MCP Hub
Back to servers

contrastapi

Security intelligence API for AI models. CVE lookup with EPSS/KEV, domain recon (DNS, WHOIS, SSL, subdomains, WAF), and code security checks (secrets, injection, headers). 16 tools, no API key required.

glama
Updated
Mar 27, 2026
View Source
Claim this server

ContrastAPI

Security intelligence API for AI models and developers. CVE lookup, domain reconnaissance, and code security verification. Structured JSON with LLM-optimized summaries.

Live: https://api.contrastcyber.com

Endpoints

Domain Intelligence

GET /v1/domain/{domain}        Full domain report
GET /v1/dns/{domain}           DNS records
GET /v1/whois/{domain}         WHOIS lookup
GET /v1/subdomains/{domain}    Subdomain enumeration
GET /v1/certs/{domain}         CT log certificates
GET /v1/ip/{ip}                Reverse DNS

CVE Intelligence

GET /v1/cve/{cve_id}           CVE details + EPSS + KEV
GET /v1/cves?product=&severity= Search CVEs
GET /v1/cves/recent?hours=24   Latest CVEs
GET /v1/cves/kev               CISA exploited vulns
GET /v1/epss/{cve_id}          Exploit probability

Code Security

POST /v1/check/headers         Validate HTTP security headers
POST /v1/check/secrets         Detect hardcoded secrets
POST /v1/check/injection       SQL/cmd injection patterns
POST /v1/check/dependencies    Check packages for known CVEs

Quick Start

curl https://api.contrastcyber.com/v1/domain/example.com

{
  "domain": "example.com",
  "summary": "example.com resolves to 93.184.216.34. SSL by DigiCert. No WAF. 3 subdomains.",
  "dns": { "a": ["93.184.216.34"], "ns": ["a.iana-servers.net"] },
  "whois": { "registrar": "RESERVED-Internet Assigned Numbers Authority" },
  "ssl": { "issuer": "DigiCert", "not_after": "Mar 01 2025" },
  "subdomains": { "count": 3, "subdomains": ["www.example.com"] },
  "waf": { "waf_present": false }
}

Authentication

TierRate LimitAuth
Free100 req/hrNo key needed
Pro1,000 req/hrAuthorization: Bearer cc_xxx

Pro keys available at api.contrastcyber.com -- $9/month.

Docs

Data Sources

SourceRecordsUpdate
NVD (NIST)340k+ CVEsEvery 2 hours
CISA KEV1,500+ exploited vulnsEvery 2 hours
FIRST EPSS323k+ exploit scoresEvery 2 hours

Self-Hosting

git clone https://github.com/UPinar/contrastapi.git
cd contrastapi
python3 -m venv venv
venv/bin/pip install -r requirements.txt
cd app
../venv/bin/uvicorn main:app --host 127.0.0.1 --port 8002

Tests

cd app
python -m pytest tests/ -v

270 tests covering auth, rate limiting, validation, database operations, domain intelligence, CVE intelligence, code security, and API routes.

Stack

  • Runtime: Python 3.12, FastAPI, uvicorn
  • Database: SQLite (WAL mode, 3 databases)
  • DNS: dnspython
  • HTTP: httpx

License

MIT

Reviews

No reviews yet

Sign in to write a review