OpenOSINT: Open-Source AI Agent Automates OSINT Investigations Using Claude API

A new open-source framework called OpenOSINT that leverages Anthropic's Claude API to autonomously conduct open-source intelligence (OSINT) investigations has been released, promising to eliminate the fragmented manual workflows that plague security researchers and analysts.

"I realized I wasn't really investigating — I was just executing steps that follow a predictable pattern," said Alex Chen, the developer behind OpenOSINT. "That's exactly what an AI agent is good at."

OpenOSINT replaces the typical OSINT workflow, where analysts manually copy-paste usernames across different tools, with an AI agent that chains tools autonomously, executes them against real binaries, and saves structured Markdown reports.

In traditional OSINT, every tool is a silo. Every pivot is manual. The investigation logic lives entirely in the analyst's head, and when they close the terminal, it's gone.

Background

Open Source Intelligence (OSINT) is the practice of collecting and analyzing information from publicly available sources. Security researchers use it during penetration tests. Journalists use it to verify identities and trace connections. Threat analysts use it to profile infrastructure.

A typical workflow has multiple manual steps:

1. You have a target email address
2. You run holehe to find registered platforms
3. You note a username in output
4. You manually copy that username and run sherlock across 300+ platforms
5. You switch to a browser for HaveIBeenPwned checks
6. You open another tab for a WHOIS lookup
7. You take notes and repeat

Every tool is a silo; every pivot requires manual intervention. The investigation logic exists solely in the analyst's mind. When the terminal closes, that logic is lost.

OpenOSINT directly addresses these inefficiencies by embedding an AI agent at the core of the investigation process.

How OpenOSINT Works

The framework uses Claude's native Tool Use API to let an AI model decide which OSINT tools to execute based on natural-language input. The agent executes tools against real binaries, ensuring that all results come from actual OSINT services — not simulated data.

This design makes hallucination in tool results structurally impossible, a critical feature for security research where accuracy is paramount.

OpenOSINT offers three modes of operation:

• Interactive AI REPL – type a target in natural language and the agent decides what to run
• Direct CLI – run individual tools without AI, useful for scripting and automation
• MCP Server – expose all tools to Claude Code or Claude Desktop for integrated workflows

Here's a real session example:

$ openosint
openosint ❯ investigate target@example.com

  → generate_dorks('target@example.com')
  → search_email('target@example.com')
  ✓ Found: Spotify, WordPress, Gravatar, Office365

What This Means

For security researchers, journalists, and threat analysts, OpenOSINT represents a major shift toward automated, reliable intelligence gathering. The elimination of manual chaining reduces human error and speeds up investigations dramatically.

By structuring outputs into Markdown reports, analysts can easily share and revisit their work. The MCP server integration with Claude Code or Claude Desktop allows seamless incorporation into existing AI-assisted workflows.

Most importantly, the framework's architecture ensures that every tool result comes from a real OSINT binary, not a language model's guess. This builds trust where other AI approaches have failed.

"With OpenOSINT, the investigation logic is no longer trapped in someone's head," Chen added. "It's captured, reproducible, and auditable."

The project is available on GitHub under an open-source license, inviting contributions and community improvements.