Shodan

A Model Context Protocol server that provides access to Shodan API functionality
  • javascript

38

GitHub Stars

javascript

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "cyreslab-ai-shodan-mcp-server": {
      "command": "node",
      "args": [
        "/path/to/shodan-mcp-server/build/index.js"
      ],
      "env": {
        "SHODAN_API_KEY": "your-api-key-here"
      }
    }
  }
}

The Shodan MCP Server provides access to Shodan API data and CVE information through a small MCP (Model Context Protocol) server. It lets you query host details, perform device searches, scan networks, inspect SSL certificates, and explore CVEs and related vulnerability data from AI assistants and MCP-enabled clients.

How to use

Use this MCP server with any MCP-compatible client to access Shodan data and CVE information. You can perform host lookups, run targeted searches, scan network ranges, retrieve SSL certificate details, search for specific IoT device types, and explore CVEs and KEVs. Your client can call the exposed tools to fetch up-to-date information for security assessments, network inventory, and vulnerability awareness.

How to install

Prerequisites: you need Node.js and npm installed on your system.

# 1) Clone the project
git clone https://github.com/Cyreslab-AI/shodan-mcp-server.git
cd shodan-mcp-server

# 2) Install dependencies
npm install

# 3) Build the server
npm run build

# 4) Set up your Shodan API key
export SHODAN_API_KEY="your-api-key-here"

# 5) Start the server
npm start

Configuration and running with MCP clients

To integrate with an MCP client such as Claude, provide a stdio configuration that runs the built server and passes the API key as an environment variable.

{
  "mcpServers": {
    "shodan": {
      "command": "node",
      "args": ["/path/to/shodan-mcp-server/build/index.js"],
      "env": {
        "SHODAN_API_KEY": "your-api-key-here"
      }
    }
  }
}

Notes on usage and capabilities

This MCP server exposes a comprehensive set of tools. You can look up host information, search for devices, scan networks, fetch SSL certificate data, and search CVEs with various filters. It also provides functions to retrieve CPE data, the latest CVEs, KEVs, and CVEs sorted by EPSS scores, plus general account and IP information utilities.

Available tools

get_host_info

Fetch detailed information about a specific IP address, including optional fields and item limits.

search_shodan

Query Shodan's database for devices and services using a search string, with options for pagination, facets, field selection, and result summarization.

get_host_count

Return the count of hosts matching a search query without consuming query credits.

scan_network_range

Scan a CIDR range to find devices, with options for item limits and selected fields.

search_iot_devices

Search for IoT devices by type, with optional country filtering and result limits.

get_ssl_info

Retrieve SSL certificate information for a given domain.

dns_lookup

Resolve hostnames to IP addresses via DNS.

reverse_dns_lookup

Find hostnames for IPs using reverse DNS lookup.

get_domain_info

Obtain comprehensive domain data, including subdomains and DNS records, with optional history and record type filtering.

list_search_facets

List all available search facets for Shodan queries.

list_search_filters

List all available search filters for Shodan queries.

parse_search_tokens

Parse and analyze a Shodan query to identify filters and parameters.

list_ports

List all ports Shodan crawls on the Internet.

list_protocols

List protocols supported for on-demand Internet scans.

get_cve_info

Retrieve detailed information about a specific CVE.

search_cves

Search CVEs with filters such as CPE, product, KEV status, EPSS sort, date range, and limits.

get_cpes

Get CPE information for products with optional vendor, version, and pagination.

get_newest_cves

Fetch the newest CVEs.

get_kev_cves

Fetch Known Exploited Vulnerabilities (KEV) data.

get_cves_by_epss

Return CVEs sorted by EPSS exploit prediction scores.

get_api_info

Return information about your API plan, including credits and limits.

get_account_profile

Return your account profile and credit status.

get_my_ip

Return your current external IP address.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational