{"id":47732853,"url":"https://github.com/upinar/contrastapi","last_synced_at":"2026-05-17T19:09:55.998Z","repository":{"id":349018201,"uuid":"1193641505","full_name":"UPinar/contrastapi","owner":"UPinar","description":"Security intelligence MCP server for AI agents — 47 tools + 7 Resources + 3 Prompts: CVE/EPSS/KEV (340K+), MITRE CWE/ATLAS/D3FEND, domain recon, IOC threat intel, OSINT, code security, web intelligence (robots.txt, redirects, email verify, brand, SEO). Free, no API key, 100 req/hr.","archived":false,"fork":false,"pushed_at":"2026-05-08T15:34:20.000Z","size":3358,"stargazers_count":23,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-08T15:36:52.720Z","etag":null,"topics":["ai-agents","ai-security","api","claude","cve","cybersecurity","domain-recon","email-validation","llm-tools","mcp","mitre-atlas","mitre-d3fend","model-context-protocol","osint","security","threat-intelligence","vulnerability-management","web-intel"],"latest_commit_sha":null,"homepage":"https://api.contrastcyber.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/UPinar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"UPinar"}},"created_at":"2026-03-27T12:45:44.000Z","updated_at":"2026-05-08T15:34:24.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/UPinar/contrastapi","commit_stats":null,"previous_names":["upinar/contrastapi"],"tags_count":47,"template":false,"template_full_name":null,"purl":"pkg:github/UPinar/contrastapi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UPinar%2Fcontrastapi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UPinar%2Fcontrastapi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UPinar%2Fcontrastapi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UPinar%2Fcontrastapi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/UPinar","download_url":"https://codeload.github.com/UPinar/contrastapi/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/UPinar%2Fcontrastapi/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33075226,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-15T11:35:32.926Z","status":"ssl_error","status_checked_at":"2026-05-15T11:35:31.362Z","response_time":103,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","ai-security","api","claude","cve","cybersecurity","domain-recon","email-validation","llm-tools","mcp","mitre-atlas","mitre-d3fend","model-context-protocol","osint","security","threat-intelligence","vulnerability-management","web-intel"],"created_at":"2026-04-02T21:57:52.842Z","updated_at":"2026-05-17T19:09:55.992Z","avatar_url":"https://github.com/UPinar.png","language":"Python","funding_links":["https://github.com/sponsors/UPinar"],"categories":[],"sub_categories":[],"readme":"# ContrastAPI — 53 Security Tools + 7 MCP Resources for AI Agents\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"app/static/banner.png\" alt=\"ContrastAPI Banner\" width=\"100%\"\u003e\n\u003c/p\u003e\n\n[![MCP](https://img.shields.io/badge/MCP-53_tools-purple.svg)](https://modelcontextprotocol.io)\n[![smithery badge](https://smithery.ai/badge/contrastcyber/contrastapi)](https://smithery.ai/servers/contrastcyber/contrastapi)\n[![contrastapi MCP server](https://glama.ai/mcp/servers/UPinar/contrastapi/badges/score.svg)](https://glama.ai/mcp/servers/UPinar/contrastapi)\n[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)\n\n**Security intelligence MCP server for AI agents.** CVE/KEV/CWE lookup with EPSS, **composite risk scoring (CVSS+EPSS+KEV+PoC fusion — v1.29.1)**, **CVSS v3.x vector parser (v1.29.1)**, domain audit, IP threat reports, IOC enrichment, code security, **MITRE ATLAS (AI/ML attacks) + D3FEND (defenses)**, **web intelligence (robots.txt, redirect-chain, email validation, brand-assets, SEO audit — v1.25.0)**. **53 tools + 7 Resources (ATLAS+D3FEND+CWE catalog browsing) + conditional triage Prompt, free, no API key, 30 credits/hour.**\n\n[中文](README_CN.md) · **Live:** [api.contrastcyber.com](https://api.contrastcyber.com)\n\n---\n\n## Setup (MCP)\n\n```json\n{\n  \"mcpServers\": {\n    \"contrastapi\": {\n      \"command\": \"npx\",\n      \"args\": [\"-y\", \"mcp-remote\", \"https://api.contrastcyber.com/mcp/\"]\n    }\n  }\n}\n```\n\nRestart your agent. Other clients (Python SDK, Node SDK, cURL, VS Code): **[mcp-setup](https://api.contrastcyber.com/mcp-setup)** · **[quickstart](https://api.contrastcyber.com/quickstart)**\n\n## SDKs\n\n```bash\npip install contrastapi      # Python 3.10+ — sync + async, typed responses, shortcut helpers\nnpm install contrastapi      # Node 14+ — concrete TypeScript types, 14 namespaces\n```\n\nBoth SDKs cover all 60+ HTTP endpoints / 53 MCP tools (CVE/KEV/CWE, ATLAS, D3FEND, Sigma rules, email security posture, domain, IP, IOC, code-security, web-intel, etc.) with the same wire-exact response shapes and a typed exception hierarchy mirroring the v1.22.2+ error envelope. v1.23.0 adds MCP Resources (ATLAS+D3FEND+CWE catalog browsing — see [docs/resources.md](docs/resources.md)) and a conditional triage Prompt (see [docs/PROMPTS.md#contrast-triage-v1230](docs/PROMPTS.md)). v1.25.0 adds 5 web-intelligence tools (`robots_txt`, `redirect_chain`, `email_verify`, `brand_assets`, `seo_audit`) with explicit ethical-floor guardrails (per-target eTLD+1 throttle, robots.txt respected, no SMTP probing).\n\n## Try it\n\n```bash\ncurl 'https://api.contrastcyber.com/v1/cves?product=openssl\u0026kev=true'  # cve_search — CVEs by product, KEV-only filter\ncurl https://api.contrastcyber.com/v1/domain/example.com         # domain_report — DNS+WHOIS+SSL+subdomains+intel, one call\ncurl https://api.contrastcyber.com/v1/cve/CVE-2021-44228         # cve_lookup — full record (CVSS+EPSS+KEV+CWE)\ncurl https://api.contrastcyber.com/v1/exploit/CVE-2021-44228     # exploit_lookup — public PoC / exploit availability\ncurl https://api.contrastcyber.com/v1/ip/1.1.1.1                 # ip_lookup — reputation, geo, ASN, threat intel\n```\n\nOr ask your agent:\n\n- *\"Search for KEV-listed OpenSSL CVEs, then pull the full record for the highest-EPSS one.\"*\n- *\"Run a full domain report for example.com — DNS, WHOIS, SSL, subdomains, and threat intel in one call.\"*\n- *\"Does CVE-2021-44228 have a public exploit or PoC available?\"*\n- *\"What's the reputation, country, and ASN for 1.1.1.1 — is it flagged in any threat feed?\"*\n\n## Links\n\n**Endpoints:** [docs/ENDPOINTS.md](docs/ENDPOINTS.md) · **OpenAPI:** [openapi.json](https://api.contrastcyber.com/openapi.json) · **Playground:** [/playground](https://api.contrastcyber.com/playground)\n\n\u003cdetails\u003e\n\u003csummary\u003eAlso available on\u003c/summary\u003e\n\n[Smithery](https://smithery.ai/servers/contrastcyber/contrastapi) · [npm](https://www.npmjs.com/package/contrastapi) · [VS Code Marketplace](https://marketplace.visualstudio.com/items?itemName=ContrastAPI.contrastapi) · [Awesome OSINT MCP](https://github.com/soxoj/awesome-osint-mcp-servers) · [RapidAPI](https://rapidapi.com/UPinar/api/contrastapi)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eMulti-agent verdict metadata\u003c/summary\u003e\n\nResponses include a `verdict` block — `deterministic`, `falsifiable_fields`, `data_age_seconds`, `sources_queried` / `sources_unavailable`, `completeness` — so a verifier agent can independently re-derive specific fields from the upstream authority (NVD, RDAP, CT logs, URLhaus). Probe `GET /v1/capabilities` for `\"verdict_metadata\": true`.\n\nCVE responses also embed `next_calls: list[PivotHint]` — `{tool, input, reason}` triples that suggest the next MCP tool to call (e.g. `kev_detail` when `kev.in_kev=true`, `cwe_lookup` when `cwe_id` is set). Agents chain workflows without manual prompting.\n\n\u003c/details\u003e\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fupinar%2Fcontrastapi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fupinar%2Fcontrastapi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fupinar%2Fcontrastapi/lists"}