CSINT Research Workstation

OSINT Agents

Open-source OSINT agents, MCP servers, and investigation workflows.

This section collects open-source projects around OSINT agents, MCP servers, LLM-based investigation workflows, and research automation. The goal is not to list every tool, but to keep a focused set of repositories that are useful for studying how agentic OSINT systems can be designed.

MCPLLM researchCTIknowledge graphshuman review
Ethical use note
_X
Use these tools only within lawful authority, platform terms, and human verification. Person-focused OSINT creates extra privacy risk under frameworks such as GDPR and KVKK; do not use automation for harassment, stalking, or unsupported identity claims.
Filtering rule
_X
Repositories are included only when they are clearly relevant to OSINT, investigation, research automation, CTI, entity analysis, graph memory, or MCP-based source access.

Reference architecture

How an OSINT agent connects collection, memory, review, and reporting.

A practical copilot should keep the reasoning loop separate from deterministic tools, store evidence as case state, and route sensitive conclusions through human review before reporting.

OSINT Agent Workflow
_X
Investigation FlowAgent Runtime01Target02Data collection03Entity resolution04Relationship analysis05Evidence verification06Hypothesis generation07ReportingPLANNER.EXEPlannerLLMEXECUTOR.EXETool ExecutorMCP_SERVERS.DLLMCP ServersEVIDENCE_STORE.SYSEvidence Store+ Case StateCASE_GRAPH.DBGraph / Case MemoryHUMAN_GATE.SYSHuman Reviewreview gateREPORT_GEN.PRNReport Builderdeterministicresultsgraphevidenceapprovedreasoning loopInvestigation flowLLM reasoningDeterministic callMemory loopHuman gate

Investigation workflow

Where these repositories fit.

Open the general resource archive
Stage 01Active

Target

Start with a lawful scope, research question, and limits before any automation runs.

Stage 02Active

Data collection

Use MCP servers, search tools, CTI feeds, archives, and browser agents for repeatable collection.

Stage 03Active

Entity resolution

Normalize names, accounts, domains, observables, aliases, and documents before linking them.

Stage 04Active

Relationship analysis

Move findings into graph or case-memory systems so links can be reviewed instead of guessed.

Stage 05Active

Evidence verification

Separate facts, signals, inferences, and uncertainty. Do not let the model decide alone.

Stage 06Active

Hypothesis generation

Use agents to propose lines of inquiry, then require sources and contradiction checks.

Stage 07Active

Reporting

Turn the trace into a clear report with citations, confidence, limits, and next steps.

28 repositories shown

Metadata is a manual snapshot from GitHub on 2026-06-07. Re-check stars, license, and activity before procurement or production use.

full view

OSINT Agents

1 repos
Record: openosint535
activeusableMCP

OpenOSINT

OpenOSINT/OpenOSINT

AI-powered OSINT agent with CLI, REPL, MCP server, web UI, and modular OSINT tools.

Useful for

Useful for studying an end-to-end OSINT agent that lets an LLM request real tool output instead of inventing results.

OSINT relevance

Maps directly to username, email, breach, WHOIS, DNS, Shodan, VirusTotal, GitHub, and reporting workflows.

#OSINT#LLM#MCP#Claude#Ollama#tool-use#reporting
License
MIT
Last activity
2026-06-07
Checked
2026-06-07
Open GitHub

MCP Servers for OSINT

5 repos
Record: awesome-osint-mcp-servers251
activeusableMCP

Awesome OSINT MCP Servers

soxoj/awesome-osint-mcp-servers

Curated directory of MCP servers that expose OSINT tools and services to LLM clients.

Useful for

Useful as a discovery map before choosing which MCP servers to connect to an investigation copilot.

OSINT relevance

Helps compare username, search, social, domain, and threat-intelligence MCP options in one place.

#OSINT#MCP#directory#Claude#tool-discovery
License
MIT
Last activity
2026-06-06
Checked
2026-06-07
Open GitHub
Record: mcp-maigret242
activeusableMCP

Maigret MCP Server

w0h1v/mcp-maigret

MCP wrapper for Maigret username checks across public profile sources.

Useful for

Useful for controlled username research where public-source matches need to be reviewed by a human.

OSINT relevance

Fits the entity discovery phase, but results require careful false-positive handling.

#OSINT#MCP#username#public-profiles#entity-discovery
License
MIT
Last activity
2026-01-27
Checked
2026-06-07
Open GitHub
Record: osint-tools-mcp-server207
maintenanceexperimentalMCP

OSINT Tools MCP Server

frishtik/osint-tools-mcp-server

Python MCP server exposing multiple OSINT tools to assistants such as Claude.

Useful for

Useful as an example of packaging several existing OSINT utilities behind one MCP interface.

OSINT relevance

Shows the design tradeoff between convenience and the need for strict scope, rate, and safety controls.

#OSINT#MCP#tool-wrapper#username#research-automation
License
MIT
Last activity
2025-08-07
Checked
2026-06-07
Open GitHub
Record: mcp-shodan134
activeusableMCP

Shodan MCP Server

w0h1v/mcp-shodan

MCP server for Shodan lookups, DNS operations, CVE context, and internet-exposure review.

Useful for

Useful for passive infrastructure visibility checks inside an agent workflow.

OSINT relevance

Supports domain, IP, exposed-service, and vulnerability context without adding active scanning.

#MCP#Shodan#internet-exposure#DNS#CVE#passive-recon
License
MIT
Last activity
2026-03-31
Checked
2026-06-07
Open GitHub
Record: rivalsearchmcp99
activeexperimentalMCP

RivalSearchMCP

damionrashford/RivalSearchMCP

FastMCP research server for web search, social search, academic databases, news, entities, and documents.

Useful for

Useful for studying deterministic tool output for agent chaining without an LLM embedded inside the server.

OSINT relevance

Maps to collection, entity profiling, conflict detection, and document review stages.

#MCP#FastMCP#search#news#entity-profiles#document-analysis
License
MIT
Last activity
2026-06-06
Checked
2026-06-07
Open GitHub

Investigation / Research Agents

6 repos
Record: gpt-researcher27,547
activemature

GPT Researcher

assafelovic/gpt-researcher

Autonomous deep-research agent for web and local research across multiple LLM providers.

Useful for

Useful for studying source gathering, synthesis, and report generation loops.

OSINT relevance

Maps to collection, source comparison, evidence summarization, and report draft generation.

#deep-research#LLM#web-research#reporting#local-docs
License
Apache-2.0
Last activity
2026-05-28
Checked
2026-06-07
Open GitHub
Record: deep-research-dzhng19,066
activeusable

Deep Research

dzhng/deep-research

Small TypeScript deep-research agent that iterates search, scraping, reasoning, and markdown reporting.

Useful for

Useful as a simple reference implementation before building a heavier investigation copilot.

OSINT relevance

Shows breadth/depth controls, query generation, source processing, and final report generation.

#deep-research#TypeScript#search#scraping#markdown-report
License
MIT
Last activity
2026-04-11
Checked
2026-06-07
Open GitHub
Record: open-deep-research-langchain11,617
activeusableMCP

Open Deep Research

langchain-ai/open_deep_research

Configurable open-source deep research agent across model providers, search tools, and MCP servers.

Useful for

Useful for studying a modern research agent that can swap search and model providers.

OSINT relevance

Good architectural reference for iterative collection, source selection, and report assembly.

#deep-research#LangGraph#MCP#search#multi-provider
License
MIT
Last activity
2026-06-03
Checked
2026-06-07
Open GitHub
Record: skywork-deep-research-agent3,441
activeusable

DeepResearchAgent

SkyworkAI/DeepResearchAgent

Hierarchical multi-agent deep-research system with planning and specialized lower-level agents.

Useful for

Useful for studying multi-agent decomposition and resource lifecycle management.

OSINT relevance

Maps to investigation planning, tool selection, evidence gathering, and iterative refinement.

#deep-research#multi-agent#planning#tool-calling#memory
License
MIT
Last activity
2026-05-04
Checked
2026-06-07
Open GitHub
Record: newsflow-oss119
activeexperimental

NewsFlow OSS

Yaogui415/newsflow-oss

AI-assisted newsroom workflow for event tracking, evidence organization, approval chains, and corrections.

Useful for

Useful for human-in-the-loop investigation workflow design.

OSINT relevance

Focuses on evidence structuring, review gates, approval traceability, and correction handling.

#newsroom#human-in-the-loop#evidence#approval#monitoring
License
MIT
Last activity
2026-05-06
Checked
2026-06-07
Open GitHub
Record: claimeai101
maintenanceexperimental

ClaimeAI

BharathxD/ClaimeAI

LangGraph fact-checking system that extracts claims, searches evidence, and generates verification reports.

Useful for

Useful for claim-level verification rather than asking an LLM for a single verdict.

OSINT relevance

Maps well to evidence verification, misinformation review, and report-ready claim breakdowns.

#fact-checking#LangGraph#claims#Tavily#evidence-report
License
MIT
Last activity
2025-10-02
Checked
2026-06-07
Open GitHub

Threat Intelligence & Monitoring

6 repos
Record: misp6,345
activemature

MISP

MISP/MISP

Open-source threat-intelligence and sharing platform for events, attributes, and communities.

Useful for

Useful as a structured evidence and indicator-sharing backend for defensive investigations.

OSINT relevance

Gives an OSINT agent a mature event/IOC data model instead of a flat note store.

#CTI#IOC#events#sharing#correlation
License
AGPL-3.0
Last activity
2026-06-04
Checked
2026-06-07
Open GitHub
Record: intelowl4,597
activemature

IntelOwl

IntelOwlProject/IntelOwl

Open-source platform for threat-intelligence automation, analyzers, connectors, and enrichment jobs.

Useful for

Useful as a backend model for analyzer orchestration and repeatable enrichment pipelines.

OSINT relevance

Connects services such as VirusTotal, Abuse.ch, GreyNoise, URLScan, Shodan, OTX, MISP, and OpenCTI.

#CTI#automation#analyzers#connectors#IOC#enrichment
License
AGPL-3.0
Last activity
2026-06-07
Checked
2026-06-07
Open GitHub
Record: fastmcp-threatintel38
maintenanceexperimentalMCP

FastMCP ThreatIntel

4R9UN/fastmcp-threatintel

FastMCP threat-intelligence server for IP, domain, URL, and hash analysis.

Useful for

Useful for adding defensive CTI enrichment to an investigation copilot.

OSINT relevance

Supports IOC context, indicator review, and report enrichment for defensive investigations.

#MCP#FastMCP#threat-intelligence#IOC#hash#domain
License
No license detected
Last activity
2025-07-18
Checked
2026-06-07
Open GitHub
Record: opencti-mcp-server28
maintenanceexperimentalMCP

OpenCTI MCP Server

CooperCyberCoffee/opencti_mcp_server

MCP interface for querying OpenCTI threat intelligence through Claude Desktop.

Useful for

Useful for connecting a local or private OpenCTI knowledge base to an assistant.

OSINT relevance

Turns stored observables, reports, and relationships into queryable investigation context.

#MCP#OpenCTI#Claude#IOC#CTI#air-gapped
License
Unclear license
Last activity
2025-11-29
Checked
2026-06-07
Open GitHub
Record: misp-mcp-server11
archivedexperimentalMCP

MISP MCP Server

bornpresident/MISP-MCP-SERVER

MCP server that integrates MISP threat-intelligence data with LLM clients.

Useful for

Useful for teams that already store events, attributes, and IOCs in MISP.

OSINT relevance

Can expose structured indicator and event context to an analyst copilot.

#MCP#MISP#CTI#IOC#LLM
License
No license detected
Last activity
2025-04-09
Checked
2026-06-07
Open GitHub
Record: mcp-threatintel6
activeexperimentalMCP

MCP Threat Intel Server

aplaceforallmystuff/mcp-threatintel

MCP server that unifies AlienVault OTX, AbuseIPDB, GreyNoise, and abuse.ch sources.

Useful for

Useful when an agent needs consistent CTI lookups without opening several browser tabs.

OSINT relevance

Helps with source collection, IOC triage, and confidence-building across multiple feeds.

#MCP#OTX#AbuseIPDB#GreyNoise#abuse.ch#IOC
License
MIT
Last activity
2026-05-23
Checked
2026-06-07
Open GitHub

Entity Resolution / Knowledge Graph

4 repos
Record: graphrag33,525
activemature

GraphRAG

microsoft/graphrag

Graph-based retrieval-augmented generation system for reasoning over narrative private data.

Useful for

Useful for turning investigation corpora into graph memory for question answering and synthesis.

OSINT relevance

Provides architectural ideas for entity extraction, relationship storage, and graph-guided summaries.

#GraphRAG#knowledge-graph#RAG#entity-extraction#corpus-analysis
License
MIT
Last activity
2026-06-05
Checked
2026-06-07
Open GitHub
Record: opencti9,519
activemature

OpenCTI

OpenCTI-Platform/opencti

Open cyber threat-intelligence platform for structuring, storing, organizing, and visualizing CTI.

Useful for

Useful as the graph-backed case memory behind an investigation copilot.

OSINT relevance

Uses STIX-style relationships and observables that map well to entity and relationship analysis.

#CTI#knowledge-graph#STIX#GraphQL#observables#relationships
License
Unclear license
Last activity
2026-06-06
Checked
2026-06-07
Open GitHub
Record: llm-graph-builder4,739
activeusable

Neo4j LLM Graph Builder

neo4j-labs/llm-graph-builder

Builds Neo4j knowledge graphs from PDFs, documents, YouTube videos, web pages, and other unstructured data.

Useful for

Useful for converting collected OSINT material into entities and relationships.

OSINT relevance

Fits document intake, entity extraction, relationship analysis, and graph exploration.

#Neo4j#knowledge-graph#LLM#documents#web-pages#entity-extraction
License
Apache-2.0
Last activity
2026-06-04
Checked
2026-06-07
Open GitHub
Record: zettelforge40
activeexperimentalMCP

ZettelForge

rolandpg/zettelforge

Agentic CTI memory with STIX knowledge graphs, threat-actor alias resolution, offline RAG, and MCP support.

Useful for

Useful for studying memory design around CTI entities, aliases, and offline investigation context.

OSINT relevance

Targets threat-actor alias resolution and graph-backed memory, both useful in entity-heavy investigations.

#CTI#STIX#knowledge-graph#MCP#RAG#alias-resolution
License
MIT
Last activity
2026-06-05
Checked
2026-06-07
Open GitHub

Browser / Web Research Agents

5 repos
Record: firecrawl-mcp-server6,509
activeusableMCP

Firecrawl MCP Server

firecrawl/firecrawl-mcp-server

Official Firecrawl MCP server for web search, scraping, and page extraction.

Useful for

Useful for turning public pages into structured material that an agent can cite or summarize.

OSINT relevance

Supports evidence collection and source text extraction when terms and robots rules allow it.

#MCP#web-scraping#search#extraction#research
License
MIT
Last activity
2026-06-01
Checked
2026-06-07
Open GitHub
Record: exa-mcp-server4,546
activeusableMCP

Exa MCP Server

exa-labs/exa-mcp-server

MCP server for Exa web search and crawling.

Useful for

Useful for semantic web discovery and source collection inside an agent.

OSINT relevance

Can help find sources, similar pages, and context for public web research.

#MCP#search#crawl#semantic-search#web-research
License
MIT
Last activity
2026-06-07
Checked
2026-06-07
Open GitHub
Record: browserbase-mcp3,365
activeusableMCP

Browserbase MCP Server

browserbase/mcp-server-browserbase

MCP server that lets LLMs control a browser through Browserbase and Stagehand.

Useful for

Useful when a research agent needs browser automation for public pages that are hard to fetch directly.

OSINT relevance

Fits controlled web collection and screenshot workflows, with explicit human oversight.

#MCP#browser-automation#Stagehand#screenshots#web-research
License
Apache-2.0
Last activity
2026-05-07
Checked
2026-06-07
Open GitHub
Record: tavily-mcp2,073
activeusableMCP

Tavily MCP

tavily-ai/tavily-mcp

MCP server for real-time search, extraction, mapping, and crawling.

Useful for

Useful as a web-search and extraction layer for research agents.

OSINT relevance

Supports collection and source discovery, but conclusions still need human verification.

#MCP#search#extract#crawl#web-research
License
MIT
Last activity
2026-06-04
Checked
2026-06-07
Open GitHub
Record: apify-mcp-server1,311
activeusableMCP

Apify MCP Server

apify/apify-mcp-server

MCP server that connects agents to Apify actors for search, maps, social, and website extraction tasks.

Useful for

Useful for studying actor-based collection pipelines and reusable extraction jobs.

OSINT relevance

Can support public-data collection, but every actor needs legal, terms-of-service, and scope review.

#MCP#Apify#actors#web-extraction#automation
License
MIT
Last activity
2026-06-06
Checked
2026-06-07
Open GitHub

Prompt / Claude / ChatGPT OSINT Workflows

1 repos
Record: sleuth18
activeexperimental

Sleuth

elb-pr/sleuth

Six-phase OSINT workflow with templates for direction, collection, entity resolution, reasoning, and reports.

Useful for

Useful for studying investigation gates and task files rather than only autonomous tool calls.

OSINT relevance

Closely mirrors target, collection, entity resolution, relationship analysis, hypothesis, and reporting stages.

#Claude#workflow#entity-resolution#hypothesis#reporting#templates
License
MIT
Last activity
2026-05-10
Checked
2026-06-07
Open GitHub