OSINT Plugin for Claude Code
An open source intelligence (OSINT) research skill for Claude Code. Investigate people, locations, domains, images, infrastructure, and digital artifacts using publicly available information.
Installation
/plugin install osint@github:lawriec/claude-osint-plugin
What It Does
When you ask Claude Code to investigate something — a person, a location in a photo, a suspicious domain, an image's metadata — this plugin activates a structured OSINT methodology based on the intelligence cycle:
- Define the intelligence requirement
- Plan the collection strategy
- Collect data across multiple sources
- Analyze and cross-reference findings
- Report with evidence provenance and confidence ratings
OSINT Domains
| Domain | Capabilities |
|---|
| Geolocation | Identify locations from photos/video using signs, vegetation, road markings, sun position, architecture |
| People / Social Media | Username enumeration, profile correlation across platforms, SOCMINT |
| Domain / Infrastructure | WHOIS, DNS enumeration, subdomain discovery, certificate transparency, IP enrichment |
| Image / Video Forensics | EXIF extraction, reverse image search, manipulation detection, metadata analysis |
| Document Analysis | PDF metadata, email header analysis, file forensics |
| Vehicle / Object ID | License plates, aircraft tracking (ADS-B), ship tracking (AIS) |
| Cryptocurrency | Blockchain address lookup, wallet tracing, transaction analysis |
| Radio / Signals | Broadcast identification, amateur radio callsign lookup |
Required API Keys
Set these environment variables before using the plugin:
| Variable | Required | Source |
|---|
TAVILY_API_KEY | Yes | tavily.com (free tier available) |
GEMINI_API_KEY | Yes | Google AI Studio |
YTDLP_COOKIES_FROM_BROWSER | Recommended | Browser name (e.g., chrome) for YouTube access |
REDDIT_CLIENT_ID | Optional | Reddit apps for higher rate limits |
REDDIT_CLIENT_SECRET | Optional | Same as above |
MCP Servers
This plugin configures 11 MCP servers:
| Server | Purpose |
|---|
| tavily | Web search with date/domain filtering |
| gemini | AI analysis of images and video |
| searxng | Multi-engine meta-search (250+ engines) |
| selenium | Browser automation for JS-heavy sites |
| fetch | Simple URL fetching |
| memory-graph | Knowledge graph for entity relationships |
| reddit | Reddit API access |
| video-reader | Video/image frame extraction and analysis |
| yt-dl | YouTube metadata and downloads |
| internet-archive | Wayback Machine access |
| common-crawl | Historical web crawl data |
SearXNG Setup
SearXNG requires a local Docker instance:
docker run -d --name searxng -p 8080:8080 \
-v "${PWD}/searxng:/etc/searxng" \
-e "BASE_URL=http://localhost:8080" \
searxng/searxng
OSINT Scripts
Standalone Python scripts runnable via uv run (no pre-installation needed):
uv run skills/osint/scripts/query_dns.py all example.com
uv run skills/osint/scripts/query_whois.py lookup example.com
uv run skills/osint/scripts/query_crtsh.py subdomains example.com
uv run skills/osint/scripts/query_shodan_internetdb.py 8.8.8.8
uv run skills/osint/scripts/extract_exif.py gps photo.jpg
uv run skills/osint/scripts/check_username.py johndoe
uv run skills/osint/scripts/sun_position.py calculate --lat 51.5 --lon -0.1 --date 2024-06-15 --time 14:30
OSINT Resources
Learning & Methodology
Geolocation