The ADEO CTI MCP Server provides access to both Shodan and VirusTotal APIs for comprehensive security analysis and threat intelligence. This server enables cybersecurity analysts to perform network intelligence operations including host information lookup, DNS operations, vulnerability analysis, network scanning, and alerts management through various tools and prompt templates.
Before installing the ADEO CTI MCP Server, you'll need:
SHODAN_API_KEY=your_shodan_api_key
VIRUSTOTAL_API_KEY=your_virustotal_api_key
npm install
npm run build
npm start
Get detailed information about a host from Shodan:
@shodan host-info ip="8.8.8.8" history=true
Parameters:
ip (required): IP address to look uphistory (optional): Include historical informationminify (optional): Return only basic host informationResolve hostnames to IP addresses:
@shodan dns-lookup hostnames="google.com,facebook.com"
Look up hostnames for IP addresses:
@shodan reverse-dns ips="8.8.8.8,1.1.1.1"
Get DNS entries and subdomains for a domain:
@shodan domain-info domain="example.com"
Search Shodan for hosts matching specific criteria:
@shodan search-host query="apache country:DE" facets="org,port"
Get count of matching results without full details:
@shodan search-host-count query="product:nginx"
Request Shodan to scan specific targets:
@shodan request-scan ips="192.168.1.0/24"
Check the status of a submitted scan:
@shodan get-scan-status id="SCAN_ID"
View all your submitted scans:
@shodan list-scans
Set up network monitoring alerts:
@shodan create-alert name="My Alert" filters={"ip":["8.8.8.8"],"port":[80,443]}
View all active alerts:
@shodan list-alerts
Get CVE details:
@shodan cve-lookup cve="CVE-2021-44228"
Search vulnerabilities by CPE:
@shodan cpe-vuln-search cpe="cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:*" minCvss=7.0
Analyze URLs for security threats:
@shodan virustotal-url-analysis url="https://example.com"
Check file hashes for malware:
@shodan virustotal-file-analysis hash="a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"
Check IP reputation:
@shodan virustotal-ip-analysis ip="8.8.8.8"
Analyze domain reputation:
@shodan virustotal-domain-analysis domain="example.com"
The server provides intelligent prompts for comprehensive cybersecurity analysis workflows:
Discover and analyze internet-facing assets and infrastructure:
@shodan asset-discovery target=example.com depth=comprehensive
Find vulnerabilities in internet-connected systems:
@shodan vulnerability-assessment target_type=host target=192.168.1.1 severity_threshold=high
Search for specific internet-connected systems or services:
@shodan internet-search search_type=product query="nginx" filters="country:US port:443"
Set up network monitoring and alerts:
@shodan network-monitoring target=192.168.0.0/24 monitor_type=vulnerability notification_threshold=high
Analyze exposed industrial control systems and SCADA devices:
@shodan ics-analysis target_type=country target=US protocol=modbus
Analyze DNS information for domains and IP addresses:
@shodan dns-intelligence target_type=domain target=example.com include_vt_analysis=yes
Analyze files and URLs for malware and security threats:
@shodan malware-analysis target_type=file target=a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
Hunt for threats across multiple data sources using combined intelligence:
@shodan threat-hunting indicator_type=ip indicator=8.8.8.8 include_vt_analysis=yes
When using the server, be aware of the following:
The server automatically handles various error scenarios including invalid API keys, rate limiting, network issues, invalid parameters, and missing permissions.
To add this MCP server to Claude Code, run this command in your terminal:
claude mcp add-json "shodan" '{"command":"npx","args":["-y","@adeosec/mcp-shodan"]}'See the official Claude Code MCP documentation for more details.
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.
To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".
When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:
{
"mcpServers": {
"shodan": {
"command": "npx",
"args": [
"-y",
"@adeosec/mcp-shodan"
]
}
}
}To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.
To add this MCP server to Claude Desktop:
1. Find your configuration file:
~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%\Claude\claude_desktop_config.json~/.config/Claude/claude_desktop_config.json2. Add this to your configuration file:
{
"mcpServers": {
"shodan": {
"command": "npx",
"args": [
"-y",
"@adeosec/mcp-shodan"
]
}
}
}3. Restart Claude Desktop for the changes to take effect