The 6 Interfaces
The same 28 OSINT tools are accessible through six different interfaces. Pick the one that best fits your workflow.
Decision guide
What do I want to do?│├─ Quick analysis of an IP / domain / URL / hash│ └─ Use: CLI (-q) or MCP or direct query in Claude Code│├─ Autonomous investigation with auto-pivot and report│ └─ Use: CLI (interactive)│├─ Structured investigation with evidence, entities, claims, traceability│ └─ Use: Claude Code skills (/investigation-init → /osint-investigate → /report-generate)│├─ Integrate with my application or pipeline│ └─ Use: MCP server or Python import│└─ Let another AI agent delegate tasks here └─ Use: A2A serverComparison table
| Interface | How to invoke | Who decides what tools to call | Persists results | Needs Ollama |
|---|---|---|---|---|
| Interactive CLI | osint-agent | ReAct agent (autonomous) | Session only | Yes |
| Single query CLI | osint-agent -q "..." | ReAct agent (autonomous) | No | Yes |
| Batch CLI | osint-agent --batch file.txt | ReAct agent per IOC | No | Yes |
| MCP | Any MCP client | You / Claude Code | Via investigation tools | No |
| Claude Code skills | /osint-investigate, etc. | You / Claude Code | Yes (SQLite + ChromaDB) | Yes (for investigate) |
| A2A | Another agent via osint-a2a | The calling agent | No | Yes |
| Python import | from src.tools.virustotal import ... | Your code | Your choice | No |
1. Interactive CLI
Best for: exploratory sessions, multi-IOC analysis, ad-hoc queries.
osint-agentosint> Investigate IP 185.220.101.34osint> Analyze the conflict in Iran and its impact on cybersecurityosint> /dashboardosint> /report save2. Single Query / Batch CLI
Best for: scripting, automation, CI pipelines.
# Single queryosint-agent -q "Investigate IP 8.8.8.8"osint-agent -q "Analyze domain evil.com" --json
# Batch from file (one IOC per line)osint-agent --batch iocs.txt --limit 10 --json
# Batch from live feedsosint-agent --feed feodo --limit 5osint-agent --feed urlhaus --limit 3 --json3. MCP Server
Best for: Claude Desktop, VS Code, Cursor, or any MCP-compatible client.
osint-mcp # STDIO transportosint-mcp --transport streamable-http --port 8080 # HTTP transportExposes 44 tools. No Ollama needed — the client’s own model does the reasoning.
Claude Desktop configuration:
{ "mcpServers": { "osint-agent": { "command": "osint-mcp", "args": [] } }}4. Claude Code Skills
Best for: formal investigations with full traceability.
/investigation-init "Acme Corp Case" --goal "Due diligence"/osint-investigate "185.220.101.34"/osint-investigate "acme-corp.com"/evidence-ingest report.pdf/entity-extract/verify-claims/report-generate5. A2A Server
Best for: multi-agent systems where another AI agent delegates investigation tasks.
osint-a2a # default: 0.0.0.0:9000osint-a2a --port 9090from a2a_sdk import A2AClientclient = A2AClient("http://localhost:9000")result = await client.send_task({"skill": "investigate_ip", "message": "Investigate 185.220.101.34"})6. Direct Python Import
Best for: embedding specific tools in your own code.
import asynciofrom src.tools.virustotal import virustotal_ip_lookupfrom src.tools.gdelt_tool import gdelt_entity_searchfrom src.tools.country_risk import get_country_risk_score
result = asyncio.run(virustotal_ip_lookup("185.220.101.34"))news = gdelt_entity_search("Iran conflict")risk = get_country_risk_score("IR")All tools are standalone async functions. No agent or server needed.