Shodan

v1.0.0Securitystable

Shodan MCP server for Claude, Cursor & VS Code. 20 tools for passive reconnaissance, CVE/CPE intelligence, DNS analysis, and device search. 4 tools work free without an API key. OSINT and vulnerability research from your IDE.

ai-agentclaudecursorcvecybersecurity
Share:
19
Stars
0
Downloads
0
Weekly
0/5

What is Shodan?

Shodan is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to shodan mcp server for claude, cursor & vs code. 20 tools for passive reconnaissance, cve/cpe intelligence, dns analysis, and device search. 4 tools work free without an api key. osint and vulnerabilit...

Shodan MCP server for Claude, Cursor & VS Code. 20 tools for passive reconnaissance, CVE/CPE intelligence, DNS analysis, and device search. 4 tools work free without an API key. OSINT and vulnerability research from your IDE.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Shodan MCP server for Claude, Cursor & VS Code. 20 tools for

Use Cases

Passive reconnaissance and OSINT
CVE/CPE intelligence and vulnerability research
Device search and DNS analysis
tobiasGuta

Maintainer

LicenseApache-2.0
Languagepython
Versionv1.0.0
UpdatedApr 24, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

NPM

npx -y shodan

Manual Installation

npx -y shodan

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Shodan

The Shodan MCP server integrates Shodan's internet-wide scan database directly into Claude, Cursor, and VS Code, enabling passive reconnaissance, CVE/CPE vulnerability intelligence, DNS analysis, and device search from within your AI coding environment. It exposes tools that resolve domains to full Shodan host reports (ports, services, CVEs with CVSS scores, geolocation, and ASN) without ever sending a packet to the target. Four tools work with a free Shodan account or no key at all, making it accessible for exploratory OSINT research as well as professional bug bounty and vulnerability research workflows.

Prerequisites

  • Python 3.10+ and Docker installed on your machine
  • A Shodan account and API key from https://account.shodan.io (4 tools work free; DNS enumeration requires a paid plan)
  • An MCP-compatible client such as Claude Desktop or Cursor
  • Optional: HackerOne scope snapshot files if you want the check_scope and list_programs tools for bounty program scoping
1

Clone the repository

Clone the shodan-mcp repository to your local machine.

git clone https://github.com/tobiasGuta/shodan-mcp.git
cd shodan-mcp
2

Build the Docker image

Build the container image that bundles all Python dependencies and the MCP server.

docker build -t shodan-mcp .
3

Obtain your Shodan API key

Log in to https://account.shodan.io and copy your API key from the account overview page. Free accounts can use shodan_host, shodan_search, check_scope, and list_programs. A paid membership unlocks shodan_dns for passive DNS enumeration.

4

Add the server to your MCP client configuration

Edit your claude_desktop_config.json to run the Docker container with your API key and optional snapshots directory passed as environment variables.

5

Restart Claude Desktop and verify

Restart Claude Desktop. Ask it to look up a domain using Shodan to confirm the connection works. The server will never send probes to the target — all data is retrieved from Shodan's pre-indexed scan data.

Shodan Examples

Client configuration

Claude Desktop configuration running the Shodan MCP server in Docker. Set SNAPSHOTS_DIR only if you have HackerOne scope files.

{
  "mcpServers": {
    "shodan": {
      "command": "docker",
      "args": [
        "run", "--rm", "-i",
        "-e", "SHODAN_API_KEY=YOUR_SHODAN_API_KEY",
        "-e", "SNAPSHOTS_DIR=/data/snapshots",
        "-v", "/path/to/snapshots:/data/snapshots",
        "shodan-mcp"
      ]
    }
  }
}

Prompts to try

Use passive Shodan intelligence to research hosts, find exposed services, and enumerate CVEs without touching the target.

- "Use shodan_host to get a full report on example.com including open ports and known CVEs."
- "Run shodan_dns on target.com to list all subdomains Shodan has observed."
- "Search Shodan for servers running Apache 2.4.49 to see how many are still exposed."
- "Check if api.example.com is in scope for a HackerOne program using check_scope."
- "Show me the ASN, geolocation, and service banners for 1.2.3.4 using shodan_host."

Troubleshooting Shodan

'Invalid API key' or authentication errors from Shodan

Double-check that SHODAN_API_KEY matches the key shown on your Shodan account page exactly. Free demo keys have very limited rate limits — if you see quota errors, upgrade to a membership plan or wait for the rate limit window to reset.

shodan_dns returns 'requires membership' error

Passive DNS enumeration via shodan_dns is restricted to paid Shodan membership plans. The four tools that work without a paid plan are shodan_host (for basic host lookup), shodan_search, check_scope, and list_programs.

Docker container exits immediately with no output

Run 'docker run --rm -it -e SHODAN_API_KEY=yourkey shodan-mcp' interactively to see error output. Common causes are a missing SHODAN_API_KEY variable or a Python dependency that failed to install during build — rebuild with 'docker build --no-cache -t shodan-mcp .' to clear the layer cache.

Frequently Asked Questions about Shodan

What is Shodan?

Shodan is a Model Context Protocol (MCP) server that shodan mcp server for claude, cursor & vs code. 20 tools for passive reconnaissance, cve/cpe intelligence, dns analysis, and device search. 4 tools work free without an api key. osint and vulnerability research from your ide. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Shodan?

Install via npm with the command: npx -y shodan. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).

Which AI clients work with Shodan?

Shodan works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Shodan free to use?

Yes, Shodan is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.

Shodan Alternatives — Similar Security Servers

Looking for alternatives to Shodan? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "shodan": { "command": "npx", "args": ["-y", "shodan"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Shodan?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides