Hostile Command Suite – OSINT Package

The Hostile Command Suite (HCS) tackles a core pain point in modern investigative workflows: the fragmentation of open‑source intelligence (OSINT) tools. When analysts gather data about a target, they typically have to juggle multiple command‑line utilities—each with its own syntax, output format, and dependencies. HCS consolidates these disparate tools into a single, terminal‑based framework that orchestrates them automatically. By packaging Sherlock, Mosint, DuckDuckGo search, and a lightweight profile scraper behind an MCP‑compatible interface, it eliminates the need to manually chain commands or parse heterogeneous outputs. The result is a seamless pipeline that turns raw identifiers (usernames, emails, names) into structured intelligence ready for analysis.

At its heart, HCS is an intelligent agent that leverages a local large language model (LLM) via Ollama. The LLM ingests all gathered data, categorizes it, and decides which tools to invoke next. For example, a name triggers a DuckDuckGo web search for public records; a username spawns a Sherlock query across 400+ platforms; an email fires Mosint for breach detection. This dynamic tool selection reduces manual effort and ensures that the investigation follows logical, data‑driven paths. The agent also performs “investigation pivoting”: when a new lead appears—such as an email address found in a social media profile—it automatically expands the search to related domains or accounts, keeping the analyst focused on emerging insights rather than command syntax.

Key capabilities include:

• Automated Username and Email Scraping – One‑click discovery of accounts across social networks and breach databases.
• Rich Profile Extraction – A dedicated scraper pulls structured details (bio, links, location) from found accounts.
• Web Search Intelligence – Integrated DuckDuckGo queries surface news, public records, and corporate information.
• Link Analysis – Deep inspection of URLs and GitHub repositories reveals technical footprints.
• Intelligent Workflow Management – The MCP servers coordinate tool execution, handle dependencies, and surface results in a unified terminal UI.

Real‑world scenarios that benefit from HCS include threat intelligence analysts building adversary profiles, penetration testers mapping an organization’s external presence, or compliance teams auditing third‑party exposure. Because the framework is terminal‑based and MCP‑compatible, it plugs directly into existing AI assistant pipelines—such as Claude or other LLM agents—that can issue MCP commands to trigger investigations, retrieve structured data, and even ask the agent for follow‑up queries.

What sets HCS apart is its blend of automation and human oversight. While the LLM drives tool selection, analysts retain control through interactive prompts or command‑line arguments, allowing them to inject domain knowledge and adjust the depth of search. The MCP architecture ensures that the system remains extensible: new tools can be added as separate servers, and existing ones can be swapped or updated without disrupting the overall workflow. This modularity, coupled with a robust AI decision layer, makes Hostile Command Suite an invaluable asset for any developer or analyst seeking to accelerate OSINT investigations while maintaining precision and context.