by OpenOSINT
AI-powered OSINT agent with interactive REPL, MCP server, and CLI. 16 tools. Works with Claude, GPT-4, or local models. For authorized security research only.
# Add to your Claude Code skills
git clone https://github.com/OpenOSINT/OpenOSINTLast scanned: 5/30/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-30T15:31:15.837Z",
"npmAuditRan": true,
"pipAuditRan": true
}OpenOSINT is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by OpenOSINT. AI-powered OSINT agent with interactive REPL, MCP server, and CLI. 16 tools. Works with Claude, GPT-4, or local models. For authorized security research only. It has 892 GitHub stars.
Yes. OpenOSINT passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/OpenOSINT/OpenOSINT" and add it to your Claude Code skills directory (see the Installation section above).
OpenOSINT is primarily written in Python. It is open-source under OpenOSINT on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh OpenOSINT against similar tools.
No comments yet. Be the first to share your thoughts!
Based on votes and bookmarks from developers who liked this skill
mcp-name: io.github.OpenOSINT/openosint
Run a real OSINT investigation in your browser — bring your own Anthropic / OpenRouter / Ollama key, no signup.
pip install openosint
# Interactive AI REPL (default)
openosint
# Web interface
openosint web
# Direct tool (no AI)
openosint email target@example.com
Start the REPL and investigate any target — the agent decides which tools to run and chains them on findings:
openosint > investigate target@example.com
-> generate_dorks('target@example.com')
-> search_email('target@example.com')
Found: Spotify, WordPress, Gravatar, Office365
-> search_breach('target@example.com')
Found in 2 breaches: LinkedIn (2016), Adobe (2013)
-> search_username('johndoe99') <- pivoted from email findings
Found: GitHub, Reddit, Twitter
Report saved -> reports/2026-05-11_14-32-11_report.md
| Capability | Details |
|---|---|
| AI tool chaining | The agent selects and chains tools based on findings; describe the target in plain language |
| 18 modular tools | Email, username, breach, WHOIS, IP, subdomain, dorks, paste, phone, Shodan, VirusTotal, Censys, IP2Location, AbuseIPDB, GitHub, DNS, live dork search, URL scraping |
| Three AI backends | Anthropic Claude (default), local Ollama, or any OpenAI-compatible endpoint (LiteLLM, vLLM, LM Studio, ...) |
| Native MCP server | All 18 tools exposed to Claude Code, Claude Desktop, and any MCP-compatible client — no extra config |
| Parallel execution | --parallel runs complementary tools concurrently via asyncio.gather() |
| Reports | PDF + Markdown auto-saved after every investigation (reportlab optional) |
| Session history | All REPL sessions saved to ~/.openosint/history/; browse with openosint history |
| Web UI | Browser-based AI chat with streaming output, tool cards, light/dark theme |
Legal Disclaimer: OpenOSINT is intended for legal and authorized use only. Users are solely responsible for ensuring their use complies with all applicable laws and regulations. The authors accept no liability for misuse. See DISCLAIMER.md.
Need OpenOSINT wired into your SOC, fraud, threat-intel, or AI-agent stack? I build bespoke OSINT & MCP integrations for teams — you bring the data sources and compliance requirements, I deliver a working integration.
| Tool | Powered by | What it investigates |
|---|---|---|
search_email |
holehe | Social accounts linked to an email address |
search_username |
sherlock | Username presence across 300+ platforms |
search_breach |
HaveIBeenPwned v3 API | Data breach exposure |
search_whois |
python-whois | Domain registrant and DNS info |
search_ip |
ipinfo.io | Geolocation, ASN, hostname |
search_domain |
sublist3r | Subdomain enumeration |
generate_dorks |
built-in | 12 targeted Google dork URLs (no network calls) |
search_paste |
psbdmp.ws | Pastebin dump mentions |
search_phone |
phoneinfoga | Carrier, country, line type |
search_shodan |
Shodan API | Open ports, banners, CVEs |
search_virustotal |
VirusTotal API v3 | Verdict from 70+ antivirus engines |
search_ip2location |
IP2Location.io API | Enhanced IP intel: VPN/Proxy/Tor/datacenter flags (sponsored) |
search_censys |
Censys Search API | Internet-facing infrastructure, certificates |
search_abuseipdb |
AbuseIPDB v2 API | IP abuse reputation: confidence score, reports, country, ISP |
search_github |
GitHub REST API | Profile, repos, commit-discovered emails, username/keyword search |
search_dns |
dnspython (built-in) | A/AAAA/MX/NS/TXT/CNAME/SOA records; SPF, DMARC, DKIM analysis |
search_dorks_live |
Bright Data SERP API | Live Google search results for dork queries (title, URL, snippet) |
scrape_url |
Bright Data Web Unlocker | Fetch any URL bypassing Cloudflare/CAPTCHA — returns clean Markdown |
Full per-tool documentation, CLI flags, and output formats: openosint.tech.
Enumerates online services linked to an email address using holehe.
openosint email target@example.com
[+] Spotify https://open.spotify.com/user/target
[+] WordPress https://wordpress.com/target
[+] Gravatar https://gravatar.com/target
[+] Office365 email used
Searches for a username across 300+ platforms using sherlock.
openosint username johndoe99
[+] GitHub https://github.com/johndoe99
[+] Twitter https://twitter.com/johndoe99
[+] Reddit https://reddit.com/user/johndoe99
Checks data breach exposure via HaveIBeenPwned v3 API. Requires HIBP_API_KEY.
[+] LinkedIn (2016-05-05) — leaked: Email addresses, Passwords
[+] Adobe (2013-10-04) — leaked: Email addresses, Password hints
Retrieves WHOIS data using python-whois.
[+] Registrar: ICANN
[+] Created: 1995-08-14
[+] Expires: 2024-08-13
[+] Name Servers: A.IANA-SERVERS.NET
Retrieves geolocation and ASN data via ipinfo.io. Free tier: 50k/month.
[+] Hostname: dns.google
[+] Org: AS15169 Google LLC
[+] City: Mountain View, CA, US
Enumerates subdomains using sublist3r.
[+] mail.example.com
[+] dev.example.com
[+] api.example.com
Generates 12 targeted Google dork URLs for any target. No network calls.
[+] "johndoe" site:linkedin.com
https://www.google.com/search?q=%22johndoe%22+site%3Alinkedin.com
[+] "johndoe" leaked OR breach OR dump
https://www.google.com/search?q=%22johndoe%22+leaked+OR+breach+OR+dump
Searches Pastebin dumps via psbdmp.ws.
[+] https://pastebin.com/aB1cD2eF (2023-04-12)
[+] https://pastebin.com/xY3zA4bC (2022-11-08)
Gathers phone intelligence using phoneinfoga. Use E.164 format.
[+] Country: United States
[+] Carrier: AT&T
[+] Line type: Mobile
IPv4 input → host lookup (open ports, org, CVEs). Any other query → banner/keyword search. Requires SHODAN_API_KEY.
openosint shodan 8.8.8.8
openosint shodan "apache port:80 country:DE"