loading…
Весь каталог
Contrastapi
БесплатноSecurity intelligence API for AI models. CVE lookup with EPSS/KEV, domain recon (DNS, WHOIS, SSL, subdomains, WAF), and code security checks (secrets, injection
автор: UPinar
Описание
Security intelligence API for AI models. CVE lookup with EPSS/KEV, domain recon (DNS, WHOIS, SSL, subdomains, WAF), and code security checks (secrets, injection, headers). 16 tools, no API key required.
README
MCP smithery badge contrastapi MCP server License: MIT
Security intelligence MCP server for AI agents. CVE/KEV/CWE lookup with EPSS, domain audit, IP threat reports, IOC enrichment, code security. 33 tools, free, no API key, 100 credits/hour.
中文 · Live: api.contrastcyber.com
Setup (MCP)
{
"mcpServers": {
"contrastapi": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
}
}
}
Restart your agent. Other clients (Node SDK, cURL, VS Code): mcp-setup · quickstart
Try it
curl https://api.contrastcyber.com/v1/cve/CVE-2021-44228
curl https://api.contrastcyber.com/v1/audit/example.com
Or ask your agent: "Is CVE-2024-3094 exploited in the wild? Check EPSS + KEV, then look up the underlying CWE."
Links
Endpoints: docs/ENDPOINTS.md · OpenAPI: openapi.json · Playground: /playground
Self-host / tests / stack
git clone https://github.com/UPinar/contrastapi.git
cd contrastapi && python3 -m venv venv && venv/bin/pip install -r requirements.txt
cd app && ../venv/bin/uvicorn main:app --port 8002
cd app && python -m pytest tests/ -q # 1263 tests
Python 3.12 · FastAPI · uvicorn · mcp-python-sdk Streamable HTTP at /mcp · SQLite WAL · dnspython with SSRF-safe backend.
Also available on
Smithery · npm · VS Code Marketplace · Awesome OSINT MCP · RapidAPI
Multi-agent verdict metadata
Responses include a verdict block — deterministic, falsifiable_fields, data_age_seconds, sources_queried / sources_unavailable, completeness — so a verifier agent can independently re-derive specific fields from the upstream authority (NVD, RDAP, CT logs, URLhaus). Probe GET /v1/capabilities for "verdict_metadata": true.
CVE responses also embed next_calls: list[PivotHint] — {tool, input, reason} triples that suggest the next MCP tool to call (e.g. kev_detail when kev.in_kev=true, cwe_lookup when cwe_id is set). Agents chain workflows without manual prompting.
MIT
Как установить
Добавь это в claude_desktop_config.json и перезапусти Claude Desktop.
{
"mcpServers": {
"contrastapi": {
"command": "npx",
"args": []
}
}
}