- Joined
- 5 Nov 2025
- Messages
- 9
- Reaction score
- 2
- Points
- 3
Hi!
I built an open-source Python framework that automates OSINT investigation chaining using Claude’s native tool use API.
The problem I was solving: every OSINT workflow is fragmented. holehe → copy username → sherlock → browser for HIBP → WHOIS in another tab. The investigation logic lives in your head and disappears when you close the terminal.
OpenOSINT collapses that into a single session. You describe the target in natural language, the agent decides what to run, chains the tools autonomously, and saves a structured Markdown report.
Why it’s trustworthy for security research
Most AI wrappers around tools have a hallucination problem — the model generates plausible-looking output that may not reflect what the tool actually returned.
OpenOSINT uses the Anthropic native tool use API. When the model needs a tool, it issues a hard stop and emits a tool_use block. Your code runs the real binary. The real output goes back as a tool_result. The model never generates tool output — it only reads it.
If sherlock finds 12 profiles, 12 URLs go back verbatim. The model cannot add a 13th.
The agent loop (simplified)
9 tools
Tool Backend What it returns
Three interfaces
Interactive AI REPL (default):
Architecture
Three hard layers, no upward imports:
The AI layer is entirely optional. CLI and MCP server work without an API key.
Hope you enjoy it! This is fairly new! If you have some questions or suggestions or a request to hack - drop me a private message with your Telegram ID, Session, Signal etc, or send me an email (for advance users only) heyisla@crackingx.com
Cheers!!!
I built an open-source Python framework that automates OSINT investigation chaining using Claude’s native tool use API.
The problem I was solving: every OSINT workflow is fragmented. holehe → copy username → sherlock → browser for HIBP → WHOIS in another tab. The investigation logic lives in your head and disappears when you close the terminal.
OpenOSINT collapses that into a single session. You describe the target in natural language, the agent decides what to run, chains the tools autonomously, and saves a structured Markdown report.
Why it’s trustworthy for security research
Most AI wrappers around tools have a hallucination problem — the model generates plausible-looking output that may not reflect what the tool actually returned.
OpenOSINT uses the Anthropic native tool use API. When the model needs a tool, it issues a hard stop and emits a tool_use block. Your code runs the real binary. The real output goes back as a tool_result. The model never generates tool output — it only reads it.
If sherlock finds 12 profiles, 12 URLs go back verbatim. The model cannot add a 13th.
The agent loop (simplified)
Python:
while True:
response = client.messages.create(
model="claude-...",
tools=TOOL_SCHEMAS,
messages=messages
)
if response.stop_reason == "end_turn":
break # agent done, write report
if response.stop_reason == "tool_use":
for block in response.content:
if block.type == "tool_use":
# real subprocess — holehe, sherlock, etc.
real_output = await execute_tool(block.name, block.input)
tool_results.append({
"type": "tool_result",
"tool_use_id": block.id,
"content": real_output
})
messages.append({"role": "assistant", "content": response.content})
messages.append({"role": "user", "content": tool_results})9 tools
Tool Backend What it returns
Code:
search_email holehe Social accounts linked to an email
search_username sherlock 300+ platforms
search_breach HaveIBeenPwned v3 Breach names, dates, data types
search_whois python-whois Registrant, registrar, dates
search_ip ipinfo.io Geo, ASN, hostname, org
search_domain sublist3r Subdomain enumeration
generate_dorks built-in 12 Google dork URLs, no network calls
search_paste psbdmp.ws Pastebin dump mentions
search_phone phoneinfoga Carrier, country, line type
Missing binary → descriptive error → rest of the framework keeps running.Three interfaces
Interactive AI REPL (default):
Python:
$ openosint
openosint ❯ investigate target@example.com
Direct CLI (no AI, for scripting):
openosint email target@example.com -t 60
openosint username johndoe99
MCP server (Claude Code / Claude Desktop):
claude mcp add openosint python /path/to/openosint/mcp_server.pyArchitecture
Three hard layers, no upward imports:
Code:
openosint/tools/ stateless async wrappers, no AI
openosint/agent.py Anthropic tool use loop
openosint/repl.py prompt_toolkit + Rich
openosint/mcp_server.py stdio MCP server
openosint/cli.py direct CLIThe AI layer is entirely optional. CLI and MCP server work without an API key.
Code:
Install
pip install openosint
export ANTHROPIC_API_KEY=sk-ant-...
pip install holehe sherlock-project sublist3rHope you enjoy it! This is fairly new! If you have some questions or suggestions or a request to hack - drop me a private message with your Telegram ID, Session, Signal etc, or send me an email (for advance users only) heyisla@crackingx.com
Cheers!!!