mcp-shodan and Wazuh-MCP-Server
About mcp-shodan
BurtTheCoder/mcp-shodan
MCP server for Shodan — search internet-connected devices, IP reconnaissance, DNS lookups, and CVE/CPE vulnerability intelligence. Works with Claude Code, Codex, Gemini CLI, and Claude Desktop.
Implements the Model Context Protocol (MCP) via stdio transport with seven specialized tools—IP lookup, device search, CVE/CPE queries, and DNS resolution—each returning structured JSON for programmatic analysis. Built as an npm package that integrates directly into Claude Desktop, Claude Code, Codex CLI, and Gemini CLI through configuration-based server registration, leveraging Shodan's CVEDB for enriched vulnerability data including CVSS, EPSS, and KEV status tracking.
About Wazuh-MCP-Server
gensecaihq/Wazuh-MCP-Server
AI-powered security operations for Wazuh SIEM—use any MCP-compatible client to ask security questions in plain English. Faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. Production-ready MCP server for conversational SOC workflows.
Exposes 48 validated security tools via MCP protocol that span alert querying, agent monitoring, vulnerability scanning, active response (IP blocking, host isolation, process termination), and compliance checking—all with per-tool RBAC, audit logging, input validation, and credential sanitization to prevent LLM-side data leakage. Implements a dual-mode architecture supporting both cloud LLMs (Claude, GPT) and fully air-gapped local deployments via Ollama, with a standard HTTP `/mcp` endpoint compatible with Claude Desktop, Open WebUI, mcphost, and any MCP 2025-11-25 client. Built on Python 3.11+ with Docker containerization, Elasticsearch query integration for alert search, Redis-backed multi-instance session storage, rate limiting, and circuit breakers against Wazuh API 4.8.0–4.14.4.
Related comparisons
Scores updated daily from GitHub, PyPI, and npm data. How scores work