Enables searching for Apache web servers across the internet, analyzing their configuration, and identifying potential vulnerabilities through Shodan's search capabilities
Enables DNS resolution and analysis of Facebook.com through the Shodan DNS lookup tools, allowing security professionals to retrieve information about Facebook's internet presence
Facilitates DNS operations for Google.com and retrieval of information about Google services exposed on the internet through Shodan's host information and DNS lookup capabilities
Supports identification and analysis of NGINX web servers, allowing security professionals to discover deployments and assess their configurations using Shodan's search functionality
Provides tools for malware analysis, URL scanning, IP reputation checking, domain threat intelligence, file hash analysis, and comprehensive threat reports through the VirusTotal API
ADEO CTI MCP Server
Developed by ADEO Cybersecurity Services
A Model Context Protocol (MCP) server that provides access to both Shodan and VirusTotal APIs for comprehensive security analysis and threat intelligence. This server, developed and maintained by ADEO Cybersecurity Services, enables cybersecurity analysts to perform network intelligence operations including host information lookup, DNS operations, vulnerability analysis, network scanning, and alerts management through a collection of tools and prompt templates.
About ADEO Cybersecurity Services
ADEO Cybersecurity Services specializes in providing advanced security solutions and tools for cybersecurity professionals. This ADEO CTI MCP Server is part of our commitment to enhancing cybersecurity capabilities through innovative tools and integrations with industry-leading security data sources.
Features
Shodan Capabilities
Detailed information about IP addresses including open ports, services, and location data
DNS lookup and reverse DNS operations
Domain information retrieval including subdomains
Advanced search capabilities with facets and filters
On-demand network scanning
Network alerts and monitoring
Vulnerability analysis and CVE tracking
Account and API management
Historical data access
VirusTotal Integration
Malware analysis and detection
URL scanning and reputation checking
IP address reputation analysis
Domain threat intelligence
File hash analysis
Comprehensive threat reports
Combined Analysis Features
Unified security analysis using both platforms
Correlated threat intelligence
Integrated vulnerability assessment
Cross-platform data enrichment
Enhanced Functionality
Rich data formatting and presentation
Intelligent workflow automation
Pre-built analysis templates
Custom search filters
Batch processing capabilities
Real-time monitoring
Tools
Shodan Tools
Host Information
host-info
Get detailed information about a host from Shodan
Parameters:
ip
(required): IP address to look uphistory
(optional): Include historical informationminify
(optional): Return only basic host information
Example:
@shodan host-info ip="8.8.8.8" history=true
DNS Operations
dns-lookup
Resolve hostnames to IP addresses
Parameters:
hostnames
(required): Comma-separated list of hostnames to resolve
Example:
@shodan dns-lookup hostnames="google.com,facebook.com"
reverse-dns
Look up hostnames for IP addresses
Parameters:
ips
(required): Comma-separated list of IP addresses
Example:
@shodan reverse-dns ips="8.8.8.8,1.1.1.1"
domain-info
Get DNS entries and subdomains for a domain
Parameters:
domain
(required): Domain name to look up
Example:
@shodan domain-info domain="example.com"
Search Operations
search-host
Search Shodan for hosts matching specific criteria
Parameters:
query
(required): Shodan search queryfacets
(optional): Comma-separated list of properties for summary informationpage
(optional): Page number for results
Example:
@shodan search-host query="apache country:DE" facets="org,port"
search-host-count
Get count of matching results without full details
Parameters:
query
(required): Shodan search queryfacets
(optional): Comma-separated list of facets
Example:
@shodan search-host-count query="product:nginx"
Search Utilities
list-search-facets
List all available search facets
No parameters required
list-search-filters
List all filters that can be used when searching
No parameters required
search-tokens
Analyze and break down search query components
Parameters:
query
(required): Shodan search query to analyze
Example:
@shodan search-tokens query="apache port:80 country:DE"
Network Information
list-ports
List all ports that Shodan is actively scanning
No parameters required
list-protocols
List all protocols available for scanning
No parameters required
Scanning Operations
request-scan
Request Shodan to scan specific targets
Parameters:
ips
(required): Comma-separated list of IPs or networks in CIDR notation
Example:
@shodan request-scan ips="192.168.1.0/24"
get-scan-status
Check the status of a submitted scan
Parameters:
id
(required): The unique scan ID
Example:
@shodan get-scan-status id="SCAN_ID"
list-scans
View all your submitted scans
No parameters required
Alert Management
list-triggers
List available network alert triggers
No parameters required
create-alert
Set up network monitoring alerts
Parameters:
name
(required): Alert namefilters
(required): Alert filtersexpires
(optional): Expiration time in seconds
Example:
@shodan create-alert name="My Alert" filters={"ip":["8.8.8.8"],"port":[80,443]}
get-alert-info
Get details about a specific alert
Parameters:
id
(required): Alert ID
Example:
@shodan get-alert-info id="ALERT_ID"
delete-alert
Remove an existing alert
Parameters:
id
(required): Alert ID to delete
edit-alert
Modify an existing alert
Parameters:
id
(required): Alert IDname
(optional): New alert namefilters
(optional): Updated filters
list-alerts
View all active alerts
No parameters required
Query Management
list-queries
View saved search queries
Parameters:
page
(optional): Results page numbersort
(optional): Sort by "votes" or "timestamp"order
(optional): "asc" or "desc"
search-queries
Search through saved queries
Parameters:
query
(required): Search termpage
(optional): Page number
list-query-tags
View popular query tags
Parameters:
size
(optional): Number of tags to return
Account Management
get-profile
View account information
No parameters required
get-api-info
Check API subscription status
No parameters required
get-billing
View billing information
No parameters required
get-http-headers
Check your request headers
No parameters required
get-my-ip
View your current IP address
No parameters required
Vulnerability Analysis
cve-lookup
Get CVE details
Parameters:
cve
(required): CVE ID (e.g., CVE-2021-44228)
Example:
@shodan cve-lookup cve="CVE-2021-44228"
cpe-vuln-search
Search vulnerabilities by CPE
Parameters:
cpe
(required): CPE 2.3 stringminCvss
(optional): Minimum CVSS scoremaxResults
(optional): Result limit
Example:
@shodan cpe-vuln-search cpe="cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:*" minCvss=7.0
VirusTotal Tools
URL Analysis
virustotal-url-analysis
Analyze URLs for security threats
Parameters:
url
(required): Target URL
Example:
@shodan virustotal-url-analysis url="https://example.com"
File Analysis
virustotal-file-analysis
Check file hashes for malware
Parameters:
hash
(required): MD5/SHA-1/SHA-256 hash
Example:
@shodan virustotal-file-analysis hash="a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"
IP Analysis
virustotal-ip-analysis
Check IP reputation
Parameters:
ip
(required): Target IP address
Example:
@shodan virustotal-ip-analysis ip="8.8.8.8"
Domain Analysis
virustotal-domain-analysis
Analyze domain reputation
Parameters:
domain
(required): Target domain
Example:
@shodan virustotal-domain-analysis domain="example.com"
MCP Server Prompts
The server provides a set of intelligent prompts for comprehensive cybersecurity analysis workflows:
Asset Discovery
Name:
asset-discovery
Description: Discover and analyze internet-facing assets and infrastructure
Parameters:
target
(required): Domain, IP address, or organization name to analyzedepth
(optional): Depth of reconnaissance ("basic" or "comprehensive")
Example:
@shodan asset-discovery target=example.com depth=comprehensive
Vulnerability Assessment
Name:
vulnerability-assessment
Description: Find vulnerabilities in internet-connected systems
Parameters:
target_type
(required): Type of target to analyze ("host", "domain", "cpe", "cve")target
(required): Target identifier (IP, domain, CPE string, or CVE ID)severity_threshold
(optional): Minimum severity threshold ("all", "medium", "high", "critical")include_vt_analysis
(optional): Include VirusTotal security analysis ("yes" or "no")
Example:
@shodan vulnerability-assessment target_type=host target=192.168.1.1 severity_threshold=high
Internet Search
Name:
internet-search
Description: Search for specific internet-connected systems or services
Parameters:
search_type
(required): Type of search ("service", "product", "vulnerability", "organization", "custom")query
(required): Search terms or Shodan query stringfilters
(optional): Additional Shodan filters to apply
Example:
@shodan internet-search search_type=product query="nginx" filters="country:US port:443"
Network Monitoring
Name:
network-monitoring
Description: Set up network monitoring and alerts
Parameters:
target
(required): IP, network range, or domain to monitormonitor_type
(required): Type of changes to monitor ("new-service", "vulnerability", "certificate", "custom")notification_threshold
(optional): Minimum severity for notifications ("all", "high", "critical")
Example:
@shodan network-monitoring target=192.168.0.0/24 monitor_type=vulnerability notification_threshold=high
ICS Analysis
Name:
ics-analysis
Description: Analyze exposed industrial control systems and SCADA devices
Parameters:
target_type
(required): Type of target to analyze ("ip", "network", "product", "country")target
(required): Target identifier (IP, network range, product name, or country code)protocol
(optional): Specific protocol to focus on
Example:
@shodan ics-analysis target_type=country target=US protocol=modbus
DNS Intelligence
Name:
dns-intelligence
Description: Analyze DNS information for domains and IP addresses
Parameters:
target_type
(required): Type of target to analyze ("domain", "ip", "hostname")target
(required): Domain name, IP address, or hostname to analyzeinclude_history
(optional): Include historical information ("yes" or "no")include_vt_analysis
(optional): Include VirusTotal security analysis ("yes" or "no")
Example:
@shodan dns-intelligence target_type=domain target=example.com include_vt_analysis=yes
Service Exposure Analysis
Name:
service-exposure
Description: Analyze specific service types exposed on the internet
Parameters:
service_type
(required): Type of service ("database", "webcam", "industrial", "remote-access", "custom")target_scope
(required): Scope of analysis ("global", "country", "organization", "ip-range")target
(optional): Target value based on scopecustom_query
(optional): Custom query for the 'custom' service typeinclude_vt_analysis
(optional): Include VirusTotal analysis ("yes" or "no")
Example:
@shodan service-exposure service_type=database target_scope=country target=US
Account Status
Name:
account-status
Description: Analyze account information and API usage status
Parameters:
info_type
(required): Type of information to retrieve ("profile", "api", "usage", "all")
Example:
@shodan account-status info_type=all
Scan Management
Name:
scan-management
Description: Manage and analyze on-demand network scans
Parameters:
action
(required): Scan action to perform ("initiate", "check", "list")target
(optional): Target IPs or networks to scan (comma-separated)scan_id
(optional): Scan ID for checking status
Example:
@shodan scan-management action=initiate target=192.168.1.0/24
Search Analytics
Name:
search-analytics
Description: Analyze Shodan search capabilities and patterns
Parameters:
action
(required): Type of analysis ("analyze-query", "explore-facets", "examine-filters", "saved-queries")query
(optional): Query to analyze (for analyze-query action)
Example:
@shodan search-analytics action=analyze-query query="apache country:DE port:443"
Vulnerability Hunting
Name:
vulnerability-hunting
Description: Hunt for specific vulnerabilities across the internet
Parameters:
vuln_type
(required): Type of vulnerability to hunt ("cve", "product", "service", "custom")target
(required): Vulnerability target (CVE ID, product name, service type)scope
(optional): Scope of the search ("global", "regional", "industry")scope_value
(optional): Value for scope (country, industry)
Example:
@shodan vulnerability-hunting vuln_type=cve target=CVE-2021-44228 scope=regional scope_value=US
Malware Analysis
Name:
malware-analysis
Description: Analyze files and URLs for malware and security threats
Parameters:
target_type
(required): Type of target to analyze ("file" or "url")target
(required): File hash (MD5/SHA1/SHA256) or URL to analyzeinclude_relationships
(optional): Include relationship data ("yes" or "no")
Example:
@shodan malware-analysis target_type=file target=a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
Infrastructure Analysis
Name:
infrastructure-analysis
Description: Analyze network infrastructure using combined Shodan and VirusTotal data
Parameters:
target_type
(required): Type of target to analyze ("ip" or "domain")target
(required): IP address or domain to analyzedepth
(optional): Analysis depth ("basic" or "comprehensive")include_vt_analysis
(optional): Include VirusTotal analysis ("yes" or "no")
Example:
@shodan infrastructure-analysis target_type=domain target=example.com depth=comprehensive
Threat Hunting
Name:
threat-hunting
Description: Hunt for threats across multiple data sources using combined intelligence
Parameters:
indicator_type
(required): Type of indicator ("ip", "domain", "url", "file")indicator
(required): Indicator value to investigateinclude_vt_analysis
(optional): Include VirusTotal analysis ("yes" or "no")
Example:
@shodan threat-hunting indicator_type=ip indicator=8.8.8.8 include_vt_analysis=yes
Environment Setup
Set required environment variables:
SHODAN_API_KEY=your_shodan_api_key VIRUSTOTAL_API_KEY=your_virustotal_api_keyInstall dependencies:
npm installBuild the project:
npm run buildStart the server:
npm start
API Rate Limits
Respect Shodan API limits based on your subscription
VirusTotal API has separate rate limits
Use batch operations when possible
Implement appropriate delay between requests
Error Handling
The server handles various error scenarios:
Invalid API keys
Rate limiting
Network issues
Invalid parameters
Missing permissions
Contributing
Fork the repository
Create a feature branch
Submit a pull request
License
Copyright © 2024 ADEO Cybersecurity Services. All rights reserved.
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
A Model Context Protocol server that provides access to Shodan and VirusTotal APIs for cybersecurity analysis, enabling analysts to perform network intelligence operations including host lookups, vulnerability analysis, and threat intelligence gathering.
Related MCP Servers
- -securityAlicense-qualityA Model Context Protocol server that enables AI assistants to search and retrieve information about security exploits and vulnerabilities from the Exploit Database, enhancing cybersecurity research capabilities.Last updated -11MIT License
- -securityFlicense-qualityThis is a Model Context Protocol (MCP) server that provides access to the Shodan API. It allows you to programmatically query Shodan for information about devices, vulnerabilities, and more.Last updated -1
- -securityAlicense-qualityA Model Context Protocol server that provides network analysis tools for security professionals, enabling AI models like Claude to perform tasks such as ASN lookups, DNS analysis, WHOIS retrieval, and IP geolocation for security investigations.Last updated -1Apache 2.0
- -securityFlicense-qualityA Model Context Protocol server that performs third-party threat intelligence enrichment for various observables (IP addresses, domains, URLs, emails) using services like VirusTotal, Shodan, and AbuseIPDB.Last updated -