ContrastAPI

Security intelligence API and MCP server for AI agents. 25 MCP tools / 35+ endpoints: CVE lookup with EPSS/KEV enrichment, domain reconnaissance, SSL analysis, IP reputation (AbuseIPDB, Shodan), IOC/malware lookup, exploit search, technology fingerprinting, email security, phone validation, and code security scanning. Free, no API key required.

English | 中文

Live: api.contrastcyber.com | Quick Start: API · MCP · VS Code | Docs: Endpoints | Scanner: contrastcyber.com | Blog: I Built 25 Security Tools That AI Agents Can Use

Use with AI Agents

VS Code Extension: Install ContrastAPI from the Marketplace — 25 security tools in your editor, no API key required.

MCP Setup for Claude Desktop, Cursor, VS Code, Windsurf: MCP Setup Guide

Then ask your AI:

Recon & Domain

"Run a full security audit on example.com"
"What are the DNS records for example.com?"
"Is the SSL certificate on example.com expiring soon?"
"What technologies does example.com use?"
"Check the security headers on example.com"
"Find all subdomains of example.com"
"Who registered example.com and when does it expire?"
"Does example.com have proper SPF and DMARC records?"

CVE & Exploits

"Look up CVE-2024-3094 — is it being exploited in the wild?"
"Find critical Apache vulnerabilities from the last 6 months"
"Are there public exploits for CVE-2021-44228?"

IP & Network

"Is 8.8.8.8 malicious? Check its reputation"
"What ASN does 1.1.1.1 belong to?"

Threat Intelligence

"Check example.com for known malware URLs"
"Enrich this IOC: 185.220.101.1"
"Check if http://evil-example.test/login is a phishing URL"
"Has this password been exposed in a data breach?"
"Is this file hash known malware? a1b2c3d4..."

Code Security

"Check this code for hardcoded API keys and secrets"
"Scan this function for SQL injection vulnerabilities"
"Validate these HTTP security headers: Content-Security-Policy, X-Frame-Options"

Contact Validation

"Is user@example.com a disposable email?"
"Look up this phone number: +1-555-0123"
"Find accounts for username 'johndoe' across platforms"

Quick Start

Node.js SDK

npm install contrastapi

const api = require("contrastapi")();

const report = await api.domain.report("example.com");
const cve = await api.cve.lookup("CVE-2024-3094");
const ssl = await api.domain.ssl("example.com");
const headers = await api.scan.headers("example.com");

With API key (Pro): const api = require("contrastapi")({ apiKey: "your-key" });

Full SDK docs: sdk/node/

cURL

curl https://api.contrastcyber.com/v1/domain/example.com

More examples: API Quick Start (cURL, Node.js, Python, CI/CD)

Why ContrastAPI?

One call, full picture — domain report returns DNS + WHOIS + SSL + subdomains + WAF + IP reputation in a single response
CVE intelligence — 340K+ CVEs enriched with EPSS exploit probability and CISA KEV status
IP reputation — AbuseIPDB, Shodan enrichment with 24-hour cache
Tech fingerprinting — detect CMS, frameworks, CDN, analytics from headers + HTML
AI-native — LLM-optimized summaries, structured JSON, OpenAPI spec
Free forever — 100 req/hr, no API key, no signup

Endpoints

Domain Intelligence

GET  /v1/domain/{domain}       Full domain report (DNS + WHOIS + SSL + subs + WAF + reputation)
GET  /v1/dns/{domain}          DNS records (A, AAAA, MX, NS, TXT, CNAME, SOA)
GET  /v1/whois/{domain}        WHOIS registration data
GET  /v1/subdomains/{domain}   Subdomain enumeration (DNS brute + CT logs)
GET  /v1/certs/{domain}        Certificate transparency logs
GET  /v1/ssl/{domain}          SSL/TLS analysis (cipher, cert chain, grade A-F)
GET  /v1/ip/{ip}               IP intel + reputation (AbuseIPDB, Shodan)
GET  /v1/asn/{target}          ASN lookup (AS number or IP)
GET  /v1/tech/{domain}         Technology fingerprinting (CMS, frameworks, CDN, analytics)
GET  /v1/threat/{domain}       Threat intelligence (URLhaus malware URLs)
GET  /v1/archive/{domain}      Web archive history (Wayback Machine snapshots)
GET  /v1/scan/headers/{domain} Live HTTP security header scan
GET  /v1/monitor/{domain}      Lightweight domain health check
GET  /v1/domain/{domain}/vulns Tech stack CVE scan
GET  /v1/email/mx/{domain}     Mail provider detection + email security grade
GET  /v1/email/disposable/{email} Disposable/temporary email check
POST /v1/domains/bulk          Bulk domain scan (10 free, 50 pro)

CVE Intelligence

GET /v1/cve/{cve_id}           CVE details + EPSS + KEV
GET /v1/cves?product=&severity= Search CVEs
GET /v1/cves/recent?hours=24   Latest CVEs
GET /v1/cves/kev               CISA exploited vulns
GET /v1/epss/{cve_id}          Exploit probability
GET /v1/exploit/{cve_id}       Public exploit search (GitHub Advisory + Shodan)

Threat Intelligence

GET /v1/ioc/{indicator}        Unified IOC enrichment (IP, domain, URL, hash)
GET /v1/hash/{hash}            Malware hash reputation (MalwareBazaar)
GET /v1/password/{sha1}        Password breach check (HIBP, k-anonymity)
GET /v1/phishing/{url}         Phishing/malware URL check (URLhaus)
GET /v1/phone/{number}         Phone number OSINT (carrier, type, country)
GET /v1/username/{username}    Username OSINT (16 platforms, account discovery)

Code Security

POST /v1/check/headers         Validate HTTP security headers
POST /v1/check/secrets         Detect hardcoded secrets
POST /v1/check/injection       SQL/cmd injection patterns
POST /v1/check/dependencies    Check packages for known CVEs

Rate Limits

Tier	Limit	API Key
Free	100 req/hr	Not required
Pro	1,000 req/hr	Get API Key

Data Sources

Source	Records	Update
NVD (NIST)	340k+ CVEs	Every 2 hours
CISA KEV	1,500+ exploited vulns	Every 2 hours
FIRST EPSS	323k+ exploit scores	Every 2 hours

Docs

API Quick Start: https://api.contrastcyber.com/quickstart
MCP Setup: https://api.contrastcyber.com/mcp-setup
OpenAPI spec: https://api.contrastcyber.com/openapi.json
LLM discovery: https://api.contrastcyber.com/llms.txt

Self-Hosting

git clone https://github.com/UPinar/contrastapi.git
cd contrastapi
python3 -m venv venv
venv/bin/pip install -r requirements.txt
cd app
../venv/bin/uvicorn main:app --host 127.0.0.1 --port 8002

Tests

cd app && PYTHONPATH=. python -m pytest tests/ -v

782 tests covering auth, rate limiting, validation, database operations, domain intelligence, CVE intelligence, threat intelligence, code security (ReDoS protection, concurrency limits), tech fingerprinting, IP reputation, email security, phone validation, web archive, MCP endpoint, and API routes.

Stack

Runtime: Python 3.12, FastAPI, uvicorn
Database: SQLite (WAL mode, 3 databases)
DNS: dnspython
HTTP: httpx

Also Available On

Awesome OSINT MCP Servers: soxoj/awesome-osint-mcp-servers
RapidAPI: rapidapi.com/UPinar/api/contrastapi
Product Hunt: contrastapi

License

MIT

Version	Changes	Urgency	Date
v1.9.0	## ContrastAPI v1.9.0 — OSV.dev 6th Source + CVE Enrichment + MCP UX Hardening ### New - OSV.dev 6th enrichment source: `cve_lookup` now cross-references OSV.dev after NVD/MITRE/GHSA/EPSS/KEV. Delta backfill (`since=2026-04-15`, `limit=500`) covers post-Apr-15 NIST enrichment gap. CVSS:3.x via `cvss==3.6` (lazy import), CWE from `database_specific.cwe_ids`, ecosystem→vendor map for 11 OSS ecosystems (npm, PyPI, Maven, Go, RubyGems, NuGet, crates.io, Packagist, Hex, Pub, SwiftURL). Selective	High	4/20/2026
v1.8.0	## ContrastAPI v1.8.0 — MITRE CNA Parser + check_dependencies + 31 MCP Tools ### New - MITRE CNA parser: `cve_lookup` now extracts CVSS/CWE/CPE from the MITRE cvelistV5 CNA container, not just NVD. CNA-only CVEs (pre-NVD, 0-day bursts) return full severity from day 0. Retroactive backfill of 340K+ existing CVEs in progress — CNA-only entries that previously returned `severity=null` are being upgraded to full CVSS/CWE. - `check_dependencies` MCP tool: requirements.txt / package.json depe	High	4/18/2026
v1.7.0	## ContrastAPI v1.7.0 — CVE Multi-Source Intelligence + 30 MCP Tools ### New - CVE Multi-Source Expansion: MITRE cvelistV5 + GitHub Security Advisories (GHSA) synced alongside NVD. CVEs indexed hours/days before NVD enriches them. - `cve_leading` endpoint + MCP tool: Returns CVEs seen by MITRE/GHSA that NVD hasn't published yet — 174 leading CVEs at launch. - `cve_sources` table: Every CVE now tracks `sources`, `first_seen_source`, `first_seen_at` — agents can reason about data fres	High	4/16/2026
v1.6.0	## ContrastAPI v1.6.0 — Privacy Hardening + 29 MCP Tools + Orchestration ### New - Feature-Gate Phase 1: Weighted credit system (audit=4, bulk=N), 4 new endpoints: `audit_domain`, `threat_report`, `bulk_cve_lookup`, `bulk_ioc_lookup` - Privacy transparency: `GET /v1/privacy/my-data` — returns every row the DB has about your (hashed) IP - DNT/GPC support: `DNT: 1` or `Sec-GPC: 1` → no usage row written - GET /mcp/ health: Returns JSON metadata for crawlers and availability checks	High	4/12/2026
v1.5.0	## ContrastAPI v1.5.0 — 25 MCP Tools ### New Endpoints (5) - `GET /v1/archive/{domain}` — Wayback Machine historical snapshots - `GET /v1/username/{username}` — Username OSINT across 16 platforms - `GET /v1/exploit/{cve_id}` — Public exploits (GitHub Advisory + ExploitDB) - `GET /v1/email/disposable/{email}` — Disposable email provider check - `GET /v1/phone/{number}` — Phone number validation and intelligence ### MCP Server Improvements - 25 MCP tools (was 20) with full parameter descriptions	High	4/8/2026

contrastapi

Description

README