playbooks
Learn Cursor Rules Windsurf Rules MCPs Modes
Log in

Shodan MCP server

Provides secure access to Shodan's database of internet-connected devices through host lookups, search functionality, and vulnerability information retrieval with intelligent response optimization for efficient token usage.
Back to servers
Setup instructions
Provider
Cyreslab.ai
Release date
Mar 22, 2025
Language
TypeScript
Stats
25 stars
View on GitHub

The Shodan MCP Server provides access to Shodan API functionality and CVE database, allowing AI assistants to query information about internet-connected devices, services, and vulnerabilities. It enables network intelligence gathering and vulnerability research through a Model Context Protocol (MCP) interface.

Installation

  1. Clone the repository:

    git clone https://github.com/Cyreslab-AI/shodan-mcp-server.git
cd shodan-mcp-server

  2. Install dependencies:

    npm install

  3. Build the server:

    npm run build

  4. Set up your Shodan API key:

    export SHODAN_API_KEY="your-api-key-here"

  5. Start the server:

    npm start

MCP Integration

This server can be integrated with Claude or other MCP-compatible AI assistants:

  1. Add the server to your MCP settings:

    {
  "mcpServers": {
    "shodan": {
      "command": "node",
      "args": ["/path/to/shodan-mcp-server/build/index.js"],
      "env": {
        "SHODAN_API_KEY": "your-api-key-here"
      }
    }
  }
}

  2. Restart Claude to load the new MCP server.

Available Tools

Search & Host Information Tools

get_host_info

Get detailed information about a specific IP address.

Parameters:

  • ip (required): IP address to look up
  • max_items (optional): Maximum number of items to include in arrays (default: 5)
  • fields (optional): List of fields to include in the results

search_shodan

Search Shodan's database for devices and services.

Parameters:

  • query (required): Shodan search query (e.g., 'apache country:US')
  • page (optional): Page number for results pagination (default: 1)
  • facets (optional): List of facets to include in the search results
  • max_items (optional): Maximum number of items to include in arrays (default: 5)
  • fields (optional): List of fields to include in the results
  • summarize (optional): Whether to return a summary of the results (default: false)

get_host_count

Get the count of hosts matching a search query without consuming query credits.

Parameters:

  • query (required): Shodan search query to count hosts for
  • facets (optional): List of facets to include in the count results

scan_network_range

Scan a network range (CIDR notation) for devices.

Parameters:

  • cidr (required): Network range in CIDR notation (e.g., 192.168.1.0/24)
  • max_items (optional): Maximum number of items to include in results (default: 5)
  • fields (optional): List of fields to include in the results

search_iot_devices

Search for specific types of IoT devices.

Parameters:

  • device_type (required): Type of IoT device to search for (e.g., 'webcam', 'router')
  • country (optional): Optional country code to limit search (e.g., 'US', 'DE')
  • max_items (optional): Maximum number of items to include in results (default: 5)

SSL & Certificate Tools

get_ssl_info

Get SSL certificate information for a domain.

Parameters:

  • domain (required): Domain name to look up SSL certificates for

DNS Tools

dns_lookup

Resolve hostnames to IP addresses using DNS lookup.

Parameters:

  • hostnames (required): List of hostnames to resolve

reverse_dns_lookup

Get hostnames for IP addresses using reverse DNS lookup.

Parameters:

  • ips (required): List of IP addresses to lookup

get_domain_info

Get comprehensive domain information including subdomains and DNS records.

Parameters:

  • domain (required): Domain name to lookup
  • history (optional): Include historical DNS data (default: false)
  • type (optional): DNS record type filter
  • page (optional): Page number for pagination (default: 1)

Search Utility Tools

list_search_facets

List all available search facets that can be used with Shodan queries.

Parameters: None

list_search_filters

List all available search filters that can be used in Shodan queries.

Parameters: None

parse_search_tokens

Parse a search query to understand which filters and parameters are being used.

Parameters:

  • query (required): Shodan search query to parse and analyze

Infrastructure Tools

list_ports

List all ports that Shodan crawls on the Internet.

Parameters: None

list_protocols

List all protocols that can be used when performing on-demand Internet scans.

Parameters: None

CVE & Vulnerability Tools

get_cve_info

Get detailed information about a specific CVE.

Parameters:

  • cve_id (required): CVE ID to look up (e.g., 'CVE-2021-44228')

search_cves

Search for vulnerabilities with various filters.

Parameters:

  • cpe23 (optional): CPE 2.3 string to search for
  • product (optional): Product name to search for vulnerabilities
  • is_kev (optional): Filter for Known Exploited Vulnerabilities only
  • sort_by_epss (optional): Sort results by EPSS score
  • start_date (optional): Start date for filtering CVEs (YYYY-MM-DD format)
  • end_date (optional): End date for filtering CVEs (YYYY-MM-DD format)
  • limit (optional): Maximum number of results to return (default: 10)
  • skip (optional): Number of results to skip for pagination (default: 0)

get_cpes

Get Common Platform Enumeration (CPE) information for products.

Parameters:

  • product (optional): Product name to search for
  • vendor (optional): Vendor name to filter by
  • version (optional): Version to filter by
  • limit (optional): Maximum number of results to return (default: 10)
  • skip (optional): Number of results to skip for pagination (default: 0)

get_newest_cves

Get the newest vulnerabilities from the CVE database.

Parameters:

  • limit (optional): Maximum number of results to return (default: 10)

get_kev_cves

Get Known Exploited Vulnerabilities (KEV) from CISA.

Parameters:

  • limit (optional): Maximum number of results to return (default: 10)

get_cves_by_epss

Get CVEs sorted by EPSS score (Exploit Prediction Scoring System).

Parameters:

  • limit (optional): Maximum number of results to return (default: 10)

Account & Utility Tools

get_api_info

Get information about your API plan including credits and limits.

Parameters: None

get_account_profile

Get account profile information including membership status and credits.

Parameters: None

get_my_ip

Get your current IP address as seen from the Internet.

Parameters: None

API Limitations

Some Shodan API endpoints require a paid membership. The following features are only available with a paid Shodan API key:

  • Search functionality (search_shodan, scan_network_range, get_ssl_info, search_iot_devices)
  • Network scanning
  • SSL certificate lookup
  • IoT device search

Note: CVE database functionality is completely free and does not require a paid Shodan subscription.

How to install this MCP server

For Claude Code

To add this MCP server to Claude Code, run this command in your terminal:

claude mcp add-json "shodan" '{"command":"node","args":["/path/to/shodan-mcp-server/build/index.js"],"env":{"SHODAN_API_KEY":"your-api-key-here"}}'

See the official Claude Code MCP documentation for more details.

For Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "shodan": {
            "command": "node",
            "args": [
                "/path/to/shodan-mcp-server/build/index.js"
            ],
            "env": {
                "SHODAN_API_KEY": "your-api-key-here"
            }
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.

For Claude Desktop

To add this MCP server to Claude Desktop:

1. Find your configuration file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json

2. Add this to your configuration file:

{
    "mcpServers": {
        "shodan": {
            "command": "node",
            "args": [
                "/path/to/shodan-mcp-server/build/index.js"
            ],
            "env": {
                "SHODAN_API_KEY": "your-api-key-here"
            }
        }
    }
}

3. Restart Claude Desktop for the changes to take effect

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later