ContrastAPI

Security intelligence MCP server — 20 tools: CVE lookup (EPSS/KEV), domain recon, SSL, IP reputation, IOC, exploit search, code security. Free, no API key.

GitHub

ContrastAPI — 53 Security Tools + 7 MCP Resources for AI Agents

ContrastAPI Banner

MCP smithery badge contrastapi MCP server License: MIT

Security intelligence MCP server for AI agents. CVE/KEV/CWE lookup with EPSS, composite risk scoring (CVSS+EPSS+KEV+PoC fusion — v1.29.1), CVSS v3.x vector parser (v1.29.1), domain audit, IP threat reports, IOC enrichment, code security, MITRE ATLAS (AI/ML attacks) + D3FEND (defenses), web intelligence (robots.txt, redirect-chain, email validation, brand-assets, SEO audit — v1.25.0). 53 tools + 7 Resources (ATLAS+D3FEND+CWE catalog browsing) + conditional triage Prompt, free, no API key, 30 credits/hour.

中文 · Live: api.contrastcyber.com

Setup (MCP)

{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
    }
  }
}

Restart your agent. Other clients (Python SDK, Node SDK, cURL, VS Code): mcp-setup · quickstart

SDKs

pip install contrastapi      # Python 3.10+ — sync + async, typed responses, shortcut helpers
npm install contrastapi      # Node 14+ — concrete TypeScript types, 14 namespaces

Both SDKs cover all 60+ HTTP endpoints / 53 MCP tools (CVE/KEV/CWE, ATLAS, D3FEND, Sigma rules, email security posture, domain, IP, IOC, code-security, web-intel, etc.) with the same wire-exact response shapes and a typed exception hierarchy mirroring the v1.22.2+ error envelope. v1.23.0 adds MCP Resources (ATLAS+D3FEND+CWE catalog browsing — see docs/resources.md) and a conditional triage Prompt (see docs/PROMPTS.md#contrast-triage-v1230). v1.25.0 adds 5 web-intelligence tools (robots_txt, redirect_chain, email_verify, brand_assets, seo_audit) with explicit ethical-floor guardrails (per-target eTLD+1 throttle, robots.txt respected, no SMTP probing).

Try it

curl 'https://api.contrastcyber.com/v1/cves?product=openssl&kev=true'  # cve_search — CVEs by product, KEV-only filter
curl https://api.contrastcyber.com/v1/domain/example.com         # domain_report — DNS+WHOIS+SSL+subdomains+intel, one call
curl https://api.contrastcyber.com/v1/cve/CVE-2021-44228         # cve_lookup — full record (CVSS+EPSS+KEV+CWE)
curl https://api.contrastcyber.com/v1/exploit/CVE-2021-44228     # exploit_lookup — public PoC / exploit availability
curl https://api.contrastcyber.com/v1/ip/1.1.1.1                 # ip_lookup — reputation, geo, ASN, threat intel

Or ask your agent:

  • "Search for KEV-listed OpenSSL CVEs, then pull the full record for the highest-EPSS one."
  • "Run a full domain report for example.com — DNS, WHOIS, SSL, subdomains, and threat intel in one call."
  • "Does CVE-2021-44228 have a public exploit or PoC available?"
  • "What's the reputation, country, and ASN for 1.1.1.1 — is it flagged in any threat feed?"

Links

Endpoints: docs/ENDPOINTS.md · OpenAPI: openapi.json · Playground: /playground

Also available on

Smithery · npm · VS Code Marketplace · Awesome OSINT MCP · RapidAPI

Multi-agent verdict metadata

Responses include a verdict block — deterministic, falsifiable_fields, data_age_seconds, sources_queried / sources_unavailable, completeness — so a verifier agent can independently re-derive specific fields from the upstream authority (NVD, RDAP, CT logs, URLhaus). Probe GET /v1/capabilities for "verdict_metadata": true.

CVE responses also embed next_calls: list[PivotHint]{tool, input, reason} triples that suggest the next MCP tool to call (e.g. kev_detail when kev.in_kev=true, cwe_lookup when cwe_id is set). Agents chain workflows without manual prompting.

MIT

Verwandte Server