37 tools from the Osint MCP Server, categorised by risk level.
View the Osint policy →bgp_asn Look up ASN details and announced IPv4/IPv6 prefixes via BGPView. Returns ASN name, description, contacts, and all announced prefixes. bgp_ip Look up BGP routing information for an IP address. Returns matching prefixes, ASNs, and RIR allocation. bgp_prefix Look up details for a specific IP prefix/CIDR. Returns announcing ASNs, name, country, and RIR. censys_certificates Search Censys certificate database. Returns certificate fingerprints, subjects, issuers, validity, and SANs. Requires CENSYS_API_ID + CENSYS_API_SE... censys_host_details Get detailed Censys host information for a single IP: all services, certificates, OS, location, ASN. Requires CENSYS_API_ID + CENSYS_API_SECRET. censys_hosts Search Censys for hosts matching a query. Returns IPs, services, ports, location, ASN. Requires CENSYS_API_ID + CENSYS_API_SECRET. crtsh_search Search Certificate Transparency logs via crt.sh. Returns unique subdomains and certificate details (issuer, validity, SANs). dns_email_security Analyze email security posture: SPF, DMARC, DKIM records with risk assessment and recommendations. Checks common DKIM selectors (google, selector1,... dns_lookup Resolve DNS records for a domain. Supports A, AAAA, MX, TXT, NS, SOA, CNAME, SRV record types. dns_reverse Perform reverse DNS (PTR) lookup for an IP address. Returns associated hostnames. dns_spf_chain Recursively resolve SPF include chain. Shows all included domains, IP ranges, detected services (Google Workspace, Microsoft 365, SendGrid, etc.), ... dns_srv_discover Discover SRV records and common service CNAMEs for a domain. Probes for SIP, XMPP, Autodiscover, LDAP, Kerberos, CalDAV, CardDAV, and checks CNAMEs... dns_wildcard_check Check if a domain has wildcard DNS configured by resolving a random subdomain. geoip_batch Batch geolocate up to 100 IP addresses at once. Uses ip-api.com (free, no API key). geoip_lookup Geolocate an IP address: country, city, ISP, ASN, proxy/hosting/mobile detection. Uses ip-api.com (free, no API key). hackertarget_aslookup Look up ASN information for an IP or ASN via HackerTarget. Free tier: 50 queries/day. hackertarget_hostsearch Find subdomains and their IPs for a domain via HackerTarget. Free tier: 50 queries/day. hackertarget_reverseip Reverse IP lookup via HackerTarget — find all domains hosted on an IP. Free tier: 50 queries/day. m365_tenant Discover Microsoft 365 tenant information for a domain. Returns tenant ID, region, and OpenID configuration endpoints. m365_userrealm Detect authentication type for a domain's Microsoft 365 tenant. Returns namespace type (Managed/Federated), federation brand name, and auth endpoints. osint_domain_recon Quick domain reconnaissance combining free sources: DNS (A/MX/NS/TXT), WHOIS, crt.sh subdomains, HackerTarget hosts, and email security analysis. N... osint_list_sources List all OSINT data sources, their availability, API key requirements, and tool counts. Use this to check which sources are configured. shodan_exploits Search Shodan's exploit database for public exploits matching a query. Requires SHODAN_API_KEY. shodan_host Get Shodan host details for an IP: open ports, services, banners, vulns, OS, ASN, geolocation. Requires SHODAN_API_KEY. shodan_search Search Shodan for hosts matching a query (e.g. 'apache port:443 country:US'). Requires SHODAN_API_KEY. st_dns_history Get historical DNS records for a domain via SecurityTrails. Shows first/last seen dates, values, and organizations. Requires ST_API_KEY. st_subdomains Enumerate subdomains for a domain via SecurityTrails. Returns FQDNs. Requires ST_API_KEY. st_whois Enhanced WHOIS lookup via SecurityTrails with registrant/admin/technical contacts. Requires ST_API_KEY. vt_domain VirusTotal domain analysis: reputation score, detection stats, categories, registrar, DNS records. Requires VT_API_KEY. vt_ip VirusTotal IP analysis: reputation, detection stats, country, ASN, network. Requires VT_API_KEY. vt_subdomains Enumerate subdomains for a domain via VirusTotal. Requires VT_API_KEY. vt_url Submit a URL to VirusTotal for scanning and get analysis results (malicious/suspicious/harmless). Requires VT_API_KEY. wayback_snapshots Get Wayback Machine snapshot history for a specific URL. Returns timestamps, status codes, and direct archive links. Shows first/last seen dates. wayback_urls Search Wayback Machine for archived URLs of a domain. Returns unique URLs with timestamps, status codes, and MIME types. Useful for finding old end... whois_domain RDAP/WHOIS lookup for a domain. Returns registrar, registration/expiration dates, nameservers, and contact entities. whois_ip RDAP/WHOIS lookup for an IP address. Returns network name, CIDR range, country, and responsible entities. The Osint MCP server exposes 37 tools across 2 categories: Read, Write.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Osint server.
Osint tools are categorised as Read (36), Write (1). Each category has a recommended default policy.
Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.