Shodan logo

Shodan

Shodan is the world's first search engine for Internet-connected devices. It continuously crawls the public Internet to build a searchable database of servers, IoT devices, industrial control systems, routers, webcams, databases, and any other host that exposes a service. Shodan provides REST, Streaming, and Trends APIs along with on-demand scanning, network alerts, notifiers, DNS lookups, the InternetDB API, and the CVEDB vulnerability database. It is widely used for attack-surface management, security research, threat intelligence, vulnerability discovery, market research, and academic study of the Internet itself.

5 APIs 3 Capabilities 13 Features
SecuritySearchInternetDevicesIoTVulnerabilitiesCVEAttack SurfaceThreat IntelligenceReconnaissanceNetworkDNSScanningPublic APIs

APIs

Shodan REST API

The primary Shodan REST API exposes search methods, host lookups, on-demand scanning, network alerts, notifiers, the saved-query directory, DNS lookups, utility methods, account...

Shodan Streaming API

The Shodan Streaming API provides a real-time firehose of banner data as Shodan collects it. Filtered streams are available by ASN, country, port, and CVE. Output is either newl...

Shodan Trends API

Trends is the historical analytics API for Shodan, exposing breakdowns of historical scan results aggregated by facet (product, port, country, organization, etc.) by month. Acce...

InternetDB API

The InternetDB API is a free, unauthenticated lookup service that returns the open ports, CPEs, hostnames, tags, and known CVEs for any IPv4 address. The dataset is refreshed on...

CVEDB API

CVEDB is Shodan's open vulnerability database API. It provides CVE lookups, CPE-keyed vulnerability search, KEV filtering, EPSS ordering, and date-range queries. No API key requ...

Capabilities

Attack Surface Monitoring

Run with Naftiko

Internet Asset Discovery

Run with Naftiko

Vulnerability Intelligence

Run with Naftiko

Features

Internet-Wide Device Search

Search billions of indexed banners from servers, routers, webcams, industrial control systems, and IoT devices using a powerful query language with facets and filters.

Host Information Lookup

Retrieve all known information for an IP including open ports, service banners, geolocation, ASN/ISP, hostnames, vulnerabilities, SSL/TLS certificates, and detected technologies.

On-Demand Scanning

Submit IPs, CIDR ranges, or netblocks for an on-demand crawl using scan credits. Enterprise plans can request Internet-wide scans for a specific port or protocol.

Network Alerts and Notifiers

Create alerts on monitored IP ranges that fire when new services, changes, vulnerabilities, or expirations are detected, with delivery via Slack, email, webhook, and other notifier providers.

DNS Lookup Suite

Forward, reverse, and full-domain DNS lookups including subdomain enumeration backed by Shodan's passive DNS database.

Streaming Firehose

Subscribe to real-time banner data filtered by ASN, country, port, or CVE for SIEMs, data lakes, and bespoke analytics pipelines.

Trends Analytics

Run faceted queries against the full historical scan database to analyze product adoption, regional exposure, and changes over time.

InternetDB Free Lookup

Open, key-free lookup that returns the open ports, CPEs, tags, and CVEs for any IPv4 address; refreshed weekly.

CVEDB Vulnerability Database

Open vulnerability lookup with CPE search, KEV filter, EPSS sorting, and date-range queries.

Bulk Data Exports

Enterprise-tier daily and on-demand bulk exports of Shodan's underlying datasets for offline analysis and warehousing.

Organization Management

Enterprise organization support for sharing credits and managing members through the API.

Saved Query Directory

Browse, search, and tag community-contributed Shodan queries covering common technologies, exposures, and devices.

Notifier Providers

Built-in notification provider integrations for Slack, email, Discord, Telegram, webhook, and more.

Use Cases

Attack Surface Management

Continuously monitor an organization's external attack surface for new services, configuration drift, and vulnerable software.

Vulnerability Intelligence

Quantify exposure to specific CVEs across the Internet or a defined customer footprint using CVEDB and the search/trends APIs.

Threat Hunting and OSINT

Pivot from IPs, certificates, banners, and ASNs to map adversary infrastructure and discover related hosts.

Security Research

Study the distribution of misconfigured services, exposed databases, and emerging IoT ecosystems across the public Internet.

Competitive and Market Research

Track adoption of products, web servers, cloud providers, and frameworks across regions and industries using Trends.

Regulatory and Compliance Reporting

Demonstrate visibility into externally exposed assets for frameworks that require attack-surface inventories.

Insurance Underwriting

Inform cyber-insurance scoring with externally observable evidence of exposed services, vulnerabilities, and hygiene.

Incident Response

Triage IPs observed in alerts against Shodan history to determine who they are and what services they expose.

Integrations

Splunk

Shodan data is widely ingested into Splunk for security analytics via the streaming API and the Splunk add-on ecosystem.

Maltego

Shodan transforms for Maltego enable graph-based pivoting on banners, certificates, and IPs.

Slack

Notifier integration delivers alert events to Slack channels.

Email

Notifier integration delivers alert events to mailboxes.

Webhook

Notifier integration posts alert events to arbitrary HTTPS endpoints.

Discord

Notifier integration delivers alert events to Discord servers.

Telegram

Notifier integration delivers alert events to Telegram chats.

Steampipe

Official Steampipe plugin lets you query Shodan host, DNS, and exploit data using standard SQL.

Model Context Protocol

Multiple community MCP servers expose Shodan tools to AI assistants including Claude, Cursor, and VS Code.

Nmap

Shodan's CLI ships helpers to enrich Nmap scan output with Shodan-derived banner context.

Solutions

Shodan Monitor

Hosted attack-surface monitoring product built on the network alerts and notifiers APIs.

Enterprise Data Feed

Real-time firehose and daily bulk data exports for SOCs, threat intelligence platforms, and academic researchers.

InternetDB

Free, unauthenticated host lookup designed for embedding into security tools and dashboards.

CVEDB

Free vulnerability database with KEV and EPSS metadata for prioritization workflows.

Internet-Wide Scanning

Enterprise-only capability to request a scan of the entire Internet for a specific port or protocol.

Event Specifications

Shodan Streaming API

Real-time streaming firehose of banner data collected by Shodan, delivered as newline-separated JSON or Server-Sent Events. Subscribers can consume the full firehose or filter b...

ASYNCAPI

Semantic Vocabularies

Shodan Context

8 classes · 46 properties

JSON-LD

API Governance Rules

Shodan API Rules

11 rules · 6 errors 5 warnings

SPECTRAL

Resources

🔗
Website
Website
🌐
DeveloperPortal
DeveloperPortal
🔗
Documentation
Documentation
🔗
APIReference
APIReference
💰
Pricing
Pricing
🔗
Plans
Plans
🔗
RateLimits
RateLimits
📝
SignUp
SignUp
🔗
Login
Login
🌐
Console
Console
🔑
Authentication
Authentication
🚀
GettingStarted
GettingStarted
🚀
Quickstart
Quickstart
🎓
Tutorials
Tutorials
🔗
KnowledgeCenter
KnowledgeCenter
🔗
Glossary
Glossary
💬
Support
Support
📰
Blog
Blog
🟢
StatusPage
StatusPage
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
📜
Legal
Legal
🔗
X
X
🔗
LinkedIn
LinkedIn
👥
YouTube
YouTube
👥
GitHubOrganization
GitHubOrganization
👥
GitHubRepository
GitHubRepository
👥
GitHubRepository
GitHubRepository
👥
GitHubRepository
GitHubRepository
👥
GitHubRepository
GitHubRepository
👥
GitHubRepository
GitHubRepository
👥
GitHubRepository
GitHubRepository
🔗
CLI
CLI
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
📦
SDK
SDK
🔧
Tools
Tools
🔧
Tools
Tools
🔧
Tools
Tools
🔧
Tools
Tools
🔧
Tools
Tools
🔧
Tools
Tools
🔧
Tools
Tools
🔧
Tools
Tools
🔧
Tools
Tools
🔧
Tools
Tools
🔧
Tools
Tools
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary
🔗
NaftikoCapability
NaftikoCapability
🔗
NaftikoCapability
NaftikoCapability
🔗
NaftikoCapability
NaftikoCapability
🔗
NaftikoCapability
NaftikoCapability
🔗
NaftikoCapability
NaftikoCapability
🔗
NaftikoCapability
NaftikoCapability
🔗
NaftikoCapability
NaftikoCapability
🔗
FinOps
FinOps

Sources

Raw ↑ 
aid: shodan
name: Shodan
description: >-
  Shodan is the world's first search engine for Internet-connected devices.
  It continuously crawls the public Internet to build a searchable database of
  servers, IoT devices, industrial control systems, routers, webcams, databases,
  and any other host that exposes a service. Shodan provides REST, Streaming,
  and Trends APIs along with on-demand scanning, network alerts, notifiers,
  DNS lookups, the InternetDB API, and the CVEDB vulnerability database. It
  is widely used for attack-surface management, security research, threat
  intelligence, vulnerability discovery, market research, and academic study
  of the Internet itself.
url: https://developer.shodan.io/
specificationVersion: '0.20'
created: '2026-05-28'
modified: '2026-05-30'
x-source: public-apis/public-apis
x-category: Security
x-tier: 1
x-tier-reason: full-pipeline-profiled
tags:
  - Security
  - Search
  - Internet
  - Devices
  - IoT
  - Vulnerabilities
  - CVE
  - Attack Surface
  - Threat Intelligence
  - Reconnaissance
  - Network
  - DNS
  - Scanning
  - Public APIs
apis:
  - name: Shodan REST API
    description: >-
      The primary Shodan REST API exposes search methods, host lookups,
      on-demand scanning, network alerts, notifiers, the saved-query directory,
      DNS lookups, utility methods, account information, bulk data, and
      organization management. Auth is via the `key` query parameter.
    humanURL: https://developer.shodan.io/api
    baseURL: https://api.shodan.io
    tags:
      - REST
      - Search
      - Host
      - Scanning
      - Alerts
      - Notifiers
      - DNS
    properties:
      - type: Documentation
        url: https://developer.shodan.io/api
      - type: APIReference
        url: https://developer.shodan.io/api
      - type: Authentication
        url: https://developer.shodan.io/api/requirements
      - type: OpenAPI
        url: openapi/shodan-rest-openapi.yml
      - type: JSONSchema
        url: json-schema/shodan-rest-host-schema.json
      - type: JSONSchema
        url: json-schema/shodan-rest-search-result-schema.json
      - type: JSONSchema
        url: json-schema/shodan-rest-alert-schema.json
      - type: JSONSchema
        url: json-schema/shodan-rest-notifier-schema.json
      - type: JSONSchema
        url: json-schema/shodan-rest-scan-schema.json
      - type: JSONStructure
        url: json-structure/shodan-rest-host-structure.json
      - type: JSONStructure
        url: json-structure/shodan-rest-alert-structure.json
      - type: JSON-LD
        url: json-ld/shodan-context.jsonld
      - type: Example
        url: examples/shodan-rest-host-lookup-example.json
      - type: Example
        url: examples/shodan-rest-search-example.json
      - type: Example
        url: examples/shodan-rest-scan-create-example.json
      - type: Example
        url: examples/shodan-rest-alert-create-example.json
  - name: Shodan Streaming API
    description: >-
      The Shodan Streaming API provides a real-time firehose of banner data as
      Shodan collects it. Filtered streams are available by ASN, country, port,
      and CVE. Output is either newline-separated JSON or Server-Sent Events.
    humanURL: https://developer.shodan.io/api/stream
    baseURL: https://stream.shodan.io
    tags:
      - Streaming
      - Real-Time
      - Firehose
      - SSE
    properties:
      - type: Documentation
        url: https://developer.shodan.io/api/stream
      - type: APIReference
        url: https://developer.shodan.io/api/stream
      - type: AsyncAPI
        url: asyncapi/shodan-stream-asyncapi.yml
      - type: OpenAPI
        url: openapi/shodan-stream-openapi.yml
      - type: JSONSchema
        url: json-schema/shodan-stream-banner-schema.json
      - type: JSONStructure
        url: json-structure/shodan-stream-banner-structure.json
      - type: Example
        url: examples/shodan-stream-banner-example.json
  - name: Shodan Trends API
    description: >-
      Trends is the historical analytics API for Shodan, exposing breakdowns
      of historical scan results aggregated by facet (product, port, country,
      organization, etc.) by month. Access is Enterprise-only.
    humanURL: https://developer.shodan.io/api/trends
    baseURL: https://trends.shodan.io
    tags:
      - Trends
      - Analytics
      - Historical
      - Enterprise
    properties:
      - type: Documentation
        url: https://developer.shodan.io/api/trends
      - type: APIReference
        url: https://developer.shodan.io/api/trends
      - type: OpenAPI
        url: openapi/shodan-trends-openapi.yml
      - type: JSONSchema
        url: json-schema/shodan-trends-result-schema.json
      - type: Example
        url: examples/shodan-trends-search-example.json
  - name: InternetDB API
    description: >-
      The InternetDB API is a free, unauthenticated lookup service that returns
      the open ports, CPEs, hostnames, tags, and known CVEs for any IPv4
      address. The dataset is refreshed once per week. Free for non-commercial
      use; commercial use requires an enterprise license.
    humanURL: https://internetdb.shodan.io/
    baseURL: https://internetdb.shodan.io
    tags:
      - InternetDB
      - Free
      - IP Lookup
      - Public
    properties:
      - type: Documentation
        url: https://internetdb.shodan.io/
      - type: OpenAPI
        url: openapi/shodan-internetdb-openapi.yml
      - type: JSONSchema
        url: json-schema/shodan-internetdb-host-schema.json
      - type: Example
        url: examples/shodan-internetdb-host-example.json
  - name: CVEDB API
    description: >-
      CVEDB is Shodan's open vulnerability database API. It provides CVE
      lookups, CPE-keyed vulnerability search, KEV filtering, EPSS ordering,
      and date-range queries. No API key required; updated daily. Free for
      non-commercial use.
    humanURL: https://cvedb.shodan.io/
    baseURL: https://cvedb.shodan.io
    tags:
      - CVE
      - Vulnerabilities
      - CPE
      - KEV
      - EPSS
      - Free
    properties:
      - type: Documentation
        url: https://cvedb.shodan.io/
      - type: OpenAPI
        url: openapi/shodan-cvedb-openapi.yml
      - type: JSONSchema
        url: json-schema/shodan-cvedb-cve-schema.json
      - type: JSONSchema
        url: json-schema/shodan-cvedb-cpe-schema.json
      - type: Example
        url: examples/shodan-cvedb-cve-lookup-example.json
common:
  - type: Website
    url: https://www.shodan.io/
  - type: DeveloperPortal
    url: https://developer.shodan.io/
  - type: Documentation
    url: https://developer.shodan.io/
  - type: APIReference
    url: https://developer.shodan.io/api
  - type: Pricing
    url: https://account.shodan.io/billing
  - type: Plans
    url: plans/shodan-plans-pricing.yml
  - type: RateLimits
    url: rate-limits/shodan-rate-limits.yml
  - type: SignUp
    url: https://account.shodan.io/register
  - type: Login
    url: https://account.shodan.io/login
  - type: Console
    url: https://www.shodan.io/dashboard
  - type: Authentication
    url: https://developer.shodan.io/api/requirements
  - type: GettingStarted
    url: https://help.shodan.io/the-basics/what-is-shodan
  - type: Quickstart
    url: https://help.shodan.io/the-basics/search-query-fundamentals
  - type: Tutorials
    url: https://help.shodan.io/
  - type: KnowledgeCenter
    url: https://help.shodan.io/
  - type: Glossary
    url: https://datapedia.shodan.io/
  - type: Support
    url: mailto:[email protected]
  - type: Blog
    url: https://blog.shodan.io/
  - type: StatusPage
    url: https://status.shodan.io/
  - type: TermsOfService
    url: https://www.shodan.io/legal/tos
  - type: PrivacyPolicy
    url: https://www.shodan.io/legal/privacy
  - type: Legal
    url: https://www.shodan.io/legal
  - type: X
    url: https://x.com/shodanhq
  - type: LinkedIn
    url: https://www.linkedin.com/company/shodan
  - type: YouTube
    url: https://www.youtube.com/@shodanhq
  - type: GitHubOrganization
    url: https://github.com/achillean
  - type: GitHubRepository
    url: https://github.com/achillean/shodan-python
  - type: GitHubRepository
    url: https://github.com/achillean/shodan-developer-docs
  - type: GitHubRepository
    url: https://github.com/achillean/shodan-ruby
  - type: GitHubRepository
    url: https://github.com/achillean/shodan-perl
  - type: GitHubRepository
    url: https://github.com/achillean/Shodan.NET
  - type: GitHubRepository
    url: https://github.com/achillean/steampipe-plugin-shodan
  - type: CLI
    url: https://help.shodan.io/command-line-interface/0-installation
  - type: SDK
    name: Python
    url: https://github.com/achillean/shodan-python
  - type: SDK
    name: Ruby
    url: https://github.com/picatz/shodanz
  - type: SDK
    name: PHP
    url: https://github.com/ScadaExposure/Shodan-PHP-REST-API
  - type: SDK
    name: C++
    url: https://github.com/prophetl33t/ShodanCPP
  - type: SDK
    name: C#
    url: https://www.nuget.org/packages/Shodan/
  - type: SDK
    name: C# (alt)
    url: https://github.com/tparnell8/Shodan.Net
  - type: SDK
    name: Go
    url: https://github.com/shadowscatcher/shodan
  - type: SDK
    name: Go (ns3777k)
    url: https://github.com/ns3777k/go-shodan
  - type: SDK
    name: Haskell
    url: https://github.com/iomonad/shodan
  - type: SDK
    name: Java
    url: https://github.com/fooock/jshodan
  - type: SDK
    name: Node.js
    url: https://github.com/jesusprubio/shodan-client.js
  - type: SDK
    name: Perl
    url: https://github.com/Dudley5000/WWW-Shodan-API
  - type: SDK
    name: PowerShell
    url: https://github.com/darkoperator/Posh-Shodan
  - type: SDK
    name: Rust
    url: https://github.com/femiagbabiaka/shodan-rust
  - type: SDK
    name: Crystal
    url: https://github.com/PercussiveElbow/Shodan
  - type: Tools
    name: Steampipe Plugin
    url: https://github.com/achillean/steampipe-plugin-shodan
  - type: Tools
    name: Shodan Monitor
    url: https://monitor.shodan.io
  - type: Tools
    name: Shodan Maps
    url: https://maps.shodan.io
  - type: Tools
    name: Shodan Images
    url: https://images.shodan.io
  - type: Tools
    name: Shodan Bulk Data
    url: https://enterprise.shodan.io
  - type: Tools
    name: Shodan Snippets
    url: https://snippets.shodan.io
  - type: Tools
    name: MCP Server (BurtTheCoder)
    url: https://github.com/BurtTheCoder/mcp-shodan
  - type: Tools
    name: MCP Server (ADEOSec)
    url: https://github.com/ADEOSec/mcp-shodan
  - type: Tools
    name: MCP Server (Cyreslab-AI)
    url: https://github.com/Cyreslab-AI/shodan-mcp-server
  - type: Tools
    name: MCP Server (Vorota-ai)
    url: https://github.com/Vorota-ai/shodan-mcp
  - type: Tools
    name: MCP Server (mohdhaji87)
    url: https://github.com/mohdhaji87/Shodan-MCP
  - type: SpectralRules
    url: rules/shodan-rules.yml
  - type: Vocabulary
    url: vocabulary/shodan-vocabulary.yml
  - type: NaftikoCapability
    url: capabilities/shared/shodan-rest.yaml
  - type: NaftikoCapability
    url: capabilities/shared/shodan-stream.yaml
  - type: NaftikoCapability
    url: capabilities/shared/shodan-internetdb.yaml
  - type: NaftikoCapability
    url: capabilities/shared/shodan-cvedb.yaml
  - type: NaftikoCapability
    url: capabilities/attack-surface-monitoring.yaml
  - type: NaftikoCapability
    url: capabilities/vulnerability-intelligence.yaml
  - type: NaftikoCapability
    url: capabilities/internet-asset-discovery.yaml
  - type: FinOps
    url: finops/shodan-finops.yml
  - type: Features
    data:
      - name: Internet-Wide Device Search
        description: >-
          Search billions of indexed banners from servers, routers, webcams,
          industrial control systems, and IoT devices using a powerful query
          language with facets and filters.
      - name: Host Information Lookup
        description: >-
          Retrieve all known information for an IP including open ports,
          service banners, geolocation, ASN/ISP, hostnames, vulnerabilities,
          SSL/TLS certificates, and detected technologies.
      - name: On-Demand Scanning
        description: >-
          Submit IPs, CIDR ranges, or netblocks for an on-demand crawl using
          scan credits. Enterprise plans can request Internet-wide scans for
          a specific port or protocol.
      - name: Network Alerts and Notifiers
        description: >-
          Create alerts on monitored IP ranges that fire when new services,
          changes, vulnerabilities, or expirations are detected, with delivery
          via Slack, email, webhook, and other notifier providers.
      - name: DNS Lookup Suite
        description: >-
          Forward, reverse, and full-domain DNS lookups including subdomain
          enumeration backed by Shodan's passive DNS database.
      - name: Streaming Firehose
        description: >-
          Subscribe to real-time banner data filtered by ASN, country, port,
          or CVE for SIEMs, data lakes, and bespoke analytics pipelines.
      - name: Trends Analytics
        description: >-
          Run faceted queries against the full historical scan database to
          analyze product adoption, regional exposure, and changes over time.
      - name: InternetDB Free Lookup
        description: >-
          Open, key-free lookup that returns the open ports, CPEs, tags, and
          CVEs for any IPv4 address; refreshed weekly.
      - name: CVEDB Vulnerability Database
        description: >-
          Open vulnerability lookup with CPE search, KEV filter, EPSS sorting,
          and date-range queries.
      - name: Bulk Data Exports
        description: >-
          Enterprise-tier daily and on-demand bulk exports of Shodan's
          underlying datasets for offline analysis and warehousing.
      - name: Organization Management
        description: >-
          Enterprise organization support for sharing credits and managing
          members through the API.
      - name: Saved Query Directory
        description: >-
          Browse, search, and tag community-contributed Shodan queries
          covering common technologies, exposures, and devices.
      - name: Notifier Providers
        description: >-
          Built-in notification provider integrations for Slack, email,
          Discord, Telegram, webhook, and more.
  - type: UseCases
    data:
      - name: Attack Surface Management
        description: >-
          Continuously monitor an organization's external attack surface for
          new services, configuration drift, and vulnerable software.
      - name: Vulnerability Intelligence
        description: >-
          Quantify exposure to specific CVEs across the Internet or a defined
          customer footprint using CVEDB and the search/trends APIs.
      - name: Threat Hunting and OSINT
        description: >-
          Pivot from IPs, certificates, banners, and ASNs to map adversary
          infrastructure and discover related hosts.
      - name: Security Research
        description: >-
          Study the distribution of misconfigured services, exposed databases,
          and emerging IoT ecosystems across the public Internet.
      - name: Competitive and Market Research
        description: >-
          Track adoption of products, web servers, cloud providers, and
          frameworks across regions and industries using Trends.
      - name: Regulatory and Compliance Reporting
        description: >-
          Demonstrate visibility into externally exposed assets for
          frameworks that require attack-surface inventories.
      - name: Insurance Underwriting
        description: >-
          Inform cyber-insurance scoring with externally observable evidence
          of exposed services, vulnerabilities, and hygiene.
      - name: Incident Response
        description: >-
          Triage IPs observed in alerts against Shodan history to determine
          who they are and what services they expose.
  - type: Integrations
    data:
      - name: Splunk
        description: >-
          Shodan data is widely ingested into Splunk for security analytics
          via the streaming API and the Splunk add-on ecosystem.
      - name: Maltego
        description: >-
          Shodan transforms for Maltego enable graph-based pivoting on
          banners, certificates, and IPs.
      - name: Slack
        description: >-
          Notifier integration delivers alert events to Slack channels.
      - name: Email
        description: >-
          Notifier integration delivers alert events to mailboxes.
      - name: Webhook
        description: >-
          Notifier integration posts alert events to arbitrary HTTPS endpoints.
      - name: Discord
        description: >-
          Notifier integration delivers alert events to Discord servers.
      - name: Telegram
        description: >-
          Notifier integration delivers alert events to Telegram chats.
      - name: Steampipe
        description: >-
          Official Steampipe plugin lets you query Shodan host, DNS, and
          exploit data using standard SQL.
      - name: Model Context Protocol
        description: >-
          Multiple community MCP servers expose Shodan tools to AI assistants
          including Claude, Cursor, and VS Code.
      - name: Nmap
        description: >-
          Shodan's CLI ships helpers to enrich Nmap scan output with
          Shodan-derived banner context.
  - type: Solutions
    data:
      - name: Shodan Monitor
        description: >-
          Hosted attack-surface monitoring product built on the network
          alerts and notifiers APIs.
      - name: Enterprise Data Feed
        description: >-
          Real-time firehose and daily bulk data exports for SOCs, threat
          intelligence platforms, and academic researchers.
      - name: InternetDB
        description: >-
          Free, unauthenticated host lookup designed for embedding into
          security tools and dashboards.
      - name: CVEDB
        description: >-
          Free vulnerability database with KEV and EPSS metadata for
          prioritization workflows.
      - name: Internet-Wide Scanning
        description: >-
          Enterprise-only capability to request a scan of the entire Internet
          for a specific port or protocol.
maintainers:
  - FN: Kin Lane
    email: [email protected]