awesome-osint s

This MCP server collection exposes a set of OSINT tools connected through the Model Context Protocol. Each server acts as a bridge to a specific OSINT capability, allowing an LLM to orchestrate complex queries by invoking the appropriate tool and returning structured results. Available tools cover Maigret for user-environment reconnaissance, Shodan for network and device intelligence, ZoomEye for asset discovery, DNSTwist for typosquatting and domain fuzzing, a general OSINT Toolkit for common reconnaissance tasks, and VirusTotal for URL/file analysis with вирус total data feeds. To use a tool, issue a task through the MCP interface and specify the target and desired output format; the MCP server will run the underlying tool, parse its output, and return results suitable for inclusion in an LLM response.

Prerequisites:

• Node.js and npm installed on your system (for npx-based execution).

Installation steps:

1. Ensure Node.js is installed:
   • macOS/Linux: curl -fsSL https://fnm.vercel.app/install.sh | bash
   • Or use your preferred Node version manager and ensure npm is available.
2. Install or run each MCP server via npx:
   • Maigret: npx -y mcp-maigret
   • Shodan: npx -y mcp-shodan
   • ZoomEye: npx -y mcp-zoomeye
   • DNSTwist: npx -y mcp-dnstwist
   • OSINT Toolkit: npx -y mcp-osint-toolkit
   • VirusTotal: npx -y mcp-virustotal

Note: For VirusTotal, obtain a VirusTotal API key and set the VIRUSTOTAL_API_KEY environment variable before starting the server. Example: VIRUSTOTAL_API_KEY=your_key_here npx -y mcp-virustotal

3. Run each server as needed from your environment. You can integrate these commands into your orchestration layer or call them on demand from your LLM setup.

Environment variables and keys:

• VirusTotal requires VIRUSTOTAL_API_KEY. Keep this key secret and do not commit it to version control.

Common issues:

• Ensure you have network access and that the npm package names are publicly accessible. If a package name changes, update the corresponding entry in the mcp_config.
• If using behind a corporate proxy, configure npm/proxy settings accordingly and ensure outbound access to the package registry.
• When using multiple MCP servers in a workflow, design your prompts to target the appropriate server name (e.g., Maigret, Shodan) to avoid ambiguity.

Recommended usage tips:

• Use explicit targets (user handles, domains, IPs, URLs) to improve result relevance.
• Validate and post-process results within your LLM or downstream tooling to handle rate limits and data normalization.