osint-mcp-server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| ST_API_KEY | No | API key for SecurityTrails to enable 3 SecurityTrails tools. | |
| VT_API_KEY | No | API key for VirusTotal to enable 4 VirusTotal tools. | |
| CENSYS_API_ID | No | API ID for Censys to enable 3 Censys tools. | |
| SHODAN_API_KEY | No | API key for Shodan to enable 4 Shodan tools. | |
| CENSYS_API_SECRET | No | API secret for Censys. Required if CENSYS_API_ID is provided. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| dns_lookupB | Resolve DNS records for a domain. Supports A, AAAA, MX, TXT, NS, SOA, CNAME, SRV record types. |
| dns_reverseB | Perform reverse DNS (PTR) lookup for an IP address. Returns associated hostnames. |
| dns_email_securityC | Analyze email security posture: SPF, DMARC, DKIM records with risk assessment and recommendations. Checks common DKIM selectors (google, selector1, selector2, k1, etc.). |
| dns_spf_chainA | Recursively resolve SPF include chain. Shows all included domains, IP ranges, detected services (Google Workspace, Microsoft 365, SendGrid, etc.), and RFC 7208 lookup limit compliance. |
| dns_srv_discoverA | Discover SRV records and common service CNAMEs for a domain. Probes for SIP, XMPP, Autodiscover, LDAP, Kerberos, CalDAV, CardDAV, and checks CNAMEs for autodiscover, lyncdiscover, OWA, ADFS, etc. |
| dns_wildcard_checkB | Check if a domain has wildcard DNS configured by resolving a random subdomain. |
| whois_domainA | RDAP/WHOIS lookup for a domain. Returns registrar, registration/expiration dates, nameservers, and contact entities. |
| whois_ipA | RDAP/WHOIS lookup for an IP address. Returns network name, CIDR range, country, and responsible entities. |
| crtsh_searchB | Search Certificate Transparency logs via crt.sh. Returns unique subdomains and certificate details (issuer, validity, SANs). |
| shodan_hostA | Get Shodan host details for an IP: open ports, services, banners, vulns, OS, ASN, geolocation. Requires SHODAN_API_KEY. |
| shodan_searchA | Search Shodan for hosts matching a query (e.g. 'apache port:443 country:US'). Requires SHODAN_API_KEY. |
| shodan_dns_resolveC | Resolve hostnames to IPs using Shodan's DNS resolver. Requires SHODAN_API_KEY. |
| shodan_exploitsB | Search Shodan's exploit database for public exploits matching a query. Requires SHODAN_API_KEY. |
| vt_domainB | VirusTotal domain analysis: reputation score, detection stats, categories, registrar, DNS records. Requires VT_API_KEY. |
| vt_ipA | VirusTotal IP analysis: reputation, detection stats, country, ASN, network. Requires VT_API_KEY. |
| vt_subdomainsB | Enumerate subdomains for a domain via VirusTotal. Requires VT_API_KEY. |
| vt_urlB | Submit a URL to VirusTotal for scanning and get analysis results (malicious/suspicious/harmless). Requires VT_API_KEY. |
| st_subdomainsB | Enumerate subdomains for a domain via SecurityTrails. Returns FQDNs. Requires ST_API_KEY. |
| st_dns_historyC | Get historical DNS records for a domain via SecurityTrails. Shows first/last seen dates, values, and organizations. Requires ST_API_KEY. |
| st_whoisB | Enhanced WHOIS lookup via SecurityTrails with registrant/admin/technical contacts. Requires ST_API_KEY. |
| censys_hostsA | Search Censys for hosts matching a query. Returns IPs, services, ports, location, ASN. Requires CENSYS_API_ID + CENSYS_API_SECRET. |
| censys_host_detailsA | Get detailed Censys host information for a single IP: all services, certificates, OS, location, ASN. Requires CENSYS_API_ID + CENSYS_API_SECRET. |
| censys_certificatesB | Search Censys certificate database. Returns certificate fingerprints, subjects, issuers, validity, and SANs. Requires CENSYS_API_ID + CENSYS_API_SECRET. |
| geoip_lookupA | Geolocate an IP address: country, city, ISP, ASN, proxy/hosting/mobile detection. Uses ip-api.com (free, no API key). |
| geoip_batchA | Batch geolocate up to 100 IP addresses at once. Uses ip-api.com (free, no API key). |
| bgp_asnA | Look up ASN details and announced IPv4/IPv6 prefixes via BGPView. Returns ASN name, description, contacts, and all announced prefixes. |
| bgp_ipA | Look up BGP routing information for an IP address. Returns matching prefixes, ASNs, and RIR allocation. |
| bgp_prefixB | Look up details for a specific IP prefix/CIDR. Returns announcing ASNs, name, country, and RIR. |
| wayback_urlsA | Search Wayback Machine for archived URLs of a domain. Returns unique URLs with timestamps, status codes, and MIME types. Useful for finding old endpoints, hidden paths, and removed content. |
| wayback_snapshotsB | Get Wayback Machine snapshot history for a specific URL. Returns timestamps, status codes, and direct archive links. Shows first/last seen dates. |
| hackertarget_hostsearchA | Find subdomains and their IPs for a domain via HackerTarget. Free tier: 50 queries/day. |
| hackertarget_reverseipA | Reverse IP lookup via HackerTarget — find all domains hosted on an IP. Free tier: 50 queries/day. |
| hackertarget_aslookupA | Look up ASN information for an IP or ASN via HackerTarget. Free tier: 50 queries/day. |
| m365_tenantB | Discover Microsoft 365 tenant information for a domain. Returns tenant ID, region, and OpenID configuration endpoints. |
| m365_userrealmB | Detect authentication type for a domain's Microsoft 365 tenant. Returns namespace type (Managed/Federated), federation brand name, and auth endpoints. |
| osint_list_sourcesA | List all OSINT data sources, their availability, API key requirements, and tool counts. Use this to check which sources are configured. |
| osint_domain_reconA | Quick domain reconnaissance combining free sources: DNS (A/MX/NS/TXT), WHOIS, crt.sh subdomains, HackerTarget hosts, and email security analysis. No API keys required. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/badchars/osint-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server