ContrastAPI is a security intelligence MCP server providing 31 tools for AI agents to perform comprehensive security assessments, threat intelligence, and vulnerability analysis — free with no API key required.

Domain Intelligence:

• domain_report — Full domain audit (SSL, DNS, WHOIS, SPF/DMARC/DKIM, CT logs, tech fingerprint, security headers)

• dns_records — Retrieve DNS records

• whois_lookup — WHOIS registration and ownership lookup

• subdomain_enum — Enumerate subdomains

• ct_logs — Certificate Transparency log lookup

• threat_intel — Threat intelligence data for a domain

• scan_headers / check_headers — Scan or analyze HTTP security headers

IP Intelligence:

• ip_lookup — IP reputation and threat report (Shodan + AbuseIPDB + ASN data)

CVE & Vulnerability Intelligence:

• cve_lookup — Look up a specific CVE enriched with EPSS scores and CISA KEV status

• cve_search — Search CVEs by product, severity, or time window

• cve_recent — Fetch recently published CVEs (up to 7 days)

• cve_kev — List CVEs in CISA's Known Exploited Vulnerabilities catalog

• epss_score — Get the EPSS exploit probability score for a CVE

Code Security:

• check_secrets — Scan code for hardcoded secrets, API keys, and credentials

• check_injection — Detect SQL, command, and other injection vulnerabilities

• check_dependencies — Check packages for known vulnerabilities

API Management:

• api_status — Check service operational status

• api_usage — Track credit consumption and rate limits

Accessible via MCP (for AI agents), Node.js SDK, REST API, or VS Code extension. Responses include LLM-optimized summaries and verdict metadata for multi-agent workflows. Can also be self-hosted with Python 3.12, FastAPI, and SQLite.

Offers REST API endpoints accessible via cURL for security intelligence operations including CVE lookups, domain audits, threat reports, and IOC enrichment through direct HTTP requests.

Built with FastAPI as the web framework, providing RESTful endpoints for security intelligence operations with automatic OpenAPI documentation and interactive testing capabilities.

Integrates with GitHub Security Advisories database for CVE intelligence, searches GitHub Advisory Database for exploits/PoC, and provides username lookup across GitHub and other social/dev platforms.

Provides Node.js SDK for programmatic access to security intelligence tools including domain audits, CVE lookups, threat reports, and bulk operations with zero dependencies.

Distributed as npm package for easy installation and integration, providing Node.js SDK and MCP server deployment capabilities through npx commands.

Utilizes pytest for comprehensive testing framework covering 1104 tests with 36/36 smoke-test coverage on security intelligence operations and API functionality.

Built with Python 3.12 as the primary runtime, providing security intelligence tools including source code scanning for injection vulnerabilities and secrets detection across multiple programming languages.

Available on RapidAPI platform for programmatic access to security intelligence endpoints including domain audits, CVE lookups, threat reports, and IOC enrichment.

Utilizes SQLite databases with WAL mode for API rate-limiting, CVE caching, and domain cache storage, providing persistent data storage for security intelligence operations.