Labsco
UPinar logo

ContrastAPI

β˜… 29

from UPinar

Security intelligence MCP server β€” 20 tools: CVE lookup (EPSS/KEV), domain recon, SSL, IP reputation, IOC, exploit search, code security. Free, no API key.

πŸ”₯πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeQuick setup

ContrastAPI β€” 55 Security Tools + 7 MCP Resources for AI Agents

<p align="center"> <img src="app/static/banner.png" alt="ContrastAPI Banner" width="100%"> </p>

MCP Install in Claude Desktop smithery badge contrastapi MCP server License: MIT

Security intelligence, built for AI agents. Give your agent grounded answers about vulnerabilities, threats, and attack surface β€” backed by authoritative sources (NVD, CISA KEV, FIRST EPSS, MITRE ATLAS & D3FEND), never guesswork. CVE/KEV/CWE lookup with EPSS exploit-probability and composite risk scoring, domain & IP investigation, IOC enrichment, code-security checks, and live web intelligence. 55 tools, 7 Resources, and 3 Prompts β€” free, no API key, no signup.

δΈ­ζ–‡ Β· Live: api.contrastcyber.com


Documentation

  • API Documentation β€” REST reference: 60+ endpoints, authentication, rate limits, token costs, and response envelope.
  • MCP Documentation β€” MCP tool-selection guide, 7 Resources, 3 Prompts, and copy-paste agent prompts.

SDKs

Copy & paste β€” that's it
pip install contrastapi      # Python 3.10+ β€” sync + async, typed responses, shortcut helpers
npm install contrastapi      # Node 14+ β€” concrete TypeScript types, 14 namespaces

Both SDKs cover every HTTP endpoint and MCP tool β€” CVE/KEV/CWE, ATLAS, D3FEND, Sigma rules, email security posture, domain, IP, IOC, code security, and web intelligence β€” with wire-exact response shapes and a typed exception hierarchy that mirrors the API error envelope. They also expose MCP Resources for browsing the ATLAS, D3FEND, and CWE catalogs (see docs/MCP_Documentation.md) and a conditional triage Prompt (see docs/MCP_Documentation.md#contrast-triage). Web-intelligence tools β€” robots_txt, redirect_chain, email_verify, brand_assets, seo_audit, geo_audit β€” ship with an explicit ethical floor: per-target throttling, robots.txt respected, no SMTP probing.

Links

OpenAPI: openapi.json

<details> <summary>Also available on</summary>

Smithery Β· npm Β· VS Code Marketplace Β· Awesome OSINT MCP Β· RapidAPI

</details> <details> <summary>Multi-agent verdict metadata</summary>

Responses include a verdict block β€” deterministic, falsifiable_fields, data_age_seconds, sources_queried / sources_unavailable, completeness β€” so a verifier agent can independently re-derive specific fields from the upstream authority (NVD, RDAP, CT logs, URLhaus). Probe GET /v1/capabilities for "verdict_metadata": true.

CVE responses also embed next_calls: list[PivotHint] β€” {tool, input, reason} triples that suggest the next MCP tool to call (e.g. kev_detail when kev.in_kev=true, cwe_lookup when cwe_id is set). Agents chain workflows without manual prompting.

</details>

MIT