Skip to main content
Glama
GangGreenTemperTatum

Shodan MCP Server

by GangGreenTemperTatum
OverviewSchemaRelated ServersScoreDiscussions
JavaScript
Remote

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
SHODAN_API_KEYYesYour Shodan API key, obtained from https://account.shodan.io/

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
shodan_host_search

Search Shodan for hosts matching a query. Returns detailed information about discovered hosts including IP addresses, ports, services, and vulnerabilities. Use for asset discovery and reconnaissance.

ICS/SCADA Examples:

  • "port:502 tag:ics" - Modbus industrial control systems

  • "port:502 Siemens" - Siemens SCADA/PLCs

  • "port:502 "Schneider Electric"" - Schneider Modbus devices

  • "port:44818 "Allen-Bradley"" - Rockwell EtherNet/IP

  • "port:20000 tag:ics" - DNP3 utility SCADA

  • "port:102 S7" - Siemens S7 PLCs

  • "port:47808 BACnet" - Building automation

  • "port:4840 "OPC UA"" - Modern ICS protocol

  • "port:502 org:"Electric"" - Power infrastructure

  • "port:502 country:US has_vuln:true" - Vulnerable Modbus in US

Effective Patterns:

  • Combine filters: "port:502 tag:ics country:US org:"Water""

  • Use facets for overview: facets="country,org,product"

  • Start broad, narrow down: "port:502" → "port:502 tag:ics" → "port:502 tag:ics Siemens"

shodan_host_info

Get detailed information about a specific host by IP address. Returns all services, open ports, vulnerabilities, and historical data.

shodan_dns_lookup

Perform DNS lookups to resolve domain names to IP addresses.

shodan_dns_reverse

Reverse DNS lookup to find hostnames associated with IP addresses.

shodan_api_info

Get information about the current API plan including query credits remaining and scan credits.

shodan_exploits_search

Search for exploits in the Shodan Exploits database. Useful for finding known exploits for specific CVEs or software. Critical for ICS/SCADA security assessments.

ICS/SCADA Exploit Examples:

  • "Modbus" - Modbus protocol exploits

  • "SCADA" - General SCADA vulnerabilities

  • "Siemens" - Siemens PLC/SCADA exploits

  • "Schneider Electric" - Schneider vulnerabilities

  • "Allen-Bradley" - Rockwell exploits

  • "CVE-2019-6575" - Modbus simulator vulnerability

  • "CVE-2020-15782" - BACnet buffer overflow

  • "type:remote platform:hardware" - Hardware-specific

  • "ICS" - Industrial Control System exploits

Common ICS CVE Searches:

  • Modbus vulnerabilities: Often memory corruption, authentication bypass

  • SCADA exploits: Remote code execution, denial of service

  • PLC exploits: Ladder logic manipulation, configuration changes

shodan_ports

Get a list of port numbers that Shodan crawls on the Internet. Useful for discovering what protocols are monitored.

Key ICS/SCADA Ports in Shodan:

  • 102: Siemens S7 PLCs

  • 502: Modbus TCP (most common ICS protocol)

  • 1911: Niagara Fox (building automation)

  • 2404: IEC 60870-5-104 (power systems)

  • 4840: OPC UA (modern ICS standard)

  • 20000: DNP3 (utilities/SCADA)

  • 44818: EtherNet/IP (Rockwell/Allen-Bradley)

  • 47808: BACnet (HVAC/building systems)

Use this to verify Shodan monitors your target protocol.

shodan_protocols

Get information about the protocols that Shodan supports for querying.

shodan_count

Get the total number of results for a search query without returning the actual results. Useful for scoping searches before running full queries to avoid wasting API credits.

Best Practice: Always use count first for large ICS/SCADA queries.

Example Workflow:

  1. Count: "port:502 tag:ics" → 50,000 results

  2. Narrow: "port:502 tag:ics country:US" → 15,000 results

  3. Refine: "port:502 tag:ics country:US org:"Electric"" → 500 results

  4. Then run full search on refined query

Use with facets to see distribution without burning credits on full results.

shodan_query_search

Search for saved Shodan queries shared by the community. Useful for discovering popular query patterns and learning effective search techniques.

Popular ICS/SCADA Query Topics:

  • "SCADA" - Find SCADA-related searches

  • "ICS" - Industrial control system queries

  • "Modbus" - Modbus protocol queries

  • "PLC" - Programmable logic controller searches

  • "industrial" - General industrial searches

  • "critical infrastructure" - Infrastructure queries

Use community queries to:

  • Learn effective search patterns

  • Discover new reconnaissance techniques

  • Find popular vulnerability searches

  • Get ideas for your own queries

shodan_query_tags

Get a list of popular tags for saved Shodan queries. Tags help discover trending search topics and common query categories.

Common ICS/SCADA Related Tags:

  • ics - Industrial Control Systems

  • scada - SCADA systems

  • industrial - Industrial equipment

  • malware - Malware-infected systems

  • webcam - IP cameras (often in facilities)

  • default - Default credentials/configs

Use to browse popular query categories and discover new search angles.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/GangGreenTemperTatum/shodan-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server