ContrastAPI
by
Provides security intelligence tools for AI agents, offering CVE/KEV/CWE lookup with EPSS, domain and IP audit, IOC enrichment, code security analysis, and MITRE ATLAS and D3FEND data through a free MCP server that requires no API key.
ContrastAPI Overview
What is ContrastAPI about?
ContrastAPI delivers a suite of 42 security‑focused tools accessible via the Model Context Protocol (MCP). It aggregates vulnerability data (CVE, KEV, CWE), threat intelligence (IOC, IP, domain), and MITRE knowledge bases (ATLAS for AI/ML attacks and D3FEND for defenses) to enable AI agents to reason about cyber risks without manual querying.
How to use ContrastAPI?
- MCP client configuration – add the following JSON to your MCP settings:
{
"mcpServers": {
"contrastapi": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
}
}
}
- Restart your agent or MCP client.
- Call the REST endpoints directly, e.g.:
curl https://api.contrastcyber.com/v1/cve/CVE-2021-44228
curl https://api.contrastcyber.com/v1/atlas/AML.T0051
curl https://api.contrastcyber.com/v1/d3fend/attack/T1059
- In an agent prompt, ask natural‑language queries such as:
- “Is CVE‑2024‑3094 exploited in the wild? Check EPSS and KEV, then return the related CWE.”
- “Explain LLM Prompt Injection from MITRE ATLAS and map it to D3FEND mitigations.”
Key features of ContrastAPI
- Comprehensive vulnerability lookup – CVE, KEV, CWE with EPSS risk scores.
- Domain and IP threat reports – SSRF‑safe DNS and RDAP queries.
- IOC enrichment – Pulls data from CT logs, URLhaus, etc.
- MITRE ATLAS integration – Catalog of AI/ML attack techniques.
- MITRE D3FEND mapping – Direct connections to defensive controls.
- Verdict metadata – Deterministic information, data age, source provenance, and pivot hints for workflow chaining.
- Free tier – No API key, 100 credits per hour.
- OpenAPI spec & playground – Easy discovery and testing.
Use cases of ContrastAPI
- Automated vulnerability assessment for CI/CD pipelines powered by AI agents.
- Threat‑intel enrichment in SOC automation, where agents fetch IOC context and suggest next investigative steps.
- AI model risk analysis – Identify LLM‑specific attack vectors via ATLAS and retrieve corresponding D3FEND mitigations.
- Security‑focused chatbots – Answer user queries about CVEs, exploit likelihood, and remediation guidance without hard‑coding data sources.
- Multi‑agent orchestration – Agents can follow
next_callspivot hints to build end‑to‑end security workflows.
FAQ from the ContrastAPI
Q: Do I need an API key? A: No. The public endpoint is free and rate‑limited to 100 credits per hour.
Q: Which programming languages are supported? A: Any language that can make HTTP requests. SDKs are provided for Node.js, Python (mcp‑python‑sdk), and a VS Code extension.
Q: How many tools are available? A: 42 distinct security tools covering vulnerability data, OSINT, MITRE ATLAS, and D3FEND.
Q: Can I self‑host the server?
A: Yes. Clone the repository, install Python 3.12, FastAPI, and run uvicorn app.main:app as described in the README.
Q: What does the verdict block contain?
A: Fields such as deterministic, data_age_seconds, sources_queried, and completeness to let downstream agents verify and re‑derive the response.
ContrastAPI's README
ContrastAPI — 42 Security Tools for AI Agents
Security intelligence MCP server for AI agents. CVE/KEV/CWE lookup with EPSS, domain audit, IP threat reports, IOC enrichment, code security, MITRE ATLAS (AI/ML attacks) + D3FEND (defenses). 42 tools, free, no API key, 100 credits/hour.
中文 · Live: api.contrastcyber.com
Setup (MCP)
{
"mcpServers": {
"contrastapi": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
}
}
}
Restart your agent. Other clients (Node SDK, cURL, VS Code): mcp-setup · quickstart
Try it
curl https://api.contrastcyber.com/v1/cve/CVE-2021-44228
curl https://api.contrastcyber.com/v1/atlas/AML.T0051 # MITRE ATLAS — LLM Prompt Injection
curl https://api.contrastcyber.com/v1/d3fend/attack/T1059 # D3FEND defenses for ATT&CK T1059
Or ask your agent:
- "Is CVE-2024-3094 exploited in the wild? Check EPSS + KEV, then look up the underlying CWE."
- "Explain LLM Prompt Injection in MITRE ATLAS and bridge it to D3FEND defenses."
- "For these ATT&CK techniques [T1059, T1190, T1550.001, T9999], which have NO D3FEND mitigation?"
Links
Endpoints: docs/ENDPOINTS.md · OpenAPI: openapi.json · Playground: /playground
git clone https://github.com/UPinar/contrastapi.git
cd contrastapi && python3 -m venv venv && venv/bin/pip install -r requirements.txt
cd app && ../venv/bin/uvicorn main:app --port 8002
cd app && python -m pytest tests/ -q # 1263 tests
Python 3.12 · FastAPI · uvicorn · mcp-python-sdk Streamable HTTP at /mcp · SQLite WAL · dnspython with SSRF-safe backend.
Smithery · npm · VS Code Marketplace · Awesome OSINT MCP · RapidAPI
Responses include a verdict block — deterministic, falsifiable_fields, data_age_seconds, sources_queried / sources_unavailable, completeness — so a verifier agent can independently re-derive specific fields from the upstream authority (NVD, RDAP, CT logs, URLhaus). Probe GET /v1/capabilities for "verdict_metadata": true.
CVE responses also embed next_calls: list[PivotHint] — {tool, input, reason} triples that suggest the next MCP tool to call (e.g. kev_detail when kev.in_kev=true, cwe_lookup when cwe_id is set). Agents chain workflows without manual prompting.
MIT
ContrastAPI Reviews
Login Required
Please log in to share your review and rating for this MCP.
Similar MCP Servers like ContrastAPI
Explore related MCPs that share similar capabilities and solve comparable challenges
SafeLine
by chaitin
A self‑hosted web application firewall and reverse proxy that protects web applications from attacks and exploits by filtering, monitoring, and blocking malicious HTTP/S traffic.
SafeDep Vet
by safedep
Provides enterprise‑grade open source software supply chain security by scanning source code, dependencies, containers and SBOMs, detecting vulnerabilities and malicious packages, and enforcing policy as code.
Semgrep MCP Server
by semgrep
Offers an MCP server that lets LLMs, agents, and IDEs run Semgrep scans to detect security vulnerabilities in source code.
Burp MCP Server
by PortSwigger
Enables Burp Suite to communicate with AI clients via the Model Context Protocol, providing an MCP server and bundled stdio proxy.
Wazuh MCP Remote Server
by gensecaihq
Provides AI‑driven conversational access to Wazuh SIEM data, allowing natural‑language queries, threat analysis, incident triage, and compliance checks through a Model Context Protocol‑compliant remote server.
Cycode CLI
by cycodehq
Boost security in the development lifecycle via SAST, SCA, secrets, and IaC scanning.
Bugsy
by mobb-dev
Provides automatic security vulnerability remediation for code via a command‑line interface and an MCP server, leveraging findings from popular SAST tools such as Checkmarx, CodeQL, Fortify, and Snyk.
Keycloak MCP Server
by ChristophEnglisch
Provides AI‑powered administration of Keycloak users and realms through the Model Context Protocol, enabling automated creation, deletion, and listing of users and realms from MCP clients such as Claude Desktop.
Check Point MCP Servers
by CheckPointSW
A collection of Model Context Protocol servers for Check Point security platforms, exposing structured security data through TypeScript packages.