shodan-mcp

概述

Shodan MCP服务器将Shodan的互联网情报数据库直接集成到Claude、Cursor和VS Code等AI客户端中。它既提供无需API密钥的免费工具，也提供用于全面侦察的高级工具。服务器使用Pydantic模型提供结构化输出，并包含输入验证以确保安全操作。所有查询都是被动式的，意味着不会向目标系统直接发送数据包。

试试问 AI

装完之后，这里有 4 个你可以让 AI 做的事：

• shodan-cve-lookup

  Look up any CVE -- CVSS v3 scores, EPSS exploit prediction, references, affected CPEs

  试试:What are the details of CVE-2021-44228?试试:Show me information about CVE-2023-38408
• shodan-search-cves

  Search CVEs with filters -- CISA KEV catalog, EPSS sorting, date ranges

  试试:Search for CVEs related to Apache HTTP Server sorted by EPSS score试试:Find all critical CVEs from the past month
• shodan-search-cpes

  Search CPE identifiers by product name (e.g., 'apache', 'nginx')

  试试:Look up CPE identifiers for nginx试试:Find CPEs for Microsoft Windows Server
• shodan-internetdb-lookup

  Fast free IP intelligence -- open ports, vulns, hostnames, CPEs, tags

  试试:Do a quick InternetDB lookup on my server's IP试试:What vulnerabilities are associated with 8.8.8.8?
• shodan-ip-lookup

  Full IP reconnaissance -- ports, services, banners, geolocation, vulns, ISP/org, ASN

  试试:What services are running on 93.184.216.34?试试:Show me detailed information about this IP address
• shodan-search

  Search Shodan's database of billions of devices with powerful query syntax

  试试:Find all exposed webcams with default passwords试试:Search for vulnerable IoT devices in my country
• shodan-dns-resolve

  Resolve hostnames to IP addresses

  试试:What IP address does google.com resolve to?试试:Resolve the hostname myapp.example.com to an IP address
• shodan-domain-info

  Domain reconnaissance -- subdomains, DNS records, tags

  试试:What DNS records exist for my company's domain?试试:Show me all subdomains for example.com
• shodan-honeypot-score

  Detect if an IP is a honeypot (0.0 = real, 1.0 = honeypot)

  试试:Is this IP address a honeypot?试试:Check the honeypot score for 45.33.32.156
• shodan-api-info

  Check API key usage -- plan type, remaining credits

  试试:Check my Shodan API plan and remaining query credits试试:How many API queries do I have left?
• shodan-my-ip

  Get your external IP address as seen by Shodan

  试试:What's my external IP address?试试:Show me the IP address that Shodan sees for my connection
• shodan-list-filters

  List available search filters

  试试:What search filters are available in Shodan?试试:Show me all the filters I can use in searches

可对比工具

安装

docker build -t shodan-mcp https://github.com/vorotaai/shodan-mcp.git

git clone https://github.com/vorotaai/shodan-mcp.git
cd shodan-mcp
uv sync --all-groups
shodan-mcp

git clone https://github.com/vorotaai/shodan-mcp.git
cd shodan-mcp
pip install .
shodan-mcp

{
  "mcpServers": {
    "shodan-mcp": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "-e", "SHODAN_API_KEY", "shodan-mcp"],
      "env": {
        "SHODAN_API_KEY": "your-api-key-here"
      }
    }
  }
}

FAQ

我需要Shodan API密钥吗？

不需要。有4个工具可以在没有密钥的情况下立即使用：CVE查找、CVE搜索、CPE搜索和InternetDB。免费API密钥可以解锁其余的16个工具。

它安全吗？

是的。所有查询都是被动式的（不会向目标发送数据包），输入经过验证，API密钥绝不会在错误消息中暴露。

shodan-mcp 对比