Shodan

Name: Shodan
Author: BurtTheCoder

BurtTheCoder/mcp-shodan

Let your agent query Shodan for exposed services, DNS, and CVE context while you harden or assess a product before and after launch.

Overview

Shodan MCP is a Ship-phase MCP server that connects agents to Shodan for device search, IP and DNS lookup, and CVE/CPE queries.

What is this MCP server?

Device and internet-wide host search via Shodan API from the agent
IP lookup and DNS-oriented queries for infrastructure triage
CVE and CPE query helpers for vulnerability context
stdio MCP via @burtthecoder/mcp-shodan (v1.0.22)
Requires SHODAN_API_KEY secret in environment
MCP package version 1.0.22
Tool families: device search, IP lookup, DNS, CVE/CPE
Required secret: SHODAN_API_KEY

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 135 GitHub stars.

What problem does it solve?

Security checks against live internet data are tedious outside the agent, so exposure and CVE questions stall shipping and review loops.

Who is it for?

Solo builders doing launch-prep or infra reviews who already have or will get a Shodan API key and want agent-driven recon.

Skip if: Builders with no authorization to scan third-party assets, no budget for Shodan, or needs limited to static code analysis only.

What do I get? / Deliverables

After adding the server with a Shodan API key, your agent can answer host exposure and vulnerability questions in-line during security reviews.

Agent-callable Shodan search, IP, DNS, and CVE/CPE tools
Faster in-chat security recon during reviews
Documented API-backed answers suitable for triage notes

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Shodan fits Ship security first because solo builders use it for exposure checks and vuln intelligence before trusting production URLs and infra. Security subphase is the canonical shelf: the server wraps Shodan device search, IP lookup, DNS, and CVE/CPE tools for defensive recon—not generic app coding.

How it compares

Shodan API MCP bridge, not a replacement for formal penetration testing or SAST skills.

Common Questions / FAQ

Who is Shodan MCP for?

Developers and indie operators who use MCP agents and need Shodan-powered internet intelligence during security or infra work.

When should I use Shodan MCP?

Use it during ship security reviews, scope checks on exposed services, or operate-time investigations of IPs and CVEs tied to your stack.

How do I add Shodan MCP to my agent?

Install @burtthecoder/mcp-shodan, set SHODAN_API_KEY in the MCP server environment, add the stdio server to your agent config, and restart.

Shodan

BurtTheCoder/mcp-shodan

Let your agent query Shodan for exposed services, DNS, and CVE context while you harden or assess a product before and after launch.

Overview

Shodan MCP is a Ship-phase MCP server that connects agents to Shodan for device search, IP and DNS lookup, and CVE/CPE queries.

What is this MCP server?

Device and internet-wide host search via Shodan API from the agent
IP lookup and DNS-oriented queries for infrastructure triage
CVE and CPE query helpers for vulnerability context
stdio MCP via @burtthecoder/mcp-shodan (v1.0.22)
Requires SHODAN_API_KEY secret in environment
MCP package version 1.0.22
Tool families: device search, IP lookup, DNS, CVE/CPE
Required secret: SHODAN_API_KEY

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 135 GitHub stars.

What problem does it solve?

Security checks against live internet data are tedious outside the agent, so exposure and CVE questions stall shipping and review loops.

Who is it for?

Solo builders doing launch-prep or infra reviews who already have or will get a Shodan API key and want agent-driven recon.

Skip if: Builders with no authorization to scan third-party assets, no budget for Shodan, or needs limited to static code analysis only.

What do I get? / Deliverables

After adding the server with a Shodan API key, your agent can answer host exposure and vulnerability questions in-line during security reviews.

Agent-callable Shodan search, IP, DNS, and CVE/CPE tools
Faster in-chat security recon during reviews
Documented API-backed answers suitable for triage notes

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Shodan API MCP bridge, not a replacement for formal penetration testing or SAST skills.

Common Questions / FAQ

Who is Shodan MCP for?

Developers and indie operators who use MCP agents and need Shodan-powered internet intelligence during security or infra work.

When should I use Shodan MCP?

Use it during ship security reviews, scope checks on exposed services, or operate-time investigations of IPs and CVEs tied to your stack.

How do I add Shodan MCP to my agent?

Install @burtthecoder/mcp-shodan, set SHODAN_API_KEY in the MCP server environment, add the stdio server to your agent config, and restart.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Shodan MCP for?

When should I use Shodan MCP?

How do I add Shodan MCP to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Shodan MCP for?

When should I use Shodan MCP?

How do I add Shodan MCP to my agent?