Skip to main content
Glama
UPinar

contrastapi

by UPinar
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

ContrastAPI

License: MIT Python 3.12 Tests MCP VS Code RapidAPI npm

Security intelligence API and MCP server for AI agents. 29 MCP tools / 39+ endpoints: CVE lookup with EPSS/KEV enrichment, domain reconnaissance, SSL analysis, IP reputation (AbuseIPDB, Shodan), IOC/malware lookup, exploit search, technology fingerprinting, email security, phone validation, and code security scanning. Free, no API key required.

English | 中文

Live: api.contrastcyber.com | Quick Start: API · MCP · VS Code | Docs: Endpoints | Scanner: contrastcyber.com | Blog: I Built 25 Security Tools That AI Agents Can Use

Use with AI Agents

VS Code Extension: Install ContrastAPI from the Marketplace — 29 security tools in your editor, no API key required.

MCP Setup for Claude Desktop, Cursor, VS Code, Windsurf: MCP Setup Guide

Then ask your AI:

Recon & Domain

  • "Run a full security audit on example.com"

  • "What are the DNS records for example.com?"

  • "Is the SSL certificate on example.com expiring soon?"

  • "What technologies does example.com use?"

  • "Check the security headers on example.com"

  • "Find all subdomains of example.com"

  • "Who registered example.com and when does it expire?"

  • "Does example.com have proper SPF and DMARC records?"

CVE & Exploits

  • "Look up CVE-2024-3094 — is it being exploited in the wild?"

  • "Find critical Apache vulnerabilities from the last 6 months"

  • "Are there public exploits for CVE-2021-44228?"

IP & Network

  • "Is 8.8.8.8 malicious? Check its reputation"

  • "What ASN does 1.1.1.1 belong to?"

Threat Intelligence

  • "Check example.com for known malware URLs"

  • "Enrich this IOC: 185.220.101.1"

  • "Check if http://evil-example.test/login is a phishing URL"

  • "Has this password been exposed in a data breach?"

  • "Is this file hash known malware? a1b2c3d4..."

Code Security

  • "Check this code for hardcoded API keys and secrets"

  • "Scan this function for SQL injection vulnerabilities"

  • "Validate these HTTP security headers: Content-Security-Policy, X-Frame-Options"

Contact Validation

  • "Is user@example.com a disposable email?"

  • "Look up this phone number: +1-555-0123"

  • "Find accounts for username 'johndoe' across platforms"

Related MCP server: VirusTotal MCP Server

Quick Start

Node.js SDK

npm install contrastapi
const api = require("contrastapi")();

const report = await api.domain.report("example.com");
const cve = await api.cve.lookup("CVE-2024-3094");
const ssl = await api.domain.ssl("example.com");
const headers = await api.scan.headers("example.com");

With API key (Pro): const api = require("contrastapi")({ apiKey: "your-key" });

Full SDK docs: sdk/node/

cURL

curl https://api.contrastcyber.com/v1/domain/example.com

More examples: API Quick Start (cURL, Node.js, Python, CI/CD)

Why ContrastAPI?

  • One call, full picture — domain report returns DNS + WHOIS + SSL + subdomains + WAF + IP reputation in a single response

  • CVE intelligence — 340K+ CVEs enriched with EPSS exploit probability and CISA KEV status

  • IP reputation — AbuseIPDB, Shodan enrichment with 24-hour cache

  • Tech fingerprinting — detect CMS, frameworks, CDN, analytics from headers + HTML

  • AI-native — LLM-optimized summaries, structured JSON, OpenAPI spec

  • Free forever — 100 req/hr, no API key, no signup

Endpoints

Domain Intelligence

GET  /v1/domain/{domain}       Full domain report (DNS + WHOIS + SSL + subs + WAF + reputation)
GET  /v1/audit/{domain}        Comprehensive audit (full report + tech fingerprint + live headers)
GET  /v1/threat-report/{ip}    Orchestrated IP threat report (Shodan + AbuseIPDB + ASN)
GET  /v1/dns/{domain}          DNS records (A, AAAA, MX, NS, TXT, CNAME, SOA)
GET  /v1/whois/{domain}        WHOIS registration data
GET  /v1/subdomains/{domain}   Subdomain enumeration (DNS brute + CT logs)
GET  /v1/certs/{domain}        Certificate transparency logs
GET  /v1/ssl/{domain}          SSL/TLS analysis (cipher, cert chain, grade A-F)
GET  /v1/ip/{ip}               IP intel + reputation (AbuseIPDB, Shodan)
GET  /v1/asn/{target}          ASN lookup (AS number or IP)
GET  /v1/tech/{domain}         Technology fingerprinting (CMS, frameworks, CDN, analytics)
GET  /v1/threat/{domain}       Threat intelligence (URLhaus malware URLs)
GET  /v1/archive/{domain}      Web archive history (Wayback Machine snapshots)
GET  /v1/scan/headers/{domain} Live HTTP security header scan
GET  /v1/monitor/{domain}      Lightweight domain health check
GET  /v1/domain/{domain}/vulns Tech stack CVE scan
GET  /v1/email/mx/{domain}     Mail provider detection + email security grade
GET  /v1/email/disposable/{email} Disposable/temporary email check
POST /v1/domains/bulk          Bulk domain scan (10 free, 50 pro)

CVE Intelligence

GET /v1/cve/{cve_id}           CVE details + EPSS + KEV
GET /v1/cves?product=&severity= Search CVEs
GET /v1/cves/recent?hours=24   Latest CVEs
GET /v1/cves/kev               CISA exploited vulns
GET /v1/epss/{cve_id}          Exploit probability
GET /v1/exploit/{cve_id}       Public exploit search (GitHub Advisory + Shodan)
POST /v1/cves/bulk             Bulk CVE lookup (10 free, 50 pro)

Threat Intelligence

GET /v1/ioc/{indicator}        Unified IOC enrichment (IP, domain, URL, hash)
GET /v1/hash/{hash}            Malware hash reputation (MalwareBazaar)
GET /v1/password/{sha1}        Password breach check (HIBP, k-anonymity)
GET /v1/phishing/{url}         Phishing/malware URL check (URLhaus)
POST /v1/iocs/bulk             Bulk IOC enrichment (10 free, 50 pro)
GET /v1/phone/{number}         Phone number OSINT (carrier, type, country)
GET /v1/username/{username}    Username OSINT (16 platforms, account discovery)

Code Security

POST /v1/check/headers         Validate HTTP security headers
POST /v1/check/secrets         Detect hardcoded secrets
POST /v1/check/injection       SQL/cmd injection patterns
POST /v1/check/dependencies    Check packages for known CVEs

Rate Limits

Tier

Limit

API Key

Free

100 req/hr

Not required

Pro

1,000 req/hr

Get API Key

Credit Costs

Most endpoints consume 1 credit per call. Aggregating endpoints that fan out to multiple upstream sources cost more:

Endpoint

Cost

Most endpoints

1

GET /v1/audit/{domain}

4

GET /v1/threat-report/{ip}

4

Bulk endpoints (/v1/cves/bulk, /v1/iocs/bulk)

N (one per item)

Every authenticated response includes an X-RateLimit-Cost header so you can track usage transparently alongside X-RateLimit-Remaining.

Data Sources

Source

Records

Update

NVD (NIST)

340k+ CVEs

Every 2 hours

CISA KEV

1,500+ exploited vulns

Every 2 hours

FIRST EPSS

323k+ exploit scores

Every 2 hours

Docs

Self-Hosting

git clone https://github.com/UPinar/contrastapi.git
cd contrastapi
python3 -m venv venv
venv/bin/pip install -r requirements.txt
cd app
../venv/bin/uvicorn main:app --host 127.0.0.1 --port 8002

Tests

cd app && PYTHONPATH=. python -m pytest tests/ -v

782 tests covering auth, rate limiting, validation, database operations, domain intelligence, CVE intelligence, threat intelligence, code security (ReDoS protection, concurrency limits), tech fingerprinting, IP reputation, email security, phone validation, web archive, MCP endpoint, and API routes.

Stack

  • Runtime: Python 3.12, FastAPI, uvicorn

  • Database: SQLite (WAL mode, 3 databases)

  • DNS: dnspython

  • HTTP: httpx

Also Available On

License

MIT

Install Server
A
security – no known vulnerabilities
A
license - permissive license
D
quality - D tier

How are these scores calculated?

Resources

Tools

View all tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/UPinar/contrastapi'

If you have feedback or need assistance with the MCP directory API, please join our Discord server