A Model Context Protocol (MCP) server that exposes Shodan’s IP/DNS/CVE search APIs as structured tools.
https://github.com/BurtTheCoder/mcp-shodanStop tab-switching between Claude and Shodan's web interface. This MCP server puts Shodan's entire network intelligence database directly into your AI conversations, turning Claude into a powerful security research companion that can analyze threats, investigate IPs, and track vulnerabilities without breaking flow.
When you're deep in incident response or threat hunting, context switching kills momentum. You find a suspicious IP in logs, pivot to Shodan's website, run searches, copy-paste results back to your analysis tool, then try to remember where you were. This server eliminates that friction entirely.
With mcp-shodan, you can ask Claude: "What do we know about 203.0.113.42?" and get comprehensive intelligence including open ports, running services, geolocation, SSL certificates, and associated CVEs—all formatted for immediate analysis. Claude can then correlate that data with other findings, suggest investigation paths, and help you build a complete threat picture.
IP Deep Dive (ip_lookup)
Get everything about an IP: geolocation, open ports, running services, SSL certs, cloud provider details, and associated domains. Perfect for initial triage of suspicious addresses.
Device Discovery (shodan_search)
Search Shodan's database with sophisticated queries like apache country:US port:443 to find specific device types, vulnerable services, or infrastructure patterns. Includes country distribution stats for threat landscape analysis.
Vulnerability Intelligence (cve_lookup)
Instant CVE details including CVSS scores, EPSS probability ratings, KEV status, and affected products. Skip the NIST database lookups—get actionable vulnerability intel immediately.
DNS Operations (dns_lookup & reverse_dns_lookup)
Bulk forward and reverse DNS resolution for infrastructure mapping and domain enumeration during reconnaissance phases.
Product Vulnerability Tracking (cves_by_product & cpe_lookup)
Find all CVEs affecting specific software or search CPE databases for product identification. Essential for vulnerability management and software inventory security.
Incident Response: "Claude, investigate this IP from our firewall logs, check what services it's running, and identify any recent CVEs for those services."
Threat Hunting: "Search for exposed MongoDB instances in Eastern Europe and analyze their security posture based on banner information."
Infrastructure Assessment: "Look up our public IP ranges and identify what services are externally visible, then cross-reference any identified software versions with recent vulnerabilities."
Competitive Intelligence: "Map the network infrastructure of [target organization] and identify their technology stack from publicly available service banners."
The fastest path is via Smithery:
npx -y @smithery/cli install @burtthecoder/mcp-shodan --client claude
Add your Shodan API key to Claude's config, restart the desktop app, and you're operational. The server handles all API interactions, rate limiting, and error handling—you just focus on the intelligence gathering.
If you're building security tools, this server becomes your research backbone. Instead of implementing Shodan API calls in every project, you get consistent, structured intelligence data through Claude that you can easily integrate into reports, feeds, or automated systems.
The structured JSON output means Claude can help you transform raw reconnaissance data into executive summaries, technical reports, or threat intelligence feeds without additional parsing logic.
Built with comprehensive error handling for API rate limits, invalid keys, and network issues. Includes proper input validation for CVE formats, CPE lookups, and date ranges. The server maintains Shodan's rate limiting compliance while providing maximum query flexibility.
Whether you're a security researcher, penetration tester, or developer building security tooling, this MCP server transforms how you gather and analyze network intelligence. Stop switching contexts—let Claude become your security research partner.