Skip to main content
Glama
CloudWaddie

OSINT MCP Server

by CloudWaddie
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Remote

OSINT MCP Server

A comprehensive Model Context Protocol (MCP) server providing a wide range of OSINT (Open Source Intelligence) tools.

Features

  • IP Intelligence: Geolocation (ip-api.com), Shodan, GreyNoise, AlienVault OTX, MAC Address Lookup

  • Domain Intelligence: WHOIS (RDAP, Shodan, History), DNS (Robtex, HackerTarget, Direct), SSL Certificates (crt.sh), Subdomain Enumeration, Wayback Machine (Archive.org)

  • Social & Identity: GitHub (Profile, Repos, Commit Emails, Repo Commits), Reddit (Profile, Posts), Fandom (Profile, Contributions), Username Search (20+ platforms), Keybase Lookup

  • Web Intelligence: Technology Stack Detection, Social Metadata Scraping, Wayback Machine, Exa Search, VirusTotal, EXIF Metadata Extraction

  • Email OSINT: HaveIBeenPwned, Hunter.io, Email Permutator, Domain Email Search, Social Profile Check (Gravatar)

  • Crypto & Phone: Bitcoin/Ethereum Wallet Lookup, Phone Number Intelligence

  • Image OSINT: Reverse Image Search (SauceNAO), Image Tagging (Imagga), Visual Analysis (Google Vision), EXIF Metadata

Prerequisites

  • Node.js 20+

  • API Keys for various services (optional but recommended for full functionality)

Installation

  1. Clone the repository

  2. Install dependencies:

    npm install

  3. Build the project:

    npm run build

Configuration

You can configure API keys using environment variables or a config.json file in the root directory.

Example config.json

{
  "SHODAN_API_KEY": "your_shodan_key",
  "HIBP_API_KEY": "your_hibp_key",
  "EXA_API_KEY": "your_exa_key",
  "VIRUSTOTAL_API_KEY": "your_vt_key",
  "HUNTER_API_KEY": "your_hunter_key",
  "GREYNOISE_API_KEY": "your_greynoise_key",
  "ALIENVAULT_API_KEY": "your_otx_key",
  "SECURITYTRAILS_API_KEY": "your_st_key",
  "ZOOMEYE_API_KEY": "your_zoomeye_key",
  "SAUCENAO_API_KEY": "your_saucenao_key",
  "IMAGGA_API_KEY": "your_imagga_key",
  "IMAGGA_API_SECRET": "your_imagga_secret",
  "GOOGLE_CLOUD_API_KEY": "your_google_key",
  "GITHUB_TOKEN": "your_github_pat",
  "WHOISXML_API_KEY": "your_whoisxml_key",
  "ABSTRACT_PHONE_API_KEY": "your_abstract_key",
  "PORT": 3000,
  "HOST": "0.0.0.0"
}

Usage

Stdio Transport (Default for many MCP clients)

node dist/index.js --stdio

HTTP Transport

npm start

The server will be available at http://localhost:3000/mcp.

Tools

Tool Name

Description

ip_geolocation

Get geolocation data for an IP address

whois_lookup

Perform RDAP WHOIS lookup for a domain

whois_history

Lookup WHOIS history for a domain

dns_lookup_passive

Get passive DNS records from Robtex

dns_lookup_direct

Real-time DNS lookup (A, MX, TXT, etc.)

reverse_dns

Lookup hostname for an IP address

check_breaches

Check if an email has been compromised (HIBP)

shodan_host

Get host details from Shodan

shodan_whois

Perform WHOIS lookup via Shodan Labs

ssl_certs

Lookup SSL certificates on crt.sh

url_reputation

Check URL reputation on VirusTotal

dns_enumeration

Perform DNS enumeration via HackerTarget

subdomain_enum

Find subdomains using multiple sources

hunter_domain_search

Search for email addresses on a domain

greynoise_ip_context

Get IP context from GreyNoise

otx_indicator_details

Get threat intel from AlienVault OTX

securitytrails_subdomains

Find subdomains via SecurityTrails

zoomeye_host_search

Search hosts on ZoomEye

reverse_image_search_anime

Search anime/art images on SauceNAO

image_tagging

Tag and categorize images with Imagga

google_vision_analyze

Analyze images with Google Vision

github_user_info

Get detailed GitHub user metadata

github_user_repos

List public GitHub repositories for a user

github_commit_emails

Extract email addresses from public events

github_repo_commits

Scan a specific repo for commit emails

username_search

Search for a username across 20+ platforms

fandom_user_info

Get Fandom/Wiki user data

fandom_user_contributions

List recent Fandom wiki contributions

archive_org_snapshot

Check for Wayback Machine snapshots

mac_lookup

Lookup vendor for a MAC address

keybase_lookup

Lookup Keybase identity and linked accounts

reddit_user_details

Get basic Reddit user profile info

reddit_user_posts

List recent Reddit posts for a user

url_metadata

Scrape OpenGraph and meta tags from a URL

url_tech_stack

Detect technologies used on a website

email_permutator

Generate possible email address combinations

domain_email_search

Search for emails associated with a domain

email_social_check

Find social profiles linked to an email

btc_lookup

Check Bitcoin address balance and transactions

eth_lookup

Check Ethereum address balance

phone_lookup

Lookup phone number carrier and location

exif_metadata

Extract EXIF data from an image URL

web_search

Perform web search via Exa

License

MIT

Install Server
A
security – no known vulnerabilities
F
license - not found
A
quality - confirmed to work

How are these scores calculated?

Resources

Tools

View all tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/CloudWaddie/osint-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server