation is underway, the AI decides which tools to chain based on your question, executes them in Python, and feeds the real output back. Tool results cannot be hallucinated because the code runs locally.
WHAT YOU GET
- All 14 tools available in Claude's tool palette — see the full tools reference
- Investigations happen inline in your chat, no separate terminal
- The AI decides which tools to chain based on your question
- Results are real: tools execute in Python, not simulated by the model
- Session context is preserved across tool calls within one conversation
INSTALLATION
Requires Python 3.10+.
git clone https://github.com/OpenOSINT/OpenOSINT.git cd OpenOSINT pip install -e .
Set your API key:
export ANTHROPIC_API_KEY=sk-ant-...
Optional keys for additional tools:
export IP2LOCATION_API_KEY=... # IP2Location geolocation + VPN detection export ABUSEIPDB_API_KEY=... # IP abuse reputation scoring export HIBP_API_KEY=... # HaveIBeenPwned breach lookup
CONFIGURE CLAUDE DESKTOP
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent Windows path:
{
"mcpServers": {
"openosint": {
"command": "python",
"args": ["/absolute/path/to/OpenOSINT/openosint/mcp_server.py"]
}
}
}
Restart Claude Desktop. OpenOSINT's tools will appear in the tool palette as search_email, search_ip, search_abuseipdb, etc.
CONFIGURE CLAUDE CODE
From any terminal with Claude Code installed:
claude mcp add openosint python /absolute/path/to/OpenOSINT/openosint/mcp_server.py claude mcp list
Now inside a Claude Code session you can ask it to investigate targets and it will call the appropriate OSINT tools automatically.
EXAMPLE INVESTIGATION
In Claude Desktop or Claude Code, type a natural-language request:
> Investigate the email suspicious@example.com. Check for linked accounts and breach exposure.
Claude will call tools in sequence:
→ generate_dorks('suspicious@example.com')
→ search_email('suspicious@example.com')
✓ Found: GitHub, WordPress, Gravatar
→ search_breach('suspicious@example.com')
✓ Found in 1 breach: LinkedIn (2016)
Summary: The email is registered on GitHub, WordPress, and Gravatar.
It appeared in the LinkedIn 2016 breach (leaked: email, password hash).
CLI VS MCP
| CLI | MCP + Claude |
|---|---|
| Run one tool at a time | AI chains tools automatically |
| Output is raw text | Results are interpreted and summarised |
| You decide the workflow | AI selects tools based on findings |
| No memory between commands | Session context preserved |
For scripting and quick one-off lookups, the CLI remains fastest. For open-ended investigations where you are not sure which tools to use, MCP lets the AI drive.
SEE ALSO
- Full tools reference — all 14 tools, parameters, and example output
- Email OSINT guide — deep dive into email enumeration and breach detection
- OpenOSINT documentation — complete manual including REPL and CLI usage