ContrastAPI
**ContrastAPI** — security intelligence + OSINT API and **MCP server for AI agents**. 42 live tools, 50+ endpoints, no API key required for the free tier (100 req/hr per IP). **Live MCP server:** `https://api.contrastcyber.com/mcp/` (Streamable HTTP, listed in the official MCP Registry as `com.contrastcyber/api`, DNS-verified, isLatest=1.20.0). ### Tool categories (42 MCP tools) - **CVE…
2 subscribers
8.5/10 popularity
2015 ms avg latency
91% success rate
50 endpoints
The in-depth APIMemo review for this API hasn't been published yet —
the data below comes straight from the public marketplace listing.
ContrastAPI endpoints
| Method | Endpoint | Description |
|---|---|---|
| Meta | ||
| GET |
api_usage /v1/usage |
Usage statistics for API key holders. |
| GET |
api_capabilities /v1/capabilities |
Machine-readable catalog of all MCP tools and REST endpoints. |
| GET |
api_status /v1/status |
API health check and data freshness. |
| GET |
privacy_my_data /v1/privacy/my-data |
Return everything this API has stored about you. GDPR-style transparency. Shows the hashed IP, Pro key record (if any), and last-24h endpoint usage. The raw domains, IPs, CVEs,… |
| Domain Intelligence | ||
| GET |
email_mx /v1/email/mx/{domain} |
Email MX analysis — mail provider detection, SPF/DMARC/DKIM check, security grade. |
| GET |
dns_records /v1/dns/{domain} |
DNS record lookup: A, AAAA, MX, NS, TXT, CNAME, SOA. |
| GET |
email_disposable /v1/email/disposable/{email} |
Check if an email uses a disposable/temporary email provider. |
| GET |
domain_vulns /v1/domain/{domain}/vulns |
Tech stack vulnerability scan — detect technologies, then look up CVEs for each. |
| GET |
threat_report /v1/threat-report/{ip} |
Comprehensive IP threat report — Shodan InternetDB + AbuseIPDB + Shodan full + ASN in a single call. Aggregates open ports, vulnerabilities, abuse reports, geolocation, ASN… |
| GET |
domain_report /v1/domain/{domain} |
Full domain intelligence report with DNS, WHOIS, SSL, subdomains, WAF. Use ?lite=true for fast subset. |
| GET |
subdomain_enum /v1/subdomains/{domain} |
Subdomain enumeration via DNS brute force + certificate transparency. |
| GET |
audit_domain /v1/audit/{domain} |
Comprehensive domain audit — full intelligence report + technology fingerprint + live HTTP headers in a single call. Aggregates DNS, SSL, WHOIS, subdomains, threat intelligence,… |
| GET |
wayback_lookup /v1/archive/{domain} |
Web archive lookup — historical snapshots from the Wayback Machine. |
| GET |
whois_lookup /v1/whois/{domain} |
WHOIS registration data for a domain. |
| GET |
ssl_certificate /v1/ssl/{domain} |
SSL certificate details with grade, chain, cipher, and protocol information. |
| GET |
ct_logs /v1/certs/{domain} |
Certificate transparency log lookup. |
| GET |
phone_lookup /v1/phone/{number} |
Phone number validation and intelligence — format, country, type, carrier, timezone. |
| GET |
threat_intel /v1/threat/{domain} |
Threat intelligence — check domain against URLhaus for known malware URLs. |
| GET |
asn_lookup /v1/asn/{target} |
ASN lookup — resolve target (domain or IP) to its Autonomous System Number, holder name, and announced prefixes. |
| GET |
ip_lookup /v1/ip/{ip} |
IP intelligence — reverse DNS, ASN + country (RIPE Stat), open ports, vulnerabilities, hostnames (Shodan InternetDB), cloud provider + is_datacenter flag, Tor exit detection,… |
| POST |
bulk_domain_report /v1/domains/bulk |
Bulk domain intelligence — up to 10 domains (free) or 50 (pro). Each domain counts as 1 request toward rate limit. |
| GET |
tech_fingerprint /v1/tech/{domain} |
Technology fingerprinting — detect CMS, frameworks, servers, CDNs, analytics. |
| GET |
domain_monitor /v1/monitor/{domain} |
Lightweight health check — DNS up/down, SSL status, risk grade from cache. Designed for high-frequency polling. |
| GET |
username_lookup /v1/username/{username} |
Username OSINT — check if a username exists on 16 platforms (GitHub, Reddit, X, etc.). |
| CVE Intelligence | ||
| GET |
exploit_lookup /v1/exploit/{cve_id} |
Search for public exploits and advisories related to a CVE. |
| POST |
bulk_cve_lookup /v1/cves/bulk |
Bulk CVE lookup — up to 10 CVEs (free) or 50 (pro). Each CVE counts as 1 request toward rate limit. |
| GET |
cwe_lookup /v1/cwe/{cwe_id} |
Look up a MITRE CWE (Common Weakness Enumeration) catalog record. Returns description, abstract type, status, likelihood of exploit, recommended mitigations, observed example… |
| GET |
cve_leading /v1/cve/leading |
CVEs indexed from MITRE/GHSA before NVD has enriched them. These are vulnerabilities we know about that NVD hasn't published yet — our unique early-warning feed. |
| GET |
cve_search /v1/cves |
Search CVEs by product, severity, date range, KEV status, and EPSS score. |
| GET |
cve_lookup /v1/cve/{cve_id} |
Look up a single CVE by ID. Returns full details with EPSS score and KEV status. |
| GET |
kev_detail /v1/kev/{cve_id} |
Look up CISA KEV (Known Exploited Vulnerabilities) full record for a CVE. Returns federal patch deadline (due_date), CISA-specified remediation (required_action), known… |
| Code Security | ||
| POST |
check_dependencies /v1/check/dependencies |
Check packages against the CVE database for known vulnerabilities. Up to 10 packages (free) or 50 (pro). Each package counts as 1 request toward rate limit. |
| POST |
check_headers /v1/check/headers |
Validate HTTP security headers (CSP, HSTS, X-Frame-Options, etc.). |
| GET |
scan_headers /v1/scan/headers/{domain} |
Fetch a domain's HTTP headers live and analyze security posture. |
| POST |
check_injection /v1/check/injection |
Detect SQL injection, command injection, and path traversal patterns in source code. |
| POST |
check_secrets /v1/check/secrets |
Detect hardcoded secrets (AWS keys, tokens, passwords, etc.) in source code. |
| Threat Intelligence | ||
| POST |
bulk_ioc_lookup /v1/iocs/bulk |
Bulk IOC enrichment — up to 10 indicators (free) or 50 (pro). Each indicator counts as 1 request toward rate limit. |
| GET |
hash_lookup /v1/hash/{file_hash} |
Malware file hash reputation lookup via MalwareBazaar. |
| GET |
password_check /v1/password/{sha1_hash} |
Password breach check via HIBP Pwned Passwords (k-anonymity). Send full SHA1 hash, get found + breach count. |
| GET |
ioc_lookup /v1/ioc/{indicator} |
Unified IOC enrichment — auto-detects type and queries abuse.ch feeds. Source coverage by type: hash → ThreatFox only; IP → ThreatFox + Feodo + URLhaus; domain / URL → ThreatFox… |
| GET |
phishing_check /v1/phishing/{url} |
Check if a URL is malicious via URLhaus (host + exact URL lookup). |
| MITRE ATLAS | ||
| GET |
atlas_technique_search /v1/atlas/techniques |
Search the MITRE ATLAS technique catalog by keyword, tactic, or maturity. Use this to discover AI/ML attack techniques relevant to a given threat model. Drill into… |
| POST |
bulk_atlas_technique_lookup /v1/atlas/techniques/bulk |
Bulk ATLAS technique lookup — up to 10 (free) / 50 (pro) technique ids in one call. Designed as the natural follow-up to atlas_case_study_lookup (which carries a list of… |
| GET |
atlas_technique_lookup /v1/atlas/{technique_id} |
Look up a MITRE ATLAS technique (AI/ML attack catalog). ATLAS catalogues adversarial techniques targeting AI/ML systems — LLM prompt injection, model evasion, training data… |
| GET |
atlas_case_study_lookup /v1/atlas/case-studies/{case_study_id} |
Look up a MITRE ATLAS case study — a real-world AI/ML attack incident. Each case study links a sequence of ATLAS techniques (techniques_used) to a documented incident. Use… |
| GET |
atlas_case_study_search /v1/atlas/case-studies |
Search ATLAS case studies by keyword or referenced technique. Useful when you've already identified a technique and want to see real-world incidents that exercised it. Returns… |
| MITRE D3FEND | ||
| GET |
d3fend_defense_lookup /v1/d3fend/{defense_id} |
Look up a MITRE D3FEND defense technique by slug. Returns the defense's tactic (one of 7 D3FEND tactics), targeted digital artifact, and the list of ATT&CK T-codes it mitigates… |
| GET |
d3fend_defense_search /v1/d3fend/defenses |
Search MITRE D3FEND defenses by keyword, tactic, or targeted artifact. Use this to discover defensive techniques relevant to a threat model. Drill via d3fend_defense_lookup with… |
| POST |
d3fend_attack_coverage /v1/d3fend/coverage |
Batch coverage breakdown: given a list of ATT&CK T-codes, return defense counts per tactic + identify undefended techniques. Use this to assess the defensive posture of an entire… |
| GET |
d3fend_defense_for_attack /v1/d3fend/attack/{attack_technique_id} |
Reverse lookup: given an ATT&CK T-code, list every D3FEND defense that mitigates it. This is the bridge from offensive intelligence (ATT&CK / ATLAS / CVE) to defensive playbook.… |
ContrastAPI pricing
| Plan | Price | Rate limit | Quotas |
|---|---|---|---|
| BASIC | Free | 100 / hour |
|
| PRO Recommended | $7 / month | 1000 / hour |
|
| MEGA | Free | — |
|
| MEGA | Free | — |
|
| MEGA | Free | — |
|
