# Awesome OSINT MCP Servers — Security Tools Directory

> Curated OSINT MCP server directory (threat intel, recon, censorship). Discover endpoints and install via npx or remote HTTP transports.

## Install

Merge the JSON below into your `.mcp.json`:

## Quick Use

1. Open the repo and pick one OSINT MCP server entry.
2. Follow the entry’s install hint (many are `npx ...` or remote HTTP endpoints).
3. Add it to Claude Code if applicable:

```bash
# Example pattern (remote HTTP)
claude mcp add --transport http "osint" https://your-server.example.com/sse
```


## Intro

Awesome OSINT MCP Servers is a practical directory for security-minded agent builders: it collects MCP servers and tools you can wire into Claude Code/Cursor to fetch OSINT signals. Use it as a shortlist for building a controlled, auditable security toolbelt.

**Best for:** security teams and builders who want MCP-based OSINT tooling without hand-rolling every integration

**Works with:** Claude Code/Cursor MCP clients, npx-based MCP servers, remote HTTP MCP endpoints

**Setup time:** 5–20 minutes (depends on server)

### Key facts (verified)

- Entries include concrete install commands like `npx ...` for some servers.
- README includes quantitative claims for at least one entry (e.g., tool counts, country counts) as part of the directory.
- GitHub: 228 stars · 38 forks; pushed 2026-05-11 (GitHub API verified).

## Main

Use this list as a selection pipeline:

- Start with read-only / evidence-oriented tools.
- Prefer servers with clear licenses and transparent data sources.
- Pin versions for npx installs when rolling into production.

For each chosen MCP, record: data source, rate limits, auth requirements, and what gets logged.

### README excerpt (verbatim)

<div align="center">

# Awesome OSINT MCP Servers

[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

A curated list of MCP servers for OSINT (Open Source Intelligence).

An [MCP](https://modelcontextprotocol.io/) server connects tools and services to LLM systems like Claude, Cursor, Windsurf, etc.\
MCP servers simplify execution of OSINT tools by combining them with the ease of LLM querying\
and the ability to create flexible reports.

</div>

---

Legend: 📦 Open Source &nbsp;&middot;&nbsp; 🆓 Free / Has Free Tier &nbsp;&middot;&nbsp; 💰 Paid / Requires Paid API

## Contents

- [SOCMINT](#socmint)
- [Network Scanning](#network-scanning)
- [Web Scraping](#web-scraping)
- [Company Intelligence](#company-intelligence)
- [Threat Intelligence](#threat-intelligence)
- [Meta / Discovery](#meta--discovery)

## SOCMINT

- 💰 [Expose Team](https://expose.team?utm_source=github.com&utm_campaign=soxoj_awesome_osint_mcp_servers) — AI-powered OSINT at lightspeed. Credit-based plans from $8/month.
- 📦🆓 [Maigret](https://github.com/BurtTheCoder/mcp-maigret) — Collect user account information from various public sources by username.
- 📦💰 [Xquik](https://github.com/Xquik-dev/x-twitter-scraper) — X (Twitter) data extraction and automation with 40+ REST API endpoints, real-time account monitoring, and trending topics. MCP server with API key auth.

## Network Scanning

- 📦🆓💰 [Shodan](https://github.com/BurtTheCoder/mcp-shodan) — Query the Shodan API and CVEDB for IP reconnaissance, DNS operations, vulnerability tracking, and device discovery. Free tier available with limited queries, requires Shodan API key.
- 📦🆓💰 [ZoomEye](https://github.com/zoomeye-ai/mcp_zoomeye) — Obtain network asset information by querying ZoomEye using dorks and other search parameters. 7-day free trial available, requires ZoomEye API key.
- 📦🆓 [DNSTwist](https://github.com/BurtTheCoder/mcp-dnstwist) — DNS fuzzing tool that helps detect typosquatting, phishing, and corporate espionage.
- 📦🆓 [OSINT Toolkit](https://www.pulsemcp.com/servers/himanshusanecha-osint-toolkit) — Unified interface for network reconnaissance with parallel execution of WHOIS, Nmap, DNS lookups, and typosquatting detection.

### FAQ

**Q: Is this a single MCP server?**
A: No—this repo is a directory of many OSINT MCP servers and tools; you choose entries to install.

**Q: How do I install an entry?**
A: Follow each entry’s hint (often `npx ...` or a remote HTTP URL) and add it to your MCP client.

**Q: What should I audit?**
A: Data sources, permissions, logging, and any credentials required by the selected server.

## Source & Thanks

> Source: https://github.com/soxoj/awesome-osint-mcp-servers
> License: MIT
> GitHub stars: 228 · forks: 38

---

<!-- ZH -->

## 快速使用

1. 打开仓库，从目录里挑一个 OSINT 方向的 MCP server。
2. 按条目给出的安装提示执行（常见是 `npx ...` 或远程 HTTP 端点）。
3. 需要时把它加到 Claude Code：

```bash
# 通用模式（远程 HTTP）
claude mcp add --transport http "osint" https://your-server.example.com/sse
```


## 简介

Awesome OSINT MCP Servers 是安全向 Agent 构建者的实用目录：把可接入 Claude Code/Cursor 的 MCP server 与工具汇总在一起，用于获取 OSINT 信号。适合用来搭建可控、可审计的安全工具带。

**最适合：** 希望用 MCP 组装 OSINT 工具、但不想每个集成都从零写的安全团队/构建者

**适配：** Claude Code/Cursor 等 MCP 客户端、基于 npx 的 MCP server、远程 HTTP MCP 端点

**配置时间：** 5–20 分钟（取决于所选 server）

### 关键事实（已验证）

- 部分条目给出可直接执行的安装命令（如 `npx ...`）。
- README 目录中包含带数字的条目说明（例如工具数量、覆盖国家数等）。
- GitHub：228 stars · 38 forks；最近更新 2026-05-11（GitHub API 验证）。

## 正文

把它当作“选型流水线”使用：

- 先从只读、证据型工具开始。
- 优先选择许可证清晰、数据源透明的 server。
- npx 安装用于生产时建议固定版本并审计更新。

每个选中的 MCP 都要记录：数据来源、限流、鉴权方式、日志留存范围。

### README 原文节选（verbatim）

<div align="center">

# Awesome OSINT MCP Servers

[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

A curated list of MCP servers for OSINT (Open Source Intelligence).

An [MCP](https://modelcontextprotocol.io/) server connects tools and services to LLM systems like Claude, Cursor, Windsurf, etc.\
MCP servers simplify execution of OSINT tools by combining them with the ease of LLM querying\
and the ability to create flexible reports.

</div>

---

Legend: 📦 Open Source &nbsp;&middot;&nbsp; 🆓 Free / Has Free Tier &nbsp;&middot;&nbsp; 💰 Paid / Requires Paid API

## Contents

- [SOCMINT](#socmint)
- [Network Scanning](#network-scanning)
- [Web Scraping](#web-scraping)
- [Company Intelligence](#company-intelligence)
- [Threat Intelligence](#threat-intelligence)
- [Meta / Discovery](#meta--discovery)

## SOCMINT

- 💰 [Expose Team](https://expose.team?utm_source=github.com&utm_campaign=soxoj_awesome_osint_mcp_servers) — AI-powered OSINT at lightspeed. Credit-based plans from $8/month.
- 📦🆓 [Maigret](https://github.com/BurtTheCoder/mcp-maigret) — Collect user account information from various public sources by username.
- 📦💰 [Xquik](https://github.com/Xquik-dev/x-twitter-scraper) — X (Twitter) data extraction and automation with 40+ REST API endpoints, real-time account monitoring, and trending topics. MCP server with API key auth.

## Network Scanning

- 📦🆓💰 [Shodan](https://github.com/BurtTheCoder/mcp-shodan) — Query the Shodan API and CVEDB for IP reconnaissance, DNS operations, vulnerability tracking, and device discovery. Free tier available with limited queries, requires Shodan API key.
- 📦🆓💰 [ZoomEye](https://github.com/zoomeye-ai/mcp_zoomeye) — Obtain network asset information by querying ZoomEye using dorks and other search parameters. 7-day free trial available, requires ZoomEye API key.
- 📦🆓 [DNSTwist](https://github.com/BurtTheCoder/mcp-dnstwist) — DNS fuzzing tool that helps detect typosquatting, phishing, and corporate espionage.
- 📦🆓 [OSINT Toolkit](https://www.pulsemcp.com/servers/himanshusanecha-osint-toolkit) — Unified interface for network reconnaissance with parallel execution of WHOIS, Nmap, DNS lookups, and typosquatting detection.

### FAQ

**这是一个单独的 MCP server 吗？**
答：不是。它是一个目录，包含多个 OSINT MCP server 与工具，需要你按条目选择安装。

**条目怎么安装？**
答：按条目提示执行（常见 `npx ...` 或远程 HTTP URL），并加入你的 MCP 客户端配置。

**需要审计什么？**
答：数据来源、权限范围、日志留存，以及条目所需的任何凭据。

## 来源与感谢

> Source: https://github.com/soxoj/awesome-osint-mcp-servers
> License: MIT
> GitHub stars: 228 · forks: 38


---
Source: https://tokrepo.com/en/workflows/awesome-osint-mcp-servers-security-tools-directory
Author: MCP Hub