
ContrastAPI
β 29from UPinar
Security intelligence MCP server β 20 tools: CVE lookup (EPSS/KEV), domain recon, SSL, IP reputation, IOC, exploit search, code security. Free, no API key.
ContrastAPI β 55 Security Tools + 7 MCP Resources for AI Agents
<p align="center"> <img src="app/static/banner.png" alt="ContrastAPI Banner" width="100%"> </p>Security intelligence, built for AI agents. Give your agent grounded answers about vulnerabilities, threats, and attack surface β backed by authoritative sources (NVD, CISA KEV, FIRST EPSS, MITRE ATLAS & D3FEND), never guesswork. CVE/KEV/CWE lookup with EPSS exploit-probability and composite risk scoring, domain & IP investigation, IOC enrichment, code-security checks, and live web intelligence. 55 tools, 7 Resources, and 3 Prompts β free, no API key, no signup.
δΈζ Β· Live: api.contrastcyber.com
Documentation
- API Documentation β REST reference: 60+ endpoints, authentication, rate limits, token costs, and response envelope.
- MCP Documentation β MCP tool-selection guide, 7 Resources, 3 Prompts, and copy-paste agent prompts.
SDKs
pip install contrastapi # Python 3.10+ β sync + async, typed responses, shortcut helpers
npm install contrastapi # Node 14+ β concrete TypeScript types, 14 namespacesBoth SDKs cover every HTTP endpoint and MCP tool β CVE/KEV/CWE, ATLAS, D3FEND, Sigma rules, email security posture, domain, IP, IOC, code security, and web intelligence β with wire-exact response shapes and a typed exception hierarchy that mirrors the API error envelope. They also expose MCP Resources for browsing the ATLAS, D3FEND, and CWE catalogs (see docs/MCP_Documentation.md) and a conditional triage Prompt (see docs/MCP_Documentation.md#contrast-triage). Web-intelligence tools β robots_txt, redirect_chain, email_verify, brand_assets, seo_audit, geo_audit β ship with an explicit ethical floor: per-target throttling, robots.txt respected, no SMTP probing.
Links
OpenAPI: openapi.json
<details> <summary>Also available on</summary>Smithery Β· npm Β· VS Code Marketplace Β· Awesome OSINT MCP Β· RapidAPI
</details> <details> <summary>Multi-agent verdict metadata</summary>Responses include a verdict block β deterministic, falsifiable_fields, data_age_seconds, sources_queried / sources_unavailable, completeness β so a verifier agent can independently re-derive specific fields from the upstream authority (NVD, RDAP, CT logs, URLhaus). Probe GET /v1/capabilities for "verdict_metadata": true.
CVE responses also embed next_calls: list[PivotHint] β {tool, input, reason} triples that suggest the next MCP tool to call (e.g. kev_detail when kev.in_kev=true, cwe_lookup when cwe_id is set). Agents chain workflows without manual prompting.
MIT
pip install contrastapi # Python 3.10+ β sync + async, typed responses, shortcut helpers
npm install contrastapi # Node 14+ β concrete TypeScript types, 14 namespacesSetup (MCP)
Any MCP client
{
"mcpServers": {
"contrastapi": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
}
}
}Restart your agent. Other clients (Python SDK, Node SDK, cURL, VS Code): mcp-setup Β· quickstart
Claude Desktop β one-click extension
Grab the .mcpb file from the latest release and double-click it (or Claude Desktop β Settings β Extensions β Install Extensionβ¦). No signup, no API key β all 55 tools ready immediately.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.