@burtthecoder/mcp-shodan 1.0.8 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +197 -200
  3. package/build/index.js +0 -0
  4. package/package.json +8 -5
package/LICENSE CHANGED
@@ -1,21 +1,21 @@
1
- MIT License
2
-
3
- Copyright (c) 2024 Burt
4
-
5
- Permission is hereby granted, free of charge, to any person obtaining a copy
6
- of this software and associated documentation files (the "Software"), to deal
7
- in the Software without restriction, including without limitation the rights
8
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
- copies of the Software, and to permit persons to whom the Software is
10
- furnished to do so, subject to the following conditions:
11
-
12
- The above copyright notice and this permission notice shall be included in all
13
- copies or substantial portions of the Software.
14
-
15
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
- SOFTWARE.
1
+ MIT License
2
+
3
+ Copyright (c) 2024 Burt
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md CHANGED
@@ -1,200 +1,197 @@
1
- # Shodan MCP Server
2
-
3
- A Model Context Protocol (MCP) server for querying the [Shodan API](https://shodan.io) and [Shodan CVEDB](https://cvedb.shodan.io). This server provides tools for IP lookups, device searches, DNS lookups, vulnerability queries, CPE lookups, and more. It is designed to integrate seamlessly with MCP-compatible applications like [Claude Desktop](https://claude.ai).
4
-
5
- ## Features
6
-
7
- - **IP Lookup**: Retrieve detailed information about an IP address
8
- - **Search**: Search for devices on Shodan matching specific queries
9
- - **Ports**: Get a list of ports that Shodan is scanning
10
- - **CVE Lookup**: Fetch detailed information about specific CVEs using Shodan's CVEDB
11
- - **CPE Lookup**: Search for Common Platform Enumeration (CPE) entries by product name
12
- - **CVEs by Product**: Search for all CVEs affecting a specific product or CPE
13
- - **DNS Lookup**: Resolve hostnames to IP addresses
14
-
15
- ## Tools
16
-
17
- ### 1. IP Lookup Tool
18
- - Name: `ip_lookup`
19
- - Description: Retrieve detailed information about an IP address
20
- - Parameters:
21
- * `ip` (required): IP address to lookup
22
-
23
- ### 2. Search Tool
24
- - Name: `search`
25
- - Description: Search for devices on Shodan
26
- - Parameters:
27
- * `query` (required): Shodan search query
28
- * `max_results` (optional, default: 10): Number of results to return
29
-
30
- ### 3. CVE Lookup Tool
31
- - Name: `cve_lookup`
32
- - Description: Fetch detailed information about CVEs using Shodan's CVEDB
33
- - Parameters:
34
- * `cve` (required): CVE identifier in format CVE-YYYY-NNNNN (e.g., CVE-2021-44228)
35
- - Returns:
36
- * CVE details including:
37
- - CVSS v2 and v3 scores
38
- - EPSS score and ranking
39
- - KEV status
40
- - Proposed action
41
- - Ransomware campaign information
42
- - Affected products (CPEs)
43
- - References
44
-
45
- ### 4. CPE Lookup Tool
46
- - Name: `cpe_lookup`
47
- - Description: Search for Common Platform Enumeration (CPE) entries by product name
48
- - Parameters:
49
- * `product` (required): Name of the product to search for
50
- * `count` (optional, default: false): If true, returns only the count of matching CPEs
51
- * `skip` (optional, default: 0): Number of CPEs to skip (for pagination)
52
- * `limit` (optional, default: 1000): Maximum number of CPEs to return
53
- - Returns:
54
- * When count is true: Total number of matching CPEs
55
- * When count is false: List of CPEs with pagination details
56
-
57
- ### 5. CVEs by Product Tool
58
- - Name: `cves_by_product`
59
- - Description: Search for CVEs affecting a specific product or CPE
60
- - Parameters:
61
- * `cpe23` (optional): CPE 2.3 identifier (format: cpe:2.3:part:vendor:product:version)
62
- * `product` (optional): Name of the product to search for CVEs
63
- * `count` (optional, default: false): If true, returns only the count of matching CVEs
64
- * `is_kev` (optional, default: false): If true, returns only CVEs with KEV flag set
65
- * `sort_by_epss` (optional, default: false): If true, sorts CVEs by EPSS score
66
- * `skip` (optional, default: 0): Number of CVEs to skip (for pagination)
67
- * `limit` (optional, default: 1000): Maximum number of CVEs to return
68
- * `start_date` (optional): Start date for filtering CVEs (format: YYYY-MM-DDTHH:MM:SS)
69
- * `end_date` (optional): End date for filtering CVEs (format: YYYY-MM-DDTHH:MM:SS)
70
- - Notes:
71
- * Must provide either cpe23 or product, but not both
72
- * Date filtering uses published time of CVEs
73
- - Returns:
74
- * When count is true: Total number of matching CVEs
75
- * When count is false: List of CVEs with pagination details and query parameters
76
-
77
- ### 6. DNS Lookup Tool
78
- - Name: `dns_lookup`
79
- - Description: Resolve hostnames to IP addresses
80
- - Parameters:
81
- * `hostnames` (required): Array of hostnames to resolve
82
-
83
- ## Requirements
84
-
85
- - Node.js (v18 or later)
86
- - A valid [Shodan API Key](https://account.shodan.io/)
87
-
88
- ## Setup Guide
89
-
90
- ### 1. Installation
91
-
92
- ```bash
93
- git clone <repository_url>
94
- cd mcp-shodan
95
- npm install
96
- ```
97
-
98
- ### 2. Configuration
99
-
100
- Create a `.env` file in the root directory:
101
- ```
102
- SHODAN_API_KEY=your_shodan_api_key
103
- ```
104
-
105
- ### 3. Build and Run
106
-
107
- ```bash
108
- npm run build
109
- npm start
110
- ```
111
-
112
- ### 4. Configure Claude Desktop
113
-
114
- There are two ways to configure the Shodan MCP server in Claude Desktop:
115
-
116
- #### Option 1: Direct Node Execution (Local Development)
117
- ```json
118
- {
119
- "mcpServers": {
120
- "shodan-mcp": {
121
- "command": "node",
122
- "args": ["path/to/mcp-shodan/build/index.js"],
123
- "env": {
124
- "SHODAN_API_KEY": "your_shodan_api_key",
125
- "DEBUG": "*"
126
- }
127
- }
128
- }
129
- }
130
- ```
131
-
132
- #### Option 2: NPX Installation (Recommended for Users)
133
- ```json
134
- {
135
- "mcpServers": {
136
- "shodan-mcp": {
137
- "command": "npm",
138
- "args": ["exec", "@burtthecoder/mcp-shodan"],
139
- "env": {
140
- "SHODAN_API_KEY": "your_shodan_api_key",
141
- "DEBUG": "*"
142
- }
143
- }
144
- }
145
- }
146
- ```
147
-
148
- The npm exec method automatically downloads and runs the latest version of the package from npm.
149
-
150
- Configuration file location:
151
-
152
- Windows: %APPDATA%\Claude\claude_desktop_config.json
153
- macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
154
-
155
- ## Usage
156
-
157
- 1. Start the MCP server:
158
- ```bash
159
- npm start
160
- ```
161
-
162
- 2. Launch Claude Desktop and ensure the Shodan MCP server is detected
163
- 3. Use any of the available tools through the Claude interface
164
-
165
- ## Development
166
-
167
- To run in development mode with hot reloading:
168
- ```bash
169
- npm run dev
170
- ```
171
-
172
- ## Error Handling
173
-
174
- The server includes comprehensive error handling for:
175
- - Invalid API keys
176
- - Rate limiting
177
- - Network errors
178
- - Invalid input parameters
179
- - Invalid CVE formats
180
- - Invalid CPE lookup parameters
181
- - Invalid date formats
182
- - Mutually exclusive parameter validation
183
-
184
- ## Version History
185
-
186
- - v1.0.7: Added CVEs by Product search functionality and renamed vulnerabilities tool to cve_lookup
187
- - v1.0.6: Added CVEDB integration for enhanced CVE lookups and CPE search functionality
188
- - v1.0.0: Initial release with core functionality
189
-
190
- ## Contributing
191
-
192
- 1. Fork the repository
193
- 2. Create a feature branch (`git checkout -b feature/amazing-feature`)
194
- 3. Commit your changes (`git commit -m 'Add amazing feature'`)
195
- 4. Push to the branch (`git push origin feature/amazing-feature`)
196
- 5. Open a Pull Request
197
-
198
- ## License
199
-
200
- This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
1
+ # Shodan MCP Server
2
+
3
+ A Model Context Protocol (MCP) server for querying the [Shodan API](https://shodan.io) and [Shodan CVEDB](https://cvedb.shodan.io). This server provides tools for IP lookups, device searches, DNS lookups, vulnerability queries, CPE lookups, and more. It is designed to integrate seamlessly with MCP-compatible applications like [Claude Desktop](https://claude.ai).
4
+
5
+ ## Quick Start (Recommended)
6
+
7
+ 1. Install the server globally via npm:
8
+ ```bash
9
+ npm install -g @burtthecoder/mcp-shodan
10
+ ```
11
+
12
+ 2. Add to your Claude Desktop configuration file:
13
+ ```json
14
+ {
15
+ "mcpServers": {
16
+ "shodan": {
17
+ "command": "mcp-shodan",
18
+ "env": {
19
+ "SHODAN_API_KEY": "your-shodan-api-key"
20
+ }
21
+ }
22
+ }
23
+ }
24
+ ```
25
+
26
+ Configuration file location:
27
+ - macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`
28
+ - Windows: `%APPDATA%\Claude\claude_desktop_config.json`
29
+
30
+ 3. Restart Claude Desktop
31
+
32
+ ## Alternative Setup (From Source)
33
+
34
+ If you prefer to run from source or need to modify the code:
35
+
36
+ 1. Clone and build:
37
+ ```bash
38
+ git clone https://github.com/BurtTheCoder/mcp-shodan.git
39
+ cd mcp-shodan
40
+ npm install
41
+ npm run build
42
+ ```
43
+
44
+ 2. Add to your Claude Desktop configuration:
45
+ ```json
46
+ {
47
+ "mcpServers": {
48
+ "shodan": {
49
+ "command": "node",
50
+ "args": ["/absolute/path/to/mcp-shodan/build/index.js"],
51
+ "env": {
52
+ "SHODAN_API_KEY": "your-shodan-api-key"
53
+ }
54
+ }
55
+ }
56
+ }
57
+ ```
58
+
59
+ ## Features
60
+
61
+ - **IP Lookup**: Retrieve detailed information about an IP address
62
+ - **Search**: Search for devices on Shodan matching specific queries
63
+ - **Ports**: Get a list of ports that Shodan is scanning
64
+ - **CVE Lookup**: Fetch detailed information about specific CVEs using Shodan's CVEDB
65
+ - **CPE Lookup**: Search for Common Platform Enumeration (CPE) entries by product name
66
+ - **CVEs by Product**: Search for all CVEs affecting a specific product or CPE
67
+ - **DNS Lookup**: Resolve hostnames to IP addresses
68
+
69
+ ## Tools
70
+
71
+ ### 1. IP Lookup Tool
72
+ - Name: `ip_lookup`
73
+ - Description: Retrieve detailed information about an IP address
74
+ - Parameters:
75
+ * `ip` (required): IP address to lookup
76
+
77
+ ### 2. Search Tool
78
+ - Name: `search`
79
+ - Description: Search for devices on Shodan
80
+ - Parameters:
81
+ * `query` (required): Shodan search query
82
+ * `max_results` (optional, default: 10): Number of results to return
83
+
84
+ ### 3. CVE Lookup Tool
85
+ - Name: `cve_lookup`
86
+ - Description: Fetch detailed information about CVEs using Shodan's CVEDB
87
+ - Parameters:
88
+ * `cve` (required): CVE identifier in format CVE-YYYY-NNNNN (e.g., CVE-2021-44228)
89
+ - Returns:
90
+ * CVE details including:
91
+ - CVSS v2 and v3 scores
92
+ - EPSS score and ranking
93
+ - KEV status
94
+ - Proposed action
95
+ - Ransomware campaign information
96
+ - Affected products (CPEs)
97
+ - References
98
+
99
+ ### 4. CPE Lookup Tool
100
+ - Name: `cpe_lookup`
101
+ - Description: Search for Common Platform Enumeration (CPE) entries by product name
102
+ - Parameters:
103
+ * `product` (required): Name of the product to search for
104
+ * `count` (optional, default: false): If true, returns only the count of matching CPEs
105
+ * `skip` (optional, default: 0): Number of CPEs to skip (for pagination)
106
+ * `limit` (optional, default: 1000): Maximum number of CPEs to return
107
+ - Returns:
108
+ * When count is true: Total number of matching CPEs
109
+ * When count is false: List of CPEs with pagination details
110
+
111
+ ### 5. CVEs by Product Tool
112
+ - Name: `cves_by_product`
113
+ - Description: Search for CVEs affecting a specific product or CPE
114
+ - Parameters:
115
+ * `cpe23` (optional): CPE 2.3 identifier (format: cpe:2.3:part:vendor:product:version)
116
+ * `product` (optional): Name of the product to search for CVEs
117
+ * `count` (optional, default: false): If true, returns only the count of matching CVEs
118
+ * `is_kev` (optional, default: false): If true, returns only CVEs with KEV flag set
119
+ * `sort_by_epss` (optional, default: false): If true, sorts CVEs by EPSS score
120
+ * `skip` (optional, default: 0): Number of CVEs to skip (for pagination)
121
+ * `limit` (optional, default: 1000): Maximum number of CVEs to return
122
+ * `start_date` (optional): Start date for filtering CVEs (format: YYYY-MM-DDTHH:MM:SS)
123
+ * `end_date` (optional): End date for filtering CVEs (format: YYYY-MM-DDTHH:MM:SS)
124
+ - Notes:
125
+ * Must provide either cpe23 or product, but not both
126
+ * Date filtering uses published time of CVEs
127
+ - Returns:
128
+ * When count is true: Total number of matching CVEs
129
+ * When count is false: List of CVEs with pagination details and query parameters
130
+
131
+ ### 6. DNS Lookup Tool
132
+ - Name: `dns_lookup`
133
+ - Description: Resolve hostnames to IP addresses
134
+ - Parameters:
135
+ * `hostnames` (required): Array of hostnames to resolve
136
+
137
+ ## Requirements
138
+
139
+ - Node.js (v18 or later)
140
+ - A valid [Shodan API Key](https://account.shodan.io/)
141
+
142
+ ## Troubleshooting
143
+
144
+ ### API Key Issues
145
+
146
+ If you see API key related errors:
147
+
148
+ 1. Verify your API key:
149
+ - Should be a valid Shodan API key
150
+ - No extra spaces or quotes around the key
151
+ - Must be from your Shodan account settings
152
+ 2. After any configuration changes:
153
+ - Save the config file
154
+ - Restart Claude Desktop
155
+
156
+ ### Module Loading Issues
157
+
158
+ If you see module loading errors:
159
+ 1. For global installation: Use the simple configuration shown in Quick Start
160
+ 2. For source installation: Ensure you're using Node.js v18 or later
161
+
162
+ ## Development
163
+
164
+ To run in development mode with hot reloading:
165
+ ```bash
166
+ npm run dev
167
+ ```
168
+
169
+ ## Error Handling
170
+
171
+ The server includes comprehensive error handling for:
172
+ - Invalid API keys
173
+ - Rate limiting
174
+ - Network errors
175
+ - Invalid input parameters
176
+ - Invalid CVE formats
177
+ - Invalid CPE lookup parameters
178
+ - Invalid date formats
179
+ - Mutually exclusive parameter validation
180
+
181
+ ## Version History
182
+
183
+ - v1.0.7: Added CVEs by Product search functionality and renamed vulnerabilities tool to cve_lookup
184
+ - v1.0.6: Added CVEDB integration for enhanced CVE lookups and CPE search functionality
185
+ - v1.0.0: Initial release with core functionality
186
+
187
+ ## Contributing
188
+
189
+ 1. Fork the repository
190
+ 2. Create a feature branch (`git checkout -b feature/amazing-feature`)
191
+ 3. Commit your changes (`git commit -m 'Add amazing feature'`)
192
+ 4. Push to the branch (`git push origin feature/amazing-feature`)
193
+ 5. Open a Pull Request
194
+
195
+ ## License
196
+
197
+ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
package/build/index.js CHANGED
File without changes
package/package.json CHANGED
@@ -1,16 +1,17 @@
1
1
  {
2
2
  "type": "module",
3
3
  "name": "@burtthecoder/mcp-shodan",
4
- "version": "1.0.8",
4
+ "version": "1.0.10",
5
5
  "description": "A Model Context Protocol server for Shodan API queries.",
6
- "main": "./build/index.js",
6
+ "main": "build/index.js",
7
7
  "bin": {
8
8
  "mcp-shodan": "build/index.js"
9
9
  },
10
10
  "scripts": {
11
11
  "start": "node build/index.js",
12
- "dev": "ts-node src/index.ts",
13
- "build": "tsc"
12
+ "dev": "tsc -w",
13
+ "build": "tsc && chmod +x build/index.js",
14
+ "prepublishOnly": "npm run build"
14
15
  },
15
16
  "dependencies": {
16
17
  "@modelcontextprotocol/sdk": "^0.6.0",
@@ -24,7 +25,9 @@
24
25
  "@types/node": "^20.11.24"
25
26
  },
26
27
  "files": [
27
- "build"
28
+ "build",
29
+ "README.md",
30
+ "LICENSE"
28
31
  ],
29
32
  "author": "BurtTheCoder",
30
33
  "license": "MIT",