contrastapi
ContrastAPI is a security intelligence MCP server providing 31 tools for AI agents to perform comprehensive security assessments, threat intelligence, and vulnerability analysis — free with no API key required.
Domain Intelligence:
domain_report— Full domain audit (SSL, DNS, WHOIS, SPF/DMARC/DKIM, CT logs, tech fingerprint, security headers)dns_records— Retrieve DNS recordswhois_lookup— WHOIS registration and ownership lookupsubdomain_enum— Enumerate subdomainsct_logs— Certificate Transparency log lookupthreat_intel— Threat intelligence data for a domainscan_headers/check_headers— Scan or analyze HTTP security headers
IP Intelligence:
ip_lookup— IP reputation and threat report (Shodan + AbuseIPDB + ASN data)
CVE & Vulnerability Intelligence:
cve_lookup— Look up a specific CVE enriched with EPSS scores and CISA KEV statuscve_search— Search CVEs by product, severity, or time windowcve_recent— Fetch recently published CVEs (up to 7 days)cve_kev— List CVEs in CISA's Known Exploited Vulnerabilities catalogepss_score— Get the EPSS exploit probability score for a CVE
Code Security:
check_secrets— Scan code for hardcoded secrets, API keys, and credentialscheck_injection— Detect SQL, command, and other injection vulnerabilitiescheck_dependencies— Check packages for known vulnerabilities
API Management:
api_status— Check service operational statusapi_usage— Track credit consumption and rate limits
Accessible via MCP (for AI agents), Node.js SDK, REST API, or VS Code extension. Responses include LLM-optimized summaries and verdict metadata for multi-agent workflows. Can also be self-hosted with Python 3.12, FastAPI, and SQLite.
Offers REST API endpoints accessible via cURL for security intelligence operations including CVE lookups, domain audits, threat reports, and IOC enrichment through direct HTTP requests.
Built with FastAPI as the web framework, providing RESTful endpoints for security intelligence operations with automatic OpenAPI documentation and interactive testing capabilities.
Integrates with GitHub Security Advisories database for CVE intelligence, searches GitHub Advisory Database for exploits/PoC, and provides username lookup across GitHub and other social/dev platforms.
Provides Node.js SDK for programmatic access to security intelligence tools including domain audits, CVE lookups, threat reports, and bulk operations with zero dependencies.
Distributed as npm package for easy installation and integration, providing Node.js SDK and MCP server deployment capabilities through npx commands.
Utilizes pytest for comprehensive testing framework covering 1104 tests with 36/36 smoke-test coverage on security intelligence operations and API functionality.
Built with Python 3.12 as the primary runtime, providing security intelligence tools including source code scanning for injection vulnerabilities and secrets detection across multiple programming languages.
Available on RapidAPI platform for programmatic access to security intelligence endpoints including domain audits, CVE lookups, threat reports, and IOC enrichment.
Utilizes SQLite databases with WAL mode for API rate-limiting, CVE caching, and domain cache storage, providing persistent data storage for security intelligence operations.
ContrastAPI — 53 Security Tools + 7 MCP Resources for AI Agents
Security intelligence MCP server for AI agents. CVE/KEV/CWE lookup with EPSS, composite risk scoring (CVSS+EPSS+KEV+PoC fusion — v1.29.1), CVSS v3.x vector parser (v1.29.1), domain audit, IP threat reports, IOC enrichment, code security, MITRE ATLAS (AI/ML attacks) + D3FEND (defenses), web intelligence (robots.txt, redirect-chain, email validation, brand-assets, SEO audit — v1.25.0). 53 tools + 7 Resources (ATLAS+D3FEND+CWE catalog browsing) + 3 Prompts (security audit, vulnerability check, conditional triage), free, no API key, 30 credits/hour.
中文 · Live: api.contrastcyber.com
Setup (MCP)
{
"mcpServers": {
"contrastapi": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
}
}
}Restart your agent. Other clients (Python SDK, Node SDK, cURL, VS Code): mcp-setup · quickstart
Related MCP server: VirusTotal MCP Server
SDKs
pip install contrastapi # Python 3.10+ — sync + async, typed responses, shortcut helpers
npm install contrastapi # Node 14+ — concrete TypeScript types, 14 namespacesBoth SDKs cover all 60+ HTTP endpoints / 53 MCP tools (CVE/KEV/CWE, ATLAS, D3FEND, Sigma rules, email security posture, domain, IP, IOC, code-security, web-intel, etc.) with the same wire-exact response shapes and a typed exception hierarchy mirroring the v1.22.2+ error envelope. v1.23.0 adds MCP Resources (ATLAS+D3FEND+CWE catalog browsing — see docs/resources.md) and a conditional triage Prompt (see docs/PROMPTS.md#contrast-triage-v1230). v1.25.0 adds 5 web-intelligence tools (robots_txt, redirect_chain, email_verify, brand_assets, seo_audit) with explicit ethical-floor guardrails (per-target eTLD+1 throttle, robots.txt respected, no SMTP probing).
Try it
curl 'https://api.contrastcyber.com/v1/cves?product=openssl&kev=true' # cve_search — CVEs by product, KEV-only filter
curl https://api.contrastcyber.com/v1/domain/example.com # domain_report — DNS+WHOIS+SSL+subdomains+intel, one call
curl https://api.contrastcyber.com/v1/cve/CVE-2021-44228 # cve_lookup — full record (CVSS+EPSS+KEV+CWE)
curl https://api.contrastcyber.com/v1/exploit/CVE-2021-44228 # exploit_lookup — public PoC / exploit availability
curl https://api.contrastcyber.com/v1/ip/1.1.1.1 # ip_lookup — reputation, geo, ASN, threat intelOr ask your agent:
"Search for KEV-listed OpenSSL CVEs, then pull the full record for the highest-EPSS one."
"Run a full domain report for example.com — DNS, WHOIS, SSL, subdomains, and threat intel in one call."
"Does CVE-2021-44228 have a public exploit or PoC available?"
"What's the reputation, country, and ASN for 1.1.1.1 — is it flagged in any threat feed?"
Links
Endpoints: docs/ENDPOINTS.md · OpenAPI: openapi.json · Playground: /playground
Smithery · npm · VS Code Marketplace · Awesome OSINT MCP · RapidAPI
Responses include a verdict block — deterministic, falsifiable_fields, data_age_seconds, sources_queried / sources_unavailable, completeness — so a verifier agent can independently re-derive specific fields from the upstream authority (NVD, RDAP, CT logs, URLhaus). Probe GET /v1/capabilities for "verdict_metadata": true.
CVE responses also embed next_calls: list[PivotHint] — {tool, input, reason} triples that suggest the next MCP tool to call (e.g. kev_detail when kev.in_kev=true, cwe_lookup when cwe_id is set). Agents chain workflows without manual prompting.
MIT
Maintenance
Appeared in Searches
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/UPinar/contrastapi'
If you have feedback or need assistance with the MCP directory API, please join our Discord server