Claude OSINT Investigator: A Template for Open-Source Intelligence Work
A Claude Code template that transforms your terminal into a structured OSINT investigation workspace with evidence management, graph data, and SpiderFoot integration.
The Project
https://github.com/danielrosehill/Claude-OSINT-Investigator
danielrosehill/Claude-OSINT-Investigator View on GitHubOpen-source intelligence (OSINT) investigations involve sifting through publicly available information to build a coherent picture of people, organizations, events, or networks. The work is inherently iterative: you collect evidence, profile entities, map relationships, and build timelines. It is also the kind of work that benefits enormously from having a structured environment that keeps you organized as the investigation grows.
The Claude OSINT Investigator is a Claude Code template that provides exactly that structure. It transforms a repository into a full investigation workspace with evidence chains, entity profiling, network mapping, and formal reporting, all driven by purpose-built slash commands and specialized sub-agents.
Investigation Workflow
The template provides a complete investigation lifecycle. You start with /onboarding to establish your investigation brief and define scope. From there, a suite of 15 slash commands covers every phase of the work:
/collectfor gathering and documenting evidence from sources/profilefor building detailed profiles of persons, organizations, or accounts/timelinefor chronological reconstruction of events/networkfor mapping relationships and connections between entities/reportand/dossierfor generating formal deliverables
Graph Data and Specialized Agents
One of the more sophisticated features is the machine-parseable graph data system. The template maintains Maltego-style relationship data in JSON format, tracking entities (people, organizations, emails, domains, IPs, usernames) and the typed connections between them. This data can be exported to Mermaid diagrams, GEXF for Gephi, DOT for Graphviz, CSV, or Neo4j Cypher queries.
Eight specialized sub-agents handle autonomous investigation tasks: an evidence processor catalogs incoming data, an entity profiler builds comprehensive profiles, a correlation analyst identifies patterns across sources, a timeline builder handles chronological reconstruction, a network mapper handles relationship visualization, a graph manager maintains the machine-parseable data, a SpiderFoot integrator bridges automated OSINT collection with analysis, and a gap analyst identifies what information is still missing.
Tool Integration
The template integrates with SpiderFoot for automated OSINT collection from over 200 data sources. SpiderFoot scan results can be imported directly into the investigation's graph data. The template also recommends OSINT-focused MCP servers including Maigret for username enumeration, Shodan for network intelligence, DNSTwist for domain typosquatting detection, and VirusTotal for file and URL analysis.
smicallef/spiderfoot View on GitHub BurtTheCoder/mcp-maigret View on GitHub BurtTheCoder/mcp-shodan View on GitHub BurtTheCoder/mcp-dnstwist View on GitHub BurtTheCoder/mcp-virustotal View on GitHubEvidence management is rigorous, with SHA-256 verification for chain of custody documentation. The directory structure separates raw evidence, processed materials, analysis products, graph data, formal reports, and source documentation into clearly defined folders, each with its own README explaining how Claude should interact with it.
Whether you are researching a company, investigating a domain network, or tracing connections across social platforms, this template provides a professional-grade framework for keeping your OSINT work organized and reproducible.