Skip to content

UPinar/contrastapi

BranchesTags

Repository files navigation

ContrastAPI

ContrastAPI Banner

License: MIT Python 3.12 Tests MCP VS Code RapidAPI npm

Security intelligence API and MCP server for AI agents. 25 MCP tools / 35+ endpoints: CVE lookup with EPSS/KEV enrichment, domain reconnaissance, SSL analysis, IP reputation (AbuseIPDB, Shodan), IOC/malware lookup, exploit search, technology fingerprinting, email security, phone validation, and code security scanning. Free, no API key required.

English | 中文

Live: api.contrastcyber.com | Quick Start: API · MCP · VS Code | Docs: Endpoints | Scanner: contrastcyber.com | Blog: I Built 25 Security Tools That AI Agents Can Use

Use with AI Agents

VS Code Extension: Install ContrastAPI from the Marketplace — 25 security tools in your editor, no API key required.

MCP Setup for Claude Desktop, Cursor, VS Code, Windsurf: MCP Setup Guide

Then ask your AI:

Recon & Domain

  • "Run a full security audit on example.com"
  • "What are the DNS records for example.com?"
  • "Is the SSL certificate on example.com expiring soon?"
  • "What technologies does example.com use?"
  • "Check the security headers on example.com"
  • "Find all subdomains of example.com"
  • "Who registered example.com and when does it expire?"
  • "Does example.com have proper SPF and DMARC records?"

CVE & Exploits

  • "Look up CVE-2024-3094 — is it being exploited in the wild?"
  • "Find critical Apache vulnerabilities from the last 6 months"
  • "Are there public exploits for CVE-2021-44228?"

IP & Network

  • "Is 8.8.8.8 malicious? Check its reputation"
  • "What ASN does 1.1.1.1 belong to?"

Threat Intelligence

  • "Check example.com for known malware URLs"
  • "Enrich this IOC: 185.220.101.1"
  • "Check if http://evil-example.test/login is a phishing URL"
  • "Has this password been exposed in a data breach?"
  • "Is this file hash known malware? a1b2c3d4..."

Code Security

  • "Check this code for hardcoded API keys and secrets"
  • "Scan this function for SQL injection vulnerabilities"
  • "Validate these HTTP security headers: Content-Security-Policy, X-Frame-Options"

Contact Validation

  • "Is user@example.com a disposable email?"
  • "Look up this phone number: +1-555-0123"
  • "Find accounts for username 'johndoe' across platforms"

Quick Start

Node.js SDK

npm install contrastapi
const api = require("contrastapi")();

const report = await api.domain.report("example.com");
const cve = await api.cve.lookup("CVE-2024-3094");
const ssl = await api.domain.ssl("example.com");
const headers = await api.scan.headers("example.com");

With API key (Pro): const api = require("contrastapi")({ apiKey: "your-key" });

Full SDK docs: sdk/node/

cURL

curl https://api.contrastcyber.com/v1/domain/example.com

More examples: API Quick Start (cURL, Node.js, Python, CI/CD)

Why ContrastAPI?

  • One call, full picture — domain report returns DNS + WHOIS + SSL + subdomains + WAF + IP reputation in a single response
  • CVE intelligence — 340K+ CVEs enriched with EPSS exploit probability and CISA KEV status
  • IP reputation — AbuseIPDB, Shodan enrichment with 24-hour cache
  • Tech fingerprinting — detect CMS, frameworks, CDN, analytics from headers + HTML
  • AI-native — LLM-optimized summaries, structured JSON, OpenAPI spec
  • Free forever — 100 req/hr, no API key, no signup

Endpoints

Domain Intelligence

GET  /v1/domain/{domain}       Full domain report (DNS + WHOIS + SSL + subs + WAF + reputation)
GET  /v1/dns/{domain}          DNS records (A, AAAA, MX, NS, TXT, CNAME, SOA)
GET  /v1/whois/{domain}        WHOIS registration data
GET  /v1/subdomains/{domain}   Subdomain enumeration (DNS brute + CT logs)
GET  /v1/certs/{domain}        Certificate transparency logs
GET  /v1/ssl/{domain}          SSL/TLS analysis (cipher, cert chain, grade A-F)
GET  /v1/ip/{ip}               IP intel + reputation (AbuseIPDB, Shodan)
GET  /v1/asn/{target}          ASN lookup (AS number or IP)
GET  /v1/tech/{domain}         Technology fingerprinting (CMS, frameworks, CDN, analytics)
GET  /v1/threat/{domain}       Threat intelligence (URLhaus malware URLs)
GET  /v1/archive/{domain}      Web archive history (Wayback Machine snapshots)
GET  /v1/scan/headers/{domain} Live HTTP security header scan
GET  /v1/monitor/{domain}      Lightweight domain health check
GET  /v1/domain/{domain}/vulns Tech stack CVE scan
GET  /v1/email/mx/{domain}     Mail provider detection + email security grade
GET  /v1/email/disposable/{email} Disposable/temporary email check
POST /v1/domains/bulk          Bulk domain scan (10 free, 50 pro)

CVE Intelligence

GET /v1/cve/{cve_id}           CVE details + EPSS + KEV
GET /v1/cves?product=&severity= Search CVEs
GET /v1/cves/recent?hours=24   Latest CVEs
GET /v1/cves/kev               CISA exploited vulns
GET /v1/epss/{cve_id}          Exploit probability
GET /v1/exploit/{cve_id}       Public exploit search (GitHub Advisory + Shodan)

Threat Intelligence

GET /v1/ioc/{indicator}        Unified IOC enrichment (IP, domain, URL, hash)
GET /v1/hash/{hash}            Malware hash reputation (MalwareBazaar)
GET /v1/password/{sha1}        Password breach check (HIBP, k-anonymity)
GET /v1/phishing/{url}         Phishing/malware URL check (URLhaus)
GET /v1/phone/{number}         Phone number OSINT (carrier, type, country)
GET /v1/username/{username}    Username OSINT (16 platforms, account discovery)

Code Security

POST /v1/check/headers         Validate HTTP security headers
POST /v1/check/secrets         Detect hardcoded secrets
POST /v1/check/injection       SQL/cmd injection patterns
POST /v1/check/dependencies    Check packages for known CVEs

Rate Limits

Tier Limit API Key
Free 100 req/hr Not required
Pro 1,000 req/hr Get API Key

Data Sources

Source Records Update
NVD (NIST) 340k+ CVEs Every 2 hours
CISA KEV 1,500+ exploited vulns Every 2 hours
FIRST EPSS 323k+ exploit scores Every 2 hours

Docs

Self-Hosting

git clone https://github.com/UPinar/contrastapi.git
cd contrastapi
python3 -m venv venv
venv/bin/pip install -r requirements.txt
cd app
../venv/bin/uvicorn main:app --host 127.0.0.1 --port 8002

Tests

cd app && PYTHONPATH=. python -m pytest tests/ -v

782 tests covering auth, rate limiting, validation, database operations, domain intelligence, CVE intelligence, threat intelligence, code security (ReDoS protection, concurrency limits), tech fingerprinting, IP reputation, email security, phone validation, web archive, MCP endpoint, and API routes.

Stack

  • Runtime: Python 3.12, FastAPI, uvicorn
  • Database: SQLite (WAL mode, 3 databases)
  • DNS: dnspython
  • HTTP: httpx

Also Available On

License

MIT

About

Security intelligence API and MCP server for AI agents. 25 tools, 35+ endpoints: CVE/EPSS/KEV, domain recon, SSL, IP reputation, threat intel, email security, code scanning. Free, no signup.

api.contrastcyber.com

Topics

api security osint mcp cybersecurity cve threat-intelligence ai-agents vulnerability-scanner fastapi domain-reconnaissance mcp-server

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

15 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v1.5.0 Latest
Apr 8, 2026
+ 2 releases

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

 
 
 

Contributors

Languages