OSINT AI One

Autonomous threat intelligence and OSINT investigation platform. 28 tools, ReAct agent, full investigation management with traceability. Runs locally with Ollama or with OpenAI/Anthropic.

Get Started View on GitHub

What it does

Autonomous Threat Intelligence

The ReAct agent automatically selects the right tools for each IOC: IPs, domains, URLs, hashes. Auto-pivots, computes risk scores 0-100, and generates Markdown reports.

Investigation Management

Create structured investigations with evidence, entity extraction (FollowTheMoney ontology), claims with full traceability, and 9-section reports.

6 Ways to Use It

Interactive CLI, single query CLI, MCP Server (44 tools), A2A Server (5 skills), Claude Code Skills (15 skills), or direct Python import.

100% Local with Ollama

Use Qwen3 locally via Ollama. No cloud data. SQLite + ChromaDB on your machine. Also compatible with OpenAI and Anthropic.

Quick Start

git clone https://github.com/pepetox/osint-ai-one.git
cd osint-ai-one
python -m venv .venv && source .venv/bin/activate
pip install -e .

# Configure at least one API key
cp .env.example .env
# Edit .env — start with VIRUSTOTAL_API_KEY (free tier: 500 req/day)

# Pull an Ollama model
ollama pull qwen3:14b   # Recommended — 16 GB RAM

# Launch the agent
osint-agent

Usage Example

osint> Investigate IP 185.220.101.34
# → Agent calls VirusTotal, AbuseIPDB, Shodan, AlienVault, IPInfo
# → Writes structured threat assessment with risk level

osint> /dashboard
# → Visual risk table for all IOCs investigated this session

osint> /report save
# → Saves Markdown report to reports/