Bfsg Shodan
Exposes Shodan's internet device database through MCP for querying exposed hosts, services, and ports by filters like IP range, geolocation, or protocol. Returns banners, org data, and scan results. Security researchers and penetration testers apply it for passive reconnaissance and asset inventory.
Overview
Bfsg Shodan MCP server bridges the Shodan search engine to Model Context Protocol, enabling AI models to query a database of billions of internet-connected devices captured from global scans. It supports filter-based searches and detailed host lookups without needing direct Shodan API credentials in the model environment.
Key Capabilities
- search: Queries devices using filters (e.g., port:80 country:US), returns counts, facets for products/vulns, and example IPs.
- host: Fetches comprehensive data for an IP/hostname, including open ports, service versions, geolocation, ISP, and raw banners.
- scans: Retrieves recent internet scan results for specific networks or IPs.
- exploits: Matches devices to known vulnerabilities and CVEs based on banners.
These map Shodan's REST API to MCP tool calls for structured JSON responses.
Use Cases
- Penetration tester runs search for exposed RDP (port 3389) in a target org, then host on results to grab credentials from banners.
- Threat hunter uses search with vuln facets to track new IoT botnet C&Cs by service fingerprint.
- Network admin executes host on suspected IPs to verify open ports and block exposed services.
- Researcher combines scans and exploits to analyze Log4Shell exposure across regions.
Who This Is For
Cybersecurity analysts, red team operators, threat intelligence teams, and DevSecOps engineers who integrate AI agents for automated recon, device fingerprinting, and vulnerability assessment.