A Model Context Protocol (MCP) server that provides access to Shodan API functionality and CVE database, allowing AI assistants to query information about internet-connected devices, services, and vulnerabilities.
- Host Information: Get detailed information about specific IP addresses
- Search Capabilities: Search Shodan's database for devices and services
- Network Scanning: Scan network ranges (CIDR notation) for devices
- SSL Certificate Information: Get SSL certificate details for domains
- IoT Device Search: Find specific types of IoT devices
- CVE Lookup: Get detailed information about specific vulnerabilities
- Vulnerability Search: Search CVEs with advanced filters (product, KEV status, EPSS scores)
- CPE Information: Get Common Platform Enumeration data for products
- Latest Vulnerabilities: Access newest CVEs and Known Exploited Vulnerabilities
- Exploit Prediction: Get CVEs sorted by EPSS exploit prediction scores
-
Clone the repository:
git clone https://github.com/Cyreslab-AI/shodan-mcp-server.git cd shodan-mcp-server -
Install dependencies:
npm install
-
Build the server:
npm run build
-
Set up your Shodan API key:
export SHODAN_API_KEY="your-api-key-here"
-
Start the server:
npm start
This server can be integrated with Claude or other MCP-compatible AI assistants. To add it to Claude Desktop or Claude.app:
-
Add the server to your MCP settings:
{ "mcpServers": { "shodan": { "command": "node", "args": ["/path/to/shodan-mcp-server/build/index.js"], "env": { "SHODAN_API_KEY": "your-api-key-here" } } } } -
Restart Claude to load the new MCP server.
Get detailed information about a specific IP address.
Parameters:
ip(required): IP address to look upmax_items(optional): Maximum number of items to include in arrays (default: 5)fields(optional): List of fields to include in the results (e.g., ['ip_str', 'ports', 'location.country_name'])
Search Shodan's database for devices and services.
Parameters:
query(required): Shodan search query (e.g., 'apache country:US')page(optional): Page number for results pagination (default: 1)facets(optional): List of facets to include in the search results (e.g., ['country', 'org'])max_items(optional): Maximum number of items to include in arrays (default: 5)fields(optional): List of fields to include in the results (e.g., ['ip_str', 'ports', 'location.country_name'])summarize(optional): Whether to return a summary of the results instead of the full data (default: false)
Get the count of hosts matching a search query without consuming query credits.
Parameters:
query(required): Shodan search query to count hosts forfacets(optional): List of facets to include in the count results (e.g., ['country', 'org'])
Scan a network range (CIDR notation) for devices.
Parameters:
cidr(required): Network range in CIDR notation (e.g., 192.168.1.0/24)max_items(optional): Maximum number of items to include in results (default: 5)fields(optional): List of fields to include in the results (e.g., ['ip_str', 'ports', 'location.country_name'])
Search for specific types of IoT devices.
Parameters:
device_type(required): Type of IoT device to search for (e.g., 'webcam', 'router', 'smart tv')country(optional): Optional country code to limit search (e.g., 'US', 'DE')max_items(optional): Maximum number of items to include in results (default: 5)
Get SSL certificate information for a domain.
Parameters:
domain(required): Domain name to look up SSL certificates for (e.g., example.com)
Resolve hostnames to IP addresses using DNS lookup.
Parameters:
hostnames(required): List of hostnames to resolve (e.g., ['google.com', 'facebook.com'])
Get hostnames for IP addresses using reverse DNS lookup.
Parameters:
ips(required): List of IP addresses to lookup (e.g., ['8.8.8.8', '1.1.1.1'])
Get comprehensive domain information including subdomains and DNS records.
Parameters:
domain(required): Domain name to lookup (e.g., 'google.com')history(optional): Include historical DNS data (default: false)type(optional): DNS record type filter (A, AAAA, CNAME, NS, SOA, MX, TXT)page(optional): Page number for pagination (default: 1)
List all available search facets that can be used with Shodan queries.
Parameters: None
List all available search filters that can be used in Shodan queries.
Parameters: None
Parse a search query to understand which filters and parameters are being used.
Parameters:
query(required): Shodan search query to parse and analyze
List all ports that Shodan crawls on the Internet.
Parameters: None
List all protocols that can be used when performing on-demand Internet scans.
Parameters: None
Get detailed information about a specific CVE.
Parameters:
cve_id(required): CVE ID to look up (e.g., 'CVE-2021-44228')
Search for vulnerabilities with various filters.
Parameters:
cpe23(optional): CPE 2.3 string to search for (e.g., 'cpe:2.3:a:apache:log4j:*')product(optional): Product name to search for vulnerabilities (e.g., 'apache', 'windows')is_kev(optional): Filter for Known Exploited Vulnerabilities onlysort_by_epss(optional): Sort results by EPSS score (Exploit Prediction Scoring System)start_date(optional): Start date for filtering CVEs (YYYY-MM-DD format)end_date(optional): End date for filtering CVEs (YYYY-MM-DD format)limit(optional): Maximum number of results to return (default: 10)skip(optional): Number of results to skip for pagination (default: 0)
Get Common Platform Enumeration (CPE) information for products.
Parameters:
product(optional): Product name to search for (e.g., 'apache', 'windows')vendor(optional): Vendor name to filter by (e.g., 'microsoft', 'apache')version(optional): Version to filter by (e.g., '2.4.1')limit(optional): Maximum number of results to return (default: 10)skip(optional): Number of results to skip for pagination (default: 0)
Get the newest vulnerabilities from the CVE database.
Parameters:
limit(optional): Maximum number of results to return (default: 10)
Get Known Exploited Vulnerabilities (KEV) from CISA.
Parameters:
limit(optional): Maximum number of results to return (default: 10)
Get CVEs sorted by EPSS score (Exploit Prediction Scoring System).
Parameters:
limit(optional): Maximum number of results to return (default: 10)
Get information about your API plan including credits and limits.
Parameters: None
Get account profile information including membership status and credits.
Parameters: None
Get your current IP address as seen from the Internet.
Parameters: None
shodan://host/{ip}: Information about a specific IP address
Some Shodan API endpoints require a paid membership. The following features are only available with a paid Shodan API key:
- Search functionality (search_shodan, scan_network_range, get_ssl_info, search_iot_devices, get_host_count, get_domain_info)
- Network scanning
- SSL certificate lookup
- IoT device search
Note: CVE database functionality (get_cve_info, search_cves, get_cpes, get_newest_cves, get_kev_cves, get_cves_by_epss) is completely free and does not require a paid Shodan subscription.
MIT
If you use this project in your research or publications, please cite it as follows:
author = {Bassem Abidi and Moudather Chelbi},
title = {Shodan MCP Server},
year = {2025},
howpublished = {https://github.com/Cyreslab-AI/shodan-mcp-server},
note = {Accessed: 2025-06-29}
![@smithery-ai[bot]](https://avatars.githubusercontent.com/in/1105950?s=64&v=4){kind=small}