ContrastAPI — 29 Security Tools for AI Agents

Security intelligence API and MCP server for AI agents. Domain audit, CVE lookup with EPSS+KEV, IP threat reports, IOC enrichment, tech fingerprinting, and 23 more. Free, no API key, 100 credits/hour.

English | 中文 · Live: api.contrastcyber.com

---

30-Second Setup

Pick your integration:

Option 1: MCP (Claude Desktop / Cursor / VS Code / Windsurf)

Add to your MCP config:

{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
    }
  }
}

Restart your agent. Done. Full setup guide: api.contrastcyber.com/mcp-setup

Option 2: Node.js SDK

npm install contrastapi

const api = require("contrastapi")();

const audit = await api.domain.audit("example.com");        // full audit
const cve   = await api.cve.lookup("CVE-2024-3094");        // EPSS + KEV
const ip    = await api.ip.threatReport("8.8.8.8");         // Shodan + AbuseIPDB + ASN
const bulk  = await api.cve.bulk(["CVE-2021-44228", "CVE-2024-3094"]);

Zero dependencies, Node 14+. Full SDK docs: sdk/node/

Option 3: cURL

curl https://api.contrastcyber.com/v1/cve/CVE-2024-3094
curl https://api.contrastcyber.com/v1/audit/example.com
curl https://api.contrastcyber.com/v1/threat-report/8.8.8.8

More examples: API Quick Start (cURL, Node.js, Python, CI/CD)

Option 4: VS Code Extension

Install ContrastAPI — Security Intelligence from the Marketplace. 29 commands, sidebar tree, right-click context menu. No API key required.

---

Try It Now

After setup, ask your AI agent:

• "Run a full security audit on example.com"
• "Is CVE-2024-3094 being exploited in the wild? Check EPSS + KEV."
• "Is 8.8.8.8 malicious? Pull AbuseIPDB, Shodan, and ASN."

More example prompts: docs/PROMPTS.md · /playground (interactive tester)

---

What's Inside

• 29 MCP tools across 6 categories — full list: docs/ENDPOINTS.md
• 340K+ CVEs synced from NVD every 2 hours, enriched with EPSS exploit probability + CISA KEV status
• Weighted credits — 1 for simple calls, 4 for heavy orchestration (audit, threat report), N for bulk lookups
• LLM-optimized summaries — every response includes a summary field so agents reason without parsing nested JSON
• Distribution — npm SDK · VS Code Extension · Smithery MCP (96/100 quality) · REST API

Why ContrastAPI?

• One call, full picture — audit returns report + tech fingerprint + live headers in a single response
• Machine-readable — structured JSON, LLM-optimized summaries, OpenAPI spec, MCP-first
• Free forever — 100 credits/hour, no API key, no signup, no credit card

Docs & Links

• API Quick Start: api.contrastcyber.com/quickstart
• MCP Setup: api.contrastcyber.com/mcp-setup
• Full endpoint list: docs/ENDPOINTS.md
• OpenAPI spec: api.contrastcyber.com/openapi.json
• LLM discovery: api.contrastcyber.com/llms.txt
• Interactive playground: api.contrastcyber.com/playground

Self-Hosting

git clone https://github.com/UPinar/contrastapi.git
cd contrastapi
python3 -m venv venv
venv/bin/pip install -r requirements.txt
cd app
../venv/bin/uvicorn main:app --host 127.0.0.1 --port 8002

Requires Python 3.12. SQLite databases auto-initialize on first run. See docs/ENDPOINTS.md for the full endpoint reference.

Tests

cd app && PYTHONPATH=. python -m pytest tests/ -v

853 tests, 36/36 smoke-test coverage on every 15-minute cron. Covers auth, rate limiting, validation, database ops, domain intelligence, CVE intelligence, threat intelligence, code security (ReDoS protection, concurrency limits), tech fingerprinting, IP reputation, email security, phone validation, web archive, MCP endpoint, bulk endpoints, weighted credit system, and API routes.

Stack & Architecture

• Runtime: Python 3.12, FastAPI, uvicorn (2 workers)
• MCP: Official mcp-python-sdk with Streamable HTTP transport, mounted as sub-app at /mcp
• Domain audit: 8+ parallel checks (SSL, DNS, WHOIS, SPF/DMARC/DKIM, CT logs, tech fingerprint, security headers) via ThreadPoolExecutor, with 1-hour SQLite caching for warm-path responses
• Database: SQLite with WAL mode (3 databases: API rate-limit, CVE cache, domain cache)
• DNS: dnspython with _SSRFSafeBackend (custom httpcore backend that validates all resolved IPs before connecting — catches DNS rebinding)
• HTTP: httpx
• Rate limiting: SQLite sliding window, shared across workers via WAL mode
• Weighted credits: Atomic BEGIN IMMEDIATE consumption — either the whole N-credit batch fits or the request is rejected

Also Available On

• Smithery: smithery.ai/servers/contrastcyber/contrastapi (96/100 quality score)
• npm: npmjs.com/package/contrastapi
• VS Code Marketplace: ContrastAPI — Security Intelligence
• Awesome OSINT MCP Servers: soxoj/awesome-osint-mcp-servers
• RapidAPI: rapidapi.com/UPinar/api/contrastapi

License

MIT