mcp-shodan
by BurtTheCoder
- Security
- Search
- Databases
JavaScript
MIT
496
1
MCP server for querying the Shodan API and Shodan CVEDB. This server provides tools for IP lookups, device searches, DNS lookups, vulnerability queries, CPE lookups, and more.
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| ip_lookup | Retrieve information about an IP address. |
| search | Search for devices on Shodan. |
| cve_lookup | Retrieve vulnerability information for a CVE. Use format: CVE-YYYY-NNNNN (e.g., CVE-2021-44228) |
| dns_lookup | Perform DNS lookups using Shodan. |
| cpe_lookup | Search for Common Platform Enumeration (CPE) entries by product name. |
| cves_by_product | Search for CVEs affecting a specific product or CPE. Provide either product name or CPE 2.3 identifier. |
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| SHODAN_API_KEY | Yes | Your Shodan API key |
README.md
Shodan MCP Server
A Model Context Protocol (MCP) server for querying the Shodan API and Shodan CVEDB. This server provides tools for IP lookups, device searches, DNS lookups, vulnerability queries, CPE lookups, and more. It is designed to integrate seamlessly with MCP-compatible applications like Claude Desktop.
Quick Start (Recommended)
- Install the server globally via npm:
Copy
npm install -g @burtthecoder/mcp-shodan
- Add to your Claude Desktop configuration file:
Copy
{
"mcpServers": {
"shodan": {
"command": "mcp-shodan",
"env": {
"SHODAN_API_KEY": "your-shodan-api-key"
}
}
}
}
Configuration file location:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
- Restart Claude Desktop
Alternative Setup (From Source)
If you prefer to run from source or need to modify the code:
- Clone and build:
Copy
git clone https://github.com/BurtTheCoder/mcp-shodan.git
cd mcp-shodan
npm install
npm run build
- Add to your Claude Desktop configuration:
Copy
{
"mcpServers": {
"shodan": {
"command": "node",
"args": ["/absolute/path/to/mcp-shodan/build/index.js"],
"env": {
"SHODAN_API_KEY": "your-shodan-api-key"
}
}
}
}
Features
- IP Lookup: Retrieve detailed information about an IP address
- Search: Search for devices on Shodan matching specific queries
- Ports: Get a list of ports that Shodan is scanning
- CVE Lookup: Fetch detailed information about specific CVEs using Shodan's CVEDB
- CPE Lookup: Search for Common Platform Enumeration (CPE) entries by product name
- CVEs by Product: Search for all CVEs affecting a specific product or CPE
- DNS Lookup: Resolve hostnames to IP addresses
Tools
1. IP Lookup Tool
- Name:
ip_lookup - Description: Retrieve detailed information about an IP address
- Parameters:
ip(required): IP address to lookup
2. Search Tool
- Name:
search - Description: Search for devices on Shodan
- Parameters:
query(required): Shodan search querymax_results(optional, default: 10): Number of results to return
3. CVE Lookup Tool
- Name:
cve_lookup - Description: Fetch detailed information about CVEs using Shodan's CVEDB
- Parameters:
cve(required): CVE identifier in format CVE-YYYY-NNNNN (e.g., CVE-2021-44228)
- Returns:
- CVE details including:
- CVSS v2 and v3 scores
- EPSS score and ranking
- KEV status
- Proposed action
- Ransomware campaign information
- Affected products (CPEs)
- References
- CVE details including:
4. CPE Lookup Tool
- Name:
cpe_lookup - Description: Search for Common Platform Enumeration (CPE) entries by product name
- Parameters:
product(required): Name of the product to search forcount(optional, default: false): If true, returns only the count of matching CPEsskip(optional, default: 0): Number of CPEs to skip (for pagination)limit(optional, default: 1000): Maximum number of CPEs to return
- Returns:
- When count is true: Total number of matching CPEs
- When count is false: List of CPEs with pagination details
5. CVEs by Product Tool
- Name:
cves_by_product - Description: Search for CVEs affecting a specific product or CPE
- Parameters:
cpe23(optional): CPE 2.3 identifier (format: cpe:2.3:part:vendor:product:version)product(optional): Name of the product to search for CVEscount(optional, default: false): If true, returns only the count of matching CVEsis_kev(optional, default: false): If true, returns only CVEs with KEV flag setsort_by_epss(optional, default: false): If true, sorts CVEs by EPSS scoreskip(optional, default: 0): Number of CVEs to skip (for pagination)limit(optional, default: 1000): Maximum number of CVEs to returnstart_date(optional): Start date for filtering CVEs (format: YYYY-MM-DDTHH:MM:SS)end_date(optional): End date for filtering CVEs (format: YYYY-MM-DDTHH:MM:SS)
- Notes:
- Must provide either cpe23 or product, but not both
- Date filtering uses published time of CVEs
- Returns:
- When count is true: Total number of matching CVEs
- When count is false: List of CVEs with pagination details and query parameters
6. DNS Lookup Tool
- Name:
dns_lookup - Description: Resolve hostnames to IP addresses
- Parameters:
hostnames(required): Array of hostnames to resolve
Requirements
- Node.js (v18 or later)
- A valid Shodan API Key
Troubleshooting
API Key Issues
If you see API key related errors:
- Verify your API key:
- Should be a valid Shodan API key
- No extra spaces or quotes around the key
- Must be from your Shodan account settings
- After any configuration changes:
- Save the config file
- Restart Claude Desktop
Module Loading Issues
If you see module loading errors:
- For global installation: Use the simple configuration shown in Quick Start
- For source installation: Ensure you're using Node.js v18 or later
Development
To run in development mode with hot reloading:
Copy
npm run dev
Error Handling
The server includes comprehensive error handling for:
- Invalid API keys
- Rate limiting
- Network errors
- Invalid input parameters
- Invalid CVE formats
- Invalid CPE lookup parameters
- Invalid date formats
- Mutually exclusive parameter validation
Version History
- v1.0.7: Added CVEs by Product search functionality and renamed vulnerabilities tool to cve_lookup
- v1.0.6: Added CVEDB integration for enhanced CVE lookups and CPE search functionality
- v1.0.0: Initial release with core functionality
Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
License
This project is licensed under the MIT License - see the LICENSE file for details.
GitHub Badge
Glama performs regular codebase and documentation scans to:
- Confirm that the MCP server is working as expected.
- Confirm that there are no obvious security issues with dependencies of the server.
- Extract server characteristics such as tools, resources, prompts, and required parameters.
Our directory badge helps users to quickly asses that the MCP server is safe, server capabilities, and instructions for installing the server.
Copy the following code to your README.md file: