{"id":"shodan-api","name":"Shodan API","homepage":"https://developer.shodan.io","repo_url":"https://github.com/achillean/shodan-python","category":"security","subcategories":["threat-intelligence","attack-surface","network-scanning"],"tags":["shodan","security","threat-intelligence","internet-scanning","vulnerability","iot","rest-api","sdk"],"what_it_does":"Search engine for internet-connected devices, providing data on open ports, running services, software versions, vulnerabilities (CVEs), and geolocation for any IP or domain.","use_cases":["Attack surface discovery for an organization's internet-facing assets","Identifying vulnerable or misconfigured devices exposed to the internet","Enriching IP addresses with service/banner/vulnerability data in security workflows","Hunting for specific software versions or services across the internet","Monitoring for unauthorized exposure of internal services"],"not_for":["Real-time network scanning (Shodan is a crawl-based snapshot, not live)","Internal network scanning (only covers internet-facing assets)","Passive DNS or domain reputation lookups (use other tools)","Teams without security context — data is sensitive and powerful"],"best_when":"A security agent needs to enumerate internet-facing assets, enrich IP intelligence, or identify exposed vulnerabilities without active scanning.","avoid_when":"You need real-time scan results or internal network visibility.","alternatives":["virustotal-api","censys-api","cloudflare-radar-api"],"af_score":71.6,"security_score":null,"reliability_score":null,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":"current","last_evaluated":"2026-03-01T09:50:06.192988+00:00","performance":{"latency_p50_ms":300,"latency_p99_ms":2000,"uptime_sla_percent":99.5,"rate_limits":"1 query/second for most endpoints","data_source":"llm_estimated","measured_on":null}}