ContrastAPI
Security intelligence MCP server — 20 tools: CVE lookup (EPSS/KEV), domain recon, SSL, IP reputation, IOC, exploit search, code security. Free, no API key.
ContrastAPI
Security intelligence API and MCP server for AI agents. 20 tools / 30+ endpoints: CVE lookup with EPSS/KEV enrichment, domain reconnaissance, SSL analysis, IP reputation (AbuseIPDB, Shodan), IOC/malware lookup, exploit search, technology fingerprinting, and code security scanning. Free, no API key required.
Live: api.contrastcyber.com | Docs: Swagger UI | Scanner: contrastcyber.com
Use with Claude, Cursor, Windsurf
Add to your MCP config (Claude Desktop, Cursor, Windsurf, VS Code, etc.):
{
"mcpServers": {
"contrastapi": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
}
}
}
Then ask your AI: "Check if example.com has SSL issues", "Look up CVE-2024-3094", "Is this IP malicious: 8.8.8.8"
20 MCP Tools
| Category | Tools |
|---|---|
| Domain Intel | domain_report dns_lookup whois_lookup ssl_check subdomain_enum tech_fingerprint threat_intel scan_headers |
| IP & Network | ip_lookup asn_lookup |
| CVE & Exploits | cve_lookup cve_search exploit_lookup |
| Threat Intel | ioc_lookup hash_lookup password_check phishing_check |
| Code Security | check_secrets check_injection check_headers |
Why ContrastAPI?
- One call, full picture — domain report returns DNS + WHOIS + SSL + subdomains + WAF + IP reputation in a single response
- CVE intelligence — 340K+ CVEs enriched with EPSS exploit probability and CISA KEV status
- IP reputation — AbuseIPDB, Shodan enrichment with 24-hour cache
- Tech fingerprinting — detect CMS, frameworks, CDN, analytics from headers + HTML
- AI-native — LLM-optimized summaries, structured JSON, OpenAPI spec
- Free forever — 100 req/hr, no API key, no signup
Quick Start (REST API)
# Domain intelligence
curl "https://api.contrastcyber.com/v1/domain/example.com"
# CVE lookup with EPSS + KEV
curl "https://api.contrastcyber.com/v1/cve/CVE-2024-3094"
# Search CVEs
curl "https://api.contrastcyber.com/v1/cves?product=apache&severity=critical"
# SSL analysis
curl "https://api.contrastcyber.com/v1/ssl/example.com"
# IOC lookup (IP, domain, URL, or hash)
curl "https://api.contrastcyber.com/v1/ioc/8.8.8.8"
# Public exploit search
curl "https://api.contrastcyber.com/v1/exploit/CVE-2021-44228"
# Check code for secrets
curl -X POST "https://api.contrastcyber.com/v1/check/secrets" \
-H "Content-Type: application/json" \
-d '{"code": "password = \"admin123\"", "language": "python"}'
Python:
import httpx
r = httpx.get("https://api.contrastcyber.com/v1/domain/example.com")
report = r.json()
print(report["security_score"]) # "B" (A-F grade)
print(report["dns"]["a"]) # ["93.184.216.34"]
print(report["ssl"]["grade"]) # "A"
JavaScript:
const r = await fetch("https://api.contrastcyber.com/v1/cve/CVE-2024-3094");
const cve = await r.json();
console.log(cve.severity); // "CRITICAL"
console.log(cve.epss.score); // 0.94 (94% exploit probability)
console.log(cve.kev.in_kev); // true (actively exploited)
Endpoints
Domain Intelligence
GET /v1/domain/{domain} Full domain report (DNS + WHOIS + SSL + subs + WAF + reputation)
GET /v1/dns/{domain} DNS records (A, AAAA, MX, NS, TXT, CNAME, SOA)
GET /v1/whois/{domain} WHOIS registration data
GET /v1/subdomains/{domain} Subdomain enumeration (DNS brute + CT logs)
GET /v1/certs/{domain} Certificate transparency logs
GET /v1/ssl/{domain} SSL/TLS analysis (cipher, cert chain, grade A-F)
GET /v1/ip/{ip} IP intel + reputation (AbuseIPDB, Shodan)
GET /v1/tech/{domain} Technology fingerprinting (CMS, frameworks, CDN, analytics)
GET /v1/threat/{domain} Threat intelligence (URLhaus malware URLs)
GET /v1/scan/headers/{domain} Live HTTP security header scan
GET /v1/monitor/{domain} Lightweight domain health check
GET /v1/domain/{domain}/vulns Tech stack CVE scan
POST /v1/domains/bulk Bulk domain scan (10 free, 50 pro)
CVE Intelligence
GET /v1/cve/{cve_id} CVE details + EPSS + KEV
GET /v1/cves?product=&severity= Search CVEs
GET /v1/cves/recent?hours=24 Latest CVEs
GET /v1/cves/kev CISA exploited vulns
GET /v1/epss/{cve_id} Exploit probability
GET /v1/exploit/{cve_id} Public exploit search (GitHub Advisory + Shodan)
Threat Intelligence
GET /v1/ioc/{indicator} Unified IOC enrichment (IP, domain, URL, hash)
GET /v1/hash/{hash} Malware hash reputation (MalwareBazaar)
GET /v1/password/{sha1} Password breach check (HIBP, k-anonymity)
GET /v1/phishing/{url} Phishing/malware URL check (URLhaus)
Code Security
POST /v1/check/headers Validate HTTP security headers
POST /v1/check/secrets Detect hardcoded secrets
POST /v1/check/injection SQL/cmd injection patterns
POST /v1/check/dependencies Check packages for known CVEs
Rate Limits
| Tier | Limit | API Key |
|---|---|---|
| Free | 100 req/hr | Not required |
| Pro | 1,000 req/hr | Get API Key |
Data Sources
| Source | Records | Update |
|---|---|---|
| NVD (NIST) | 340k+ CVEs | Every 2 hours |
| CISA KEV | 1,500+ exploited vulns | Every 2 hours |
| FIRST EPSS | 323k+ exploit scores | Every 2 hours |
MCP Server (Advanced)
HTTP (remote — recommended):
POST https://api.contrastcyber.com/mcp/
Content-Type: application/json
Accept: application/json, text/event-stream
Stdio (local — self-hosted):
{
"mcpServers": {
"contrastapi": {
"command": "python3",
"args": ["mcp_server.py"]
}
}
}
Docs
- Swagger UI: https://api.contrastcyber.com/docs
- OpenAPI spec: https://api.contrastcyber.com/openapi.json
- LLM discovery: https://api.contrastcyber.com/llms.txt
Self-Hosting
git clone https://github.com/UPinar/contrastapi.git
cd contrastapi
python3 -m venv venv
venv/bin/pip install -r requirements.txt
cd app
../venv/bin/uvicorn main:app --host 127.0.0.1 --port 8002
Tests
cd app && PYTHONPATH=. python -m pytest tests/ -v
677 tests covering auth, rate limiting, validation, database operations, domain intelligence, CVE intelligence, threat intelligence, code security (ReDoS protection, concurrency limits), tech fingerprinting, IP reputation, MCP endpoint, and API routes.
Stack
- Runtime: Python 3.12, FastAPI, uvicorn
- Database: SQLite (WAL mode, 3 databases)
- DNS: dnspython
- HTTP: httpx
Also Available On
- Awesome OSINT MCP Servers: soxoj/awesome-osint-mcp-servers
- RapidAPI: rapidapi.com/UPinar/api/contrastapi
- Product Hunt: contrastapi
License
MIT
Server Terkait
Flightradar24
Track flights in real-time using Flightradar24 data.
Taiwan-Health-MCP
A Model Context Protocol (MCP) server exposing Taiwan healthcare datasets such as ICD-10 and drug information for AI agents.
IzmirMCP
Access real-time public transit data for İzmir, including vehicle positions, arrivals, and schedules from İZBAN and ESHOT.
Scholar Sidekick MCP
Resolve, format, and export academic citations from any AI assistant
httpay x402 MCP Server
MCP server exposing 90+ crypto API tools with automatic x402 USDC micropayment handling — gas oracle, token lookup, wallet risk analysis, market mood, and more on Base.
402 Index
MCP server for 402 Index: discover 15,000+ paid API endpoints across L402, x402, and MPP
SciPilot
Natural language interface for scientific command-line tools via MCP
Federal Financial Intel MCP
SEC EDGAR filings, CFPB consumer complaints, and BLS employment data. 4 MCP tools for financial intelligence.
Superlines MCP server
Analyze and optimize for AI search (AIO)
Shioaji MCP Server
Access the Shioaji trading API for financial data and trading operations, requiring a SinoPac Securities account.