Shodan MCP Server

Instructions

Implementation Reference

• src/index.ts:1948-1968 (handler)

  Handler implementation for the 'get_kev_cves' tool in the CallToolRequestSchema switch statement. It extracts the limit parameter, calls cvedbClient.getKevCves(limit), and returns the result as JSON text.
  case "get_kev_cves": { const limit = request.params.arguments?.limit ? Number(request.params.arguments.limit) : 10; try { const kevCves = await cvedbClient.getKevCves(limit); return { content: [{ type: "text", text: JSON.stringify(kevCves, null, 2) }] }; } catch (error) { if (error instanceof McpError) { throw error; } throw new McpError( ErrorCode.InternalError, `Error getting KEV CVEs: ${(error as Error).message}` ); } }
• src/index.ts:766-783 (helper)

  Core helper function getKevCves in CVEDBClient class that makes API call to https://cvedb.shodan.io/cves?is_kev=true&limit=N to fetch Known Exploited Vulnerabilities.
  * Get Known Exploited Vulnerabilities (KEV) */ async getKevCves(limit: number = 10): Promise<any> { try { const response = await this.axiosInstance.get("/cves", { params: { is_kev: true, limit } }); return response.data; } catch (error: unknown) { if (axios.isAxiosError(error)) { throw new McpError( ErrorCode.InternalError, `CVEDB API error: ${error.response?.data?.error || error.message}` ); } throw error; } }
• src/index.ts:1252-1263 (registration)

  Tool registration entry in ListToolsRequestSchema response, defining name, description, and input schema for 'get_kev_cves'.
  { name: "get_kev_cves", description: "Get Known Exploited Vulnerabilities (KEV) from CISA", inputSchema: { type: "object", properties: { limit: { type: "number", description: "Maximum number of results to return (default: 10)" } } }
• src/index.ts:1255-1263 (schema)

  Input schema definition for the 'get_kev_cves' tool.
  inputSchema: { type: "object", properties: { limit: { type: "number", description: "Maximum number of results to return (default: 10)" } } }