Skip to content

Releases: UPinar/contrastapi

v1.8.0 — MITRE CNA Parser + check_dependencies + 31 MCP Tools

18 Apr 08:25
@UPinar UPinar
v1.8.0
79305a2

Choose a tag to compare

View all tags
v1.8.0 — MITRE CNA Parser + check_dependencies + 31 MCP Tools Latest
Latest

ContrastAPI v1.8.0 — MITRE CNA Parser + check_dependencies + 31 MCP Tools

New

  • MITRE CNA parser: cve_lookup now extracts CVSS/CWE/CPE from the MITRE cvelistV5 CNA container, not just NVD. CNA-only CVEs (pre-NVD, 0-day bursts) return full severity from day 0. Retroactive backfill of 340K+ existing CVEs in progress — CNA-only entries that previously returned severity=null are being upgraded to full CVSS/CWE.
  • check_dependencies MCP tool: requirements.txt / package.json dependency audit (30 → 31 MCP tools). Single bulk-CVE query; tier-based batch cap with per-package credit charge.

Improved

  • cve_search: published_after / published_before date range (replaces days); exact product match via cve_products join table.
  • MCP error responses preserve upstream detail — wrapper no longer strips reason, field, hint, upgrade when forwarding 4xx/5xx to the agent.
  • CSP / COEP / COOP / CORP hardening landed in main.py middleware (was present on server, missing in repo).
  • Playground: Copy-JSON button, full-coverage MCP example questions.

Fixes

  • Tests: CSP/COEP/COOP/CORP header assertions added; mcp_client fixture migrated to session scope (MCP transport single-instance rule).
  • test_domain: DKIM hard-coded date fix.

Internal

  • MCP tool-call logging wired end-to-end.
  • 973 tests (was 899).

https://api.contrastcyber.com

Assets 2
Loading

v1.7.0 — CVE Multi-Source + 30 MCP Tools

16 Apr 06:07
@UPinar UPinar
v1.7.0
ddbaf86

Choose a tag to compare

View all tags
v1.7.0 — CVE Multi-Source + 30 MCP Tools

ContrastAPI v1.7.0 — CVE Multi-Source Intelligence + 30 MCP Tools

New

  • CVE Multi-Source Expansion: MITRE cvelistV5 + GitHub Security Advisories (GHSA) synced alongside NVD. CVEs indexed hours/days before NVD enriches them.
  • cve_leading endpoint + MCP tool: Returns CVEs seen by MITRE/GHSA that NVD hasn't published yet — 174 leading CVEs at launch.
  • cve_sources table: Every CVE now tracks sources, first_seen_source, first_seen_at — agents can reason about data freshness.
  • cve_search upgrade: Search by keyword, severity, date range, EPSS threshold, KEV-only — replaced 3 redundant endpoints.

Improved

  • Tool count globals: MCP_TOOL_COUNT / ENDPOINT_COUNT in config.py — landing page, capabilities, llms.txt, server-card all auto-update.
  • Security hardening: CSP unsafe-inline removed, JSON-LD via sha256 nonce, security headers in FastAPI middleware, external CSS/JS.
  • Agent-friendliness: Verdict v2 with completeness signal, blast_radius per tool, deterministic response structure.
  • Pagination consistency: offset le=5000 enforced on both REST and MCP transports.
  • Playground: Redesigned with per-param layout for cve_search.
  • 899 tests (was 853)

Fixes

  • MITRE delta asset detection for cvelistV5 releases
  • Agent discovery: 422 handler, /mcp/debug, server-card v2, well-known routes
  • Copy button, click-to-copy email, upsell signal on 429s

Infrastructure

  • cve_sources join table with automatic backfill from existing NVD data
  • Source precedence: NVD always wins on conflict, MITRE/GHSA fill gaps
  • 2h main sync + 30min GHSA cadence

https://api.contrastcyber.com

Loading

v1.6.0

12 Apr 05:35
@UPinar UPinar
v1.6.0
d27797e

Choose a tag to compare

View all tags
v1.6.0

ContrastAPI v1.6.0 — Privacy Hardening + 29 MCP Tools + Orchestration

New

  • Feature-Gate Phase 1: Weighted credit system (audit=4, bulk=N), 4 new endpoints: audit_domain, threat_report, bulk_cve_lookup, bulk_ioc_lookup
  • Privacy transparency: GET /v1/privacy/my-data — returns every row the DB has about your (hashed) IP
  • DNT/GPC support: DNT: 1 or Sec-GPC: 1 → no usage row written
  • GET /mcp/ health: Returns JSON metadata for crawlers and availability checks (was 406)
  • Interactive playground: 29 endpoint cards at /playground

Improved

  • Landing page redesign for HN launch
  • README rewrite (30-second onboarding)
  • Node SDK 1.1.0 (audit, threat-report, bulk methods)
  • MCP Accept header normalization for tolerant probes (Chiark fix)
  • Smithery score: 98 → 96/100 (recalibration)
  • 853 tests (was 788)

Fixes

  • MCP logger chain so tool calls reach the journal
  • Trust strip test count alignment
  • A11y contrast fixes (WCAG AA)
  • Smithery URL 404 fix

https://api.contrastcyber.com

Loading

v1.5.0

08 Apr 05:42
@UPinar UPinar
v1.5.0
01e9d33

Choose a tag to compare

View all tags
v1.5.0

ContrastAPI v1.5.0 — 25 MCP Tools

New Endpoints (5)

  • GET /v1/archive/{domain} — Wayback Machine historical snapshots
  • GET /v1/username/{username} — Username OSINT across 16 platforms
  • GET /v1/exploit/{cve_id} — Public exploits (GitHub Advisory + ExploitDB)
  • GET /v1/email/disposable/{email} — Disposable email provider check
  • GET /v1/phone/{number} — Phone number validation and intelligence

MCP Server Improvements

  • 25 MCP tools (was 20) with full parameter descriptions via Annotated[Field]
  • Tool annotations: readOnlyHint, idempotentHint, openWorldHint
  • 2 MCP prompts: security_audit, vulnerability_check
  • Smithery score: 23 → 98/100
  • VS Code extension published: ContrastAPI on Marketplace

AI Discovery

  • llms-full.txt — compact format (131 lines), all 25 endpoints with accurate response schemas
  • server-card.json — updated to 25 tools
  • Chinese market materials (mcp_listing_cn.md, /cn/ landing page)

Fixes

  • DKIM detection: parallel probing with 30-day date selectors (100/100 score)
  • phishing_check URL encoding fix
  • MCP tool name logging with PII sanitization
  • Removed false-positive platforms from username lookup

Infrastructure

  • 788 tests, ruff clean
  • CONTRIBUTING.md added
  • Dependabot updates: uvicorn 0.43.0, phonenumbers 9.0.27, fastapi 0.135.3

https://api.contrastcyber.com

Loading

v1.0.1

04 Apr 00:38
@UPinar UPinar
v1.0.1
6c1648d

Choose a tag to compare

View all tags
v1.0.1

ContrastAPI v1.0.1

Fixed

  • Welcome page race condition — Lemon Squeezy checkout now polls for webhook arrival before displaying the API key, preventing "invalid order" errors
  • XSSorder_id in JS context now uses |tojson filter
  • TOCTOUget_and_clear_pending_key uses BEGIN IMMEDIATE for true atomicity

Added

  • GET /api/check-key — polling endpoint for webhook readiness (10 req/min)
  • 3-way welcome logic: key shown / already claimed / polling spinner
  • pending_key_created_at column with 24h auto-cleanup via maintenance cron
  • Network error feedback + support email link on timeout
  • 8 new tests (603 total)

https://api.contrastcyber.com

Loading

v1.0.0

01 Apr 19:12
@UPinar UPinar
v1.0.0
f9fa097

Choose a tag to compare

View all tags
v1.0.0

ContrastAPI v1.0.0

Threat intelligence API platform — Python FastAPI.

Features

  • CVE/EPSS: Lookup, search, recent CVEs, KEV catalog, EPSS scores
  • Domain Intel: DNS records, WHOIS, subdomains, CT logs, SSL certificates, tech fingerprinting, domain reputation scoring
  • Threat Feeds: IP reputation, GreyNoise, Shodan, AbuseIPDB integration (24h cache)
  • IOC: Hash lookup, IP lookup, phishing check, password breach check
  • CodeSec: Header analysis, injection detection, secret scanning, dependency checks
  • MCP: Machine-readable API for AI agents (stdio + SSE)
  • Rate Limiting: 100/hr free, 1000/hr pro with API keys
  • Tests: 581 tests
  • Deploy: Nginx configs, systemd services, CI/CD with GitHub Actions

https://api.contrastcyber.com

Loading