Shodan
live SecurityDeveloperHost recon via the full Shodan API — open ports, services, CVEs, and host search. BYO key.
Tools
shodan_host What's exposed on IP <ip> — open ports, services, and CVEs. Returns the full Shodan host profile: ports, hostnames, org/ISP, geolocation, OS, known vulnerabilities, and a per-service banner sample. Ex
No parameters required.
Try it
shodan_host_search Search Shodan for hosts matching <query> using Shodan search syntax (e.g. "apache country:US", "port:22 org:\"Google\""). Returns matching hosts with IP, port, org, hostnames, product, and location. E
No parameters required.
Try it
shodan_host_count Count hosts matching <query> with facet breakdown (free — this endpoint does not consume query credits). Returns the total match count plus optional facet aggregations (e.g. top countries, orgs, ports
No parameters required.
Try it
Test with curl
The gateway speaks JSON-RPC 2.0 over HTTP POST. You can test any pack directly from the terminal.
curl -X POST https://gateway.pipeworx.io/shodan/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' curl -X POST https://gateway.pipeworx.io/shodan/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"shodan_host","arguments":{}}}' Use with the SDK
Install @pipeworx/sdk to call tools from any TypeScript/Node project.
import { Pipeworx } from '@pipeworx/sdk';
const px = new Pipeworx();
const result = await px.call("shodan_host", {}); // Or ask in plain English:
const answer = await px.ask("host recon via the full shodan api — open ports, services, cves, and host search");