ContrastAPI
Security intelligence MCP server — 20 tools: CVE lookup (EPSS/KEV), domain recon, SSL, IP reputation, IOC, exploit search, code security. Free, no API key.
ContrastAPI
Security intelligence API and MCP server for AI agents. 20 tools / 30+ endpoints: CVE lookup with EPSS/KEV enrichment, domain reconnaissance, SSL analysis, IP reputation (AbuseIPDB, Shodan), IOC/malware lookup, exploit search, technology fingerprinting, and code security scanning. Free, no API key required.
Live: api.contrastcyber.com | Docs: Swagger UI | Scanner: contrastcyber.com
Use with Claude, Cursor, Windsurf
Add to your MCP config (Claude Desktop, Cursor, Windsurf, VS Code, etc.):
{
"mcpServers": {
"contrastapi": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
}
}
}
Then ask your AI: "Check if example.com has SSL issues", "Look up CVE-2024-3094", "Is this IP malicious: 8.8.8.8"
20 MCP Tools
| Category | Tools |
|---|---|
| Domain Intel | domain_report dns_lookup whois_lookup ssl_check subdomain_enum tech_fingerprint threat_intel scan_headers |
| IP & Network | ip_lookup asn_lookup |
| CVE & Exploits | cve_lookup cve_search exploit_lookup |
| Threat Intel | ioc_lookup hash_lookup password_check phishing_check |
| Code Security | check_secrets check_injection check_headers |
Why ContrastAPI?
- One call, full picture — domain report returns DNS + WHOIS + SSL + subdomains + WAF + IP reputation in a single response
- CVE intelligence — 340K+ CVEs enriched with EPSS exploit probability and CISA KEV status
- IP reputation — AbuseIPDB, Shodan enrichment with 24-hour cache
- Tech fingerprinting — detect CMS, frameworks, CDN, analytics from headers + HTML
- AI-native — LLM-optimized summaries, structured JSON, OpenAPI spec
- Free forever — 100 req/hr, no API key, no signup
Quick Start (REST API)
# Domain intelligence
curl "https://api.contrastcyber.com/v1/domain/example.com"
# CVE lookup with EPSS + KEV
curl "https://api.contrastcyber.com/v1/cve/CVE-2024-3094"
# Search CVEs
curl "https://api.contrastcyber.com/v1/cves?product=apache&severity=critical"
# SSL analysis
curl "https://api.contrastcyber.com/v1/ssl/example.com"
# IOC lookup (IP, domain, URL, or hash)
curl "https://api.contrastcyber.com/v1/ioc/8.8.8.8"
# Public exploit search
curl "https://api.contrastcyber.com/v1/exploit/CVE-2021-44228"
# Check code for secrets
curl -X POST "https://api.contrastcyber.com/v1/check/secrets" \
-H "Content-Type: application/json" \
-d '{"code": "password = \"admin123\"", "language": "python"}'
Python:
import httpx
r = httpx.get("https://api.contrastcyber.com/v1/domain/example.com")
report = r.json()
print(report["security_score"]) # "B" (A-F grade)
print(report["dns"]["a"]) # ["93.184.216.34"]
print(report["ssl"]["grade"]) # "A"
JavaScript:
const r = await fetch("https://api.contrastcyber.com/v1/cve/CVE-2024-3094");
const cve = await r.json();
console.log(cve.severity); // "CRITICAL"
console.log(cve.epss.score); // 0.94 (94% exploit probability)
console.log(cve.kev.in_kev); // true (actively exploited)
Endpoints
Domain Intelligence
GET /v1/domain/{domain} Full domain report (DNS + WHOIS + SSL + subs + WAF + reputation)
GET /v1/dns/{domain} DNS records (A, AAAA, MX, NS, TXT, CNAME, SOA)
GET /v1/whois/{domain} WHOIS registration data
GET /v1/subdomains/{domain} Subdomain enumeration (DNS brute + CT logs)
GET /v1/certs/{domain} Certificate transparency logs
GET /v1/ssl/{domain} SSL/TLS analysis (cipher, cert chain, grade A-F)
GET /v1/ip/{ip} IP intel + reputation (AbuseIPDB, Shodan)
GET /v1/tech/{domain} Technology fingerprinting (CMS, frameworks, CDN, analytics)
GET /v1/threat/{domain} Threat intelligence (URLhaus malware URLs)
GET /v1/scan/headers/{domain} Live HTTP security header scan
GET /v1/monitor/{domain} Lightweight domain health check
GET /v1/domain/{domain}/vulns Tech stack CVE scan
POST /v1/domains/bulk Bulk domain scan (10 free, 50 pro)
CVE Intelligence
GET /v1/cve/{cve_id} CVE details + EPSS + KEV
GET /v1/cves?product=&severity= Search CVEs
GET /v1/cves/recent?hours=24 Latest CVEs
GET /v1/cves/kev CISA exploited vulns
GET /v1/epss/{cve_id} Exploit probability
GET /v1/exploit/{cve_id} Public exploit search (GitHub Advisory + Shodan)
Threat Intelligence
GET /v1/ioc/{indicator} Unified IOC enrichment (IP, domain, URL, hash)
GET /v1/hash/{hash} Malware hash reputation (MalwareBazaar)
GET /v1/password/{sha1} Password breach check (HIBP, k-anonymity)
GET /v1/phishing/{url} Phishing/malware URL check (URLhaus)
Code Security
POST /v1/check/headers Validate HTTP security headers
POST /v1/check/secrets Detect hardcoded secrets
POST /v1/check/injection SQL/cmd injection patterns
POST /v1/check/dependencies Check packages for known CVEs
Rate Limits
| Tier | Limit | API Key |
|---|---|---|
| Free | 100 req/hr | Not required |
| Pro | 1,000 req/hr | Get API Key |
Data Sources
| Source | Records | Update |
|---|---|---|
| NVD (NIST) | 340k+ CVEs | Every 2 hours |
| CISA KEV | 1,500+ exploited vulns | Every 2 hours |
| FIRST EPSS | 323k+ exploit scores | Every 2 hours |
MCP Server (Advanced)
HTTP (remote — recommended):
POST https://api.contrastcyber.com/mcp/
Content-Type: application/json
Accept: application/json, text/event-stream
Stdio (local — self-hosted):
{
"mcpServers": {
"contrastapi": {
"command": "python3",
"args": ["mcp_server.py"]
}
}
}
Docs
- Swagger UI: https://api.contrastcyber.com/docs
- OpenAPI spec: https://api.contrastcyber.com/openapi.json
- LLM discovery: https://api.contrastcyber.com/llms.txt
Self-Hosting
git clone https://github.com/UPinar/contrastapi.git
cd contrastapi
python3 -m venv venv
venv/bin/pip install -r requirements.txt
cd app
../venv/bin/uvicorn main:app --host 127.0.0.1 --port 8002
Tests
cd app && PYTHONPATH=. python -m pytest tests/ -v
677 tests covering auth, rate limiting, validation, database operations, domain intelligence, CVE intelligence, threat intelligence, code security (ReDoS protection, concurrency limits), tech fingerprinting, IP reputation, MCP endpoint, and API routes.
Stack
- Runtime: Python 3.12, FastAPI, uvicorn
- Database: SQLite (WAL mode, 3 databases)
- DNS: dnspython
- HTTP: httpx
Also Available On
- Awesome OSINT MCP Servers: soxoj/awesome-osint-mcp-servers
- RapidAPI: rapidapi.com/UPinar/api/contrastapi
- Product Hunt: contrastapi
License
MIT
Verwandte Server
MISP MCP Server
Integrates with MISP (Malware Information Sharing Platform) to provide threat intelligence capabilities to Large Language Models.
Klavis Strata
One MCP server for AI agents to use any tools reliably at any scale
Weather Service MCP Server
A Spring Boot-based weather service providing weather forecasts and alerts via MCP integration.
FatSecret
Server that connects Claude/Cursor to the FatSecret Platform API. Search foods, track your diet, manage recipes, and monitor weight directly from your AI assistant.
PixelPanda
31 AI image processing tools — free local editing, AI background removal & upscaling, and paid product photo generation
mcp-server-sentinel
Crypto trading backtesting, bot deployment, and account management for Sentinel Bot via AI agents.
Send247 Human Logistics
Human Logistics in the AI Layer
Chia Health MCP Server
Chia Health MCP Server — Patient workflow integration for a licensed US telehealth platform. Browse GLP-1 medications (semaglutide, tirzepatide), peptide therapies (sermorelin, NAD+, glutathione), and longevity treatments. Check eligibility, complete intake, sign consents, and manage treatment plans. 30 tools, HIPAA-compliant. All prescriptions evaluated by licensed US healthcare providers and delivered from FDA-regulated pharmacies across 50 states + DC.
MCP Trader Server
An MCP server for stock and cryptocurrency analysis with technical analysis tools.
Immanuel MCP Server
An MCP server for astrological chart calculations using the immanuel-python library.