Capability Spec
name: vulnerability-intelligence
description: >-
Vulnerability-centric workflow using Shodan's CVEDB and search APIs.
Look up a CVE, find affected CPEs, and quantify exposure across the
Internet or a defined IP perimeter, then stream new banners matching
the CVE as Shodan observes them.
provider: shodan
workflow:
- capability: shodan-cvedb
operation: getCve
purpose: Fetch full details (CVSS, EPSS, KEV status, references, impacted CPEs) for a given CVE.
- capability: shodan-cvedb
operation: searchCves
purpose: Filter CVEs by KEV status or EPSS score to prioritize remediation.
- capability: shodan-cvedb
operation: searchCpes
purpose: Translate a product name into CPE 2.3 identifiers used by the Shodan index.
- capability: shodan-rest
operation: getHostCount
purpose: Quantify how many Internet-exposed hosts match the affected CPE / version using `vuln:` and `cpe23:` filters.
- capability: shodan-rest
operation: searchHosts
purpose: Enumerate the actual hosts exposing the vulnerable service.
- capability: shodan-stream
operation: streamBannersByVuln
purpose: Tail the firehose for newly observed banners matching the CVE for continuous monitoring.
- capability: shodan-internetdb
operation: getInternetDbHost
purpose: Spot-check whether specific external IPs are still flagged with the CVE in the free InternetDB dataset.