A curated list of MCP servers for OSINT (Open Source Intelligence).
An MCP server connects tools and services to LLM systems like Claude, Cursor, Windsurf, etc.
MCP servers simplify execution of OSINT tools by combining them with the ease of LLM querying
and the ability to create flexible reports.
Legend: π¦ Open Source Β Β·Β π Free / Has Free Tier Β Β·Β π° Paid / Requires Paid API
- π° Expose Team β AI-powered OSINT at lightspeed. Credit-based plans from $8/month.
- π¦π Maigret β Collect user account information from various public sources by username.
- π¦π° Xquik β X (Twitter) data extraction and automation with 40+ REST API endpoints, real-time account monitoring, and trending topics. MCP server with API key auth.
- π¦ππ° Shodan β Query the Shodan API and CVEDB for IP reconnaissance, DNS operations, vulnerability tracking, and device discovery. Free tier available with limited queries, requires Shodan API key.
- π¦ππ° ZoomEye β Obtain network asset information by querying ZoomEye using dorks and other search parameters. 7-day free trial available, requires ZoomEye API key.
- π¦π DNSTwist β DNS fuzzing tool that helps detect typosquatting, phishing, and corporate espionage.
- π¦π OSINT Toolkit β Unified interface for network reconnaissance with parallel execution of WHOIS, Nmap, DNS lookups, and typosquatting detection.
- π¦ππ° ContrastAPI β Security intelligence server with 49 tools: domain recon (DNS, WHOIS, SSL, subdomains, WAF, Wayback) plus orchestrated
audit_domain, IP reputation plus orchestratedthreat_report(Shodan + AbuseIPDB + ASN), CVE/EPSS/KEV lookup pluscalculate_risk_score(CVSS+EPSS+KEV+PoC fusion) andbulk_cve_lookup(50/call),cve_leading(MITRE/GHSA pre-NVD), IOC enrichment plusbulk_ioc_lookup(50/call), threat intel, MITRE ATLAS (167 AI/ML attack techniques + bulk drill) and D3FEND defenses (149 techniques + coverage report), web intelligence (robots.txt, redirect chain, email validation, brand assets, SEO audit),check_dependencies(requirements.txt / package.json audit), and code security scanning. Anonymous tier + Pro tier with API key.
- ππ° AnySite β Structured data access to 115+ endpoints across 40+ platforms (LinkedIn, Instagram, X, Reddit, YouTube, GitHub, Amazon, etc.) via five meta-tools. 7-day free trial with 1,000 credits.
- π¦ππ° Bright Data β Real-time web search, scraping, and structured data extraction from 60+ sources (Amazon, LinkedIn, TikTok, Google Maps, etc.) with CAPTCHA and anti-bot bypass. Free tier: 5,000 requests/month.
- π¦ππ° CompanyScope β Company intelligence aggregating data from 8 public sources (Wikipedia, SEC EDGAR, OpenCorporates, RDAP, GitHub, and more) for corporate reconnaissance. Free tier 25 calls/day, pay-per-use tier on Apify.
- π¦π StockScope β SEC EDGAR financial intelligence for stock research. Revenue, net income, margins, filings, and company comparisons for any US public company. Free, no API key needed.
- π¦π° US Business Data β Search Secretary of State business registrations across 17 US states, building permits in 400+ cities, and Yellow Pages business leads. Returns entity details, filing status, and registered agents.
- ππ° OpenRegistry β Real-time access to 27 national corporate registries worldwide (UK Companies House, France Sirene, Germany Handelsregister, South Korea OPENDART, Australia ABR, Canada Corporations, etc.) via a unified JSON schema. Returns company profiles, officers, shareholders, beneficial ownership, filings, and raw documents. Free tier: 20 rpm without signup, 30 rpm with email. Paid up to $29/mo. OAuth 2.1, no API keys.
- π¦π° Checko MCP β Unofficial wrapper for the Russian Checko.ru API: verify counterparties (companies, sole proprietors, individuals) via EGRUL/EGRIP, arbitration cases, government contracts (44-FZ/223-FZ), Rosstat financials, inspections, Fedresurs and EFRSB bankruptcy records. 12 tools and 6 ready-made workflow prompts. Requires paid
CHECKO_API_KEY.
- π¦π VirusTotal β Analyze URLs, files (by hash), IPs, and domains with detailed relationship mapping. Free API tier available, requires
VIRUSTOTAL_API_KEY. - π¦π Voidly β Global internet censorship intelligence: 116 tools across 119+ countries. Query OONI / IODA / CensoredPlanet evidence, look up 5,356 citable incidents, check if a domain or service is blocked in a country, fetch ISP-level risk scores, run ML-driven shutdown forecasts, and verify censorship claims. Free, no API key needed for read endpoints.
npx @voidly/mcp-server. - π¦π OpenOSINT β AI-powered OSINT agent with interactive REPL, MCP server, and CLI.
- π Not Human Search β Agent-first discovery engine for MCP servers. Search, score, and live-probe (
verify_mcp) 8,600+ servers via JSON-RPC or REST API. Useful for pivoting between OSINT MCP tools. MCP: https://nothumansearch.ai/mcp
Contributions are welcome! Please open a pull request to add a new OSINT MCP server to the list.