Is Shodan Mcp safe to use?

Shodan Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.

How do I install Shodan Mcp?

Shodan Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Shodan Mcp do?

Shodan Mcp provides 20 tools: shodan-cve-lookup, shodan-search-cves, shodan-search-cpes, shodan-internetdb-lookup, shodan-ip-lookup and 15 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Shodan Mcp?

Shodan Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Shodan Mcp actively maintained?

Shodan Mcp is less actively maintained — last commit was 107 days ago. It has 19 GitHub stars.

Shodan Mcp

Name: Shodan Mcp
Author: Vorota-ai

by Vorota-ai

Shodan MCP server for Claude, Cursor & VS Code. 20 tools for passive reconnaissance, CVE/CPE intelligence, DNS analysis, and device search. 4 tools work free without an API key. OSINT and vulnerability research from your IDE.

19 20 tools GitHub

No known CVEs

Apache-2.0 license

Maintained

Last commit 107d ago

Works with most clients

Transport: stdio, sse, http

20 tools · ~930 tok

Grade B · 0.5% of 200K ctx

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "shodan-mcp": {
      "env": {
        "SHODAN_API_KEY": "your-api-key-here"
      },
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "SHODAN_API_KEY",
        "shodan-mcp"
      ],
      "command": "docker"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/shodan-mcp)](https://mcppedia.org/s/shodan-mcp)

Read me

What Shodan Mcp does

shodan-mcp is a Model Context Protocol (MCP) server that gives AI agents like Claude, Cursor, and GitHub Copilot direct access to Shodan -- the world's search engine for internet-connected devices. Built by Vorota AI.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

63/100across 5 weighted dimensions

How we score →

0255075100

−37

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (20)

Click any tool to inspect its schema.

~930 tokens total

Inventory

Prompts (9)

What's my external IP address?

Get your external IP address as seen by Shodan

What are the details of CVE-2021-44228?

Look up a specific CVE with CVSS scores and exploit information

Search for CVEs related to Apache HTTP Server sorted by EPSS score

Search CVEs with filtering and sorting by exploit prediction score

Look up CPE identifiers for nginx

Search CPE identifiers by product name

Do a quick InternetDB lookup on my server's IP

Fast free IP intelligence lookup

What DNS records exist for my company's domain?

Domain reconnaissance including DNS records

Resolve the hostname myapp.example.com to an IP address

Resolve hostnames to IP addresses

What search filters are available in Shodan?

List available search filters

Check my Shodan API plan and remaining query credits

Check API key usage and plan details

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Shodan Mcp safe to use?: Shodan Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Shodan Mcp?: Shodan Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Shodan Mcp do?: Shodan Mcp provides 20 tools: shodan-cve-lookup, shodan-search-cves, shodan-search-cpes, shodan-internetdb-lookup, shodan-ip-lookup and 15 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Shodan Mcp?: Shodan Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Shodan Mcp actively maintained?: Shodan Mcp is less actively maintained — last commit was 107 days ago. It has 19 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for Shodan Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "shodan-mcp": {
      "env": {
        "SHODAN_API_KEY": "your-api-key-here"
      },
      "args": [
        "run",
        "--rm",
        "-i",
        "-e",
        "SHODAN_API_KEY",
        "shodan-mcp"
      ],
      "command": "docker"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/shodan-mcp)](https://mcppedia.org/s/shodan-mcp)

Read me

What Shodan Mcp does

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Shodan MCP Server -- AI-Powered Internet Intelligence for Claude, Cursor & VS Code

shodan-mcp is a Model Context Protocol (MCP) server that gives AI agents like Claude, Cursor, and GitHub Copilot direct access to Shodan -- the world's search engine for internet-connected devices. Built by Vorota AI.

20 tools for passive reconnaissance, vulnerability intelligence, DNS analysis, and device search -- all from your IDE. No packets sent to any target.

Quick Start

docker build -t shodan-mcp https://github.com/vorotaai/shodan-mcp.git

Add to your MCP client (Claude Desktop, Cursor, VS Code, etc.):

{
  "mcpServers": {
    "shodan-mcp": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "-e", "SHODAN_API_KEY", "shodan-mcp"],
      "env": {
        "SHODAN_API_KEY": "your-api-key-here"
      }
    }
  }
}

4 tools work immediately with no API key -- CVE lookup, CVE search, CPE search, and InternetDB. Get a Shodan API key at account.shodan.io to unlock all 20 tools.

Available Tools

Free Tools (No API Key Required)

Tool	Description
`shodan-cve-lookup`	Look up any CVE -- CVSS v3 scores, EPSS exploit prediction, references, affected CPEs
`shodan-search-cves`	Search CVEs with filters -- CISA KEV catalog, EPSS sorting, date ranges
`shodan-search-cpes`	Search CPE identifiers by product name (e.g., "apache", "nginx")
`shodan-internetdb-lookup`	Fast free IP intelligence -- open ports, vulns, hostnames, CPEs, tags

Reconnaissance Tools (API Key Required)

Tool	Description
`shodan-ip-lookup`	Full IP reconnaissance -- ports, services, banners, geolocation, vulns, ISP/org, ASN
`shodan-search`	Search Shodan's database of billions of devices with powerful query syntax
`shodan-search-count`	Count search results without consuming query credits
`shodan-dns-resolve`	Resolve hostnames to IP addresses
`shodan-dns-reverse`	Reverse DNS lookup for IP addresses
`shodan-domain-info`	Domain reconnaissance -- subdomains, DNS records, tags
`shodan-honeypot-score`	Detect if an IP is a honeypot (0.0 = real, 1.0 = honeypot)

Utility Tools (API Key Required)

Tool	Description
`shodan-api-info`	Check API key usage -- plan type, remaining credits
`shodan-my-ip`	Get your external IP address as seen by Shodan
`shodan-account-profile`	Account membership, credits, display name
`shodan-list-facets`	List available search facets for query breakdowns
`shodan-list-filters`	List available search filters
`shodan-parse-query`	Analyze and debug search queries
`shodan-list-ports`	List port numbers Shodan crawlers scan
`shodan-list-protocols`	List protocols for on-demand scanning
`shodan-http-headers`	Show HTTP headers your client sends

Features

20 tools covering IP recon, device search, CVE/CPE intelligence, DNS, domain analysis, and honeypot detection
4 free tools that work with zero configuration -- no API key, no signup
Passive reconnaissance -- all queries hit Shodan's pre-indexed database, no packets touch any target
Structured Pydantic output -- every tool returns ty

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

63/100across 5 weighted dimensions

How we score →

0255075100

−37

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (20)

Click any tool to inspect its schema.

~930 tokens total

Inventory

Prompts (9)

What's my external IP address?

Get your external IP address as seen by Shodan

What are the details of CVE-2021-44228?

Look up a specific CVE with CVSS scores and exploit information

Search for CVEs related to Apache HTTP Server sorted by EPSS score

Search CVEs with filtering and sorting by exploit prediction score

Look up CPE identifiers for nginx

Search CPE identifiers by product name

Do a quick InternetDB lookup on my server's IP

Fast free IP intelligence lookup

What DNS records exist for my company's domain?

Domain reconnaissance including DNS records

Resolve the hostname myapp.example.com to an IP address

Resolve hostnames to IP addresses

What search filters are available in Shodan?

List available search filters

Check my Shodan API plan and remaining query credits

Check API key usage and plan details

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Shodan Mcp safe to use?: Shodan Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Shodan Mcp?: Shodan Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Shodan Mcp do?: Shodan Mcp provides 20 tools: shodan-cve-lookup, shodan-search-cves, shodan-search-cpes, shodan-internetdb-lookup, shodan-ip-lookup and 15 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Shodan Mcp?: Shodan Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Shodan Mcp actively maintained?: Shodan Mcp is less actively maintained — last commit was 107 days ago. It has 19 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for Shodan Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?