A Model Context Protocol (MCP) server for querying the Shodan API and Shodan CVEDB. This server provides comprehensive access to Shodan's network intelligence and security services, including IP reconnaissance, DNS operations, vulnerability tracking, and device discovery. All tools provide structured, formatted output for easy analysis and integration.
Quick Start (Recommended)
Installing via Smithery
To install Shodan Server for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @burtthecoder/mcp-shodan --client claude
Network Reconnaissance: Query detailed information about IP addresses, including open ports, services, and vulnerabilities
DNS Operations: Forward and reverse DNS lookups for domains and IP addresses
Vulnerability Intelligence: Access to Shodan's CVEDB for detailed vulnerability information, CPE lookups, and product-specific CVE tracking
Device Discovery: Search Shodan's database of internet-connected devices with advanced filtering
Tools
1. IP Lookup Tool
Name: ip_lookup
Description: Retrieve comprehensive information about an IP address, including geolocation, open ports, running services, SSL certificates, hostnames, and cloud provider details if available
Parameters:
ip (required): IP address to lookup
Returns:
IP Information (address, organization, ISP, ASN)
Location (country, city, coordinates)
Services (ports, protocols, banners)
Cloud Provider details (if available)
Associated hostnames and domains
Tags
2. Shodan Search Tool
Name: shodan_search
Description: Search Shodan's database of internet-connected devices
Parameters:
query (required): Shodan search query
max_results (optional, default: 10): Number of results to return
Returns:
Search summary with total results
Country-based distribution statistics
Detailed device information including:
Basic information (IP, organization, ISP)
Location data
Service details
Web server information
Associated hostnames and domains
3. CVE Lookup Tool
Name: cve_lookup
Description: Query detailed vulnerability information from Shodan's CVEDB
Parameters:
cve (required): CVE identifier in format CVE-YYYY-NNNNN (e.g., CVE-2021-44228)
Returns:
Basic Information (ID, published date, summary)
Severity Scores:
CVSS v2 and v3 with severity levels
EPSS probability and ranking
Impact Assessment:
KEV status
Proposed mitigations
Ransomware associations
Affected products (CPEs)
References
4. DNS Lookup Tool
Name: dns_lookup
Description: Resolve domain names to IP addresses using Shodan's DNS service
Parameters:
hostnames (required): Array of hostnames to resolve
Returns:
DNS resolutions mapping hostnames to IPs
Summary of total lookups and queried hostnames
5. Reverse DNS Lookup Tool
Name: reverse_dns_lookup
Description: Perform reverse DNS lookups to find hostnames associated with IP addresses
Parameters:
ips (required): Array of IP addresses to lookup
Returns:
Reverse DNS resolutions mapping IPs to hostnames
Summary of total lookups and results
6. CPE Lookup Tool
Name: cpe_lookup
Description: Search for Common Platform Enumeration (CPE) entries by product name
Parameters:
product (required): Name of the product to search for
count (optional, default: false): If true, returns only the count of matching CPEs
skip (optional, default: 0): Number of CPEs to skip (for pagination)
limit (optional, default: 1000): Maximum number of CPEs to return
Returns:
When count is true: Total number of matching CPEs
When count is false: List of CPEs with pagination details
7. CVEs by Product Tool
Name: cves_by_product
Description: Search for vulnerabilities affecting specific products or CPEs
