Security intelligence MCP server for AI agents. CVE/KEV/CWE lookup with EPSS, domain audit, IP threat reports, IOC enrichment, code security, MITRE ATLAS (AI/ML attacks) + D3FEND (defenses), web intelligence (robots.txt, redirect-chain, email validation, brand-assets, SEO audit — v1.25.0). 47 tools + 7 Resources (ATLAS+D3FEND+CWE catalog browsing) + conditional triage Prompt, free, no API key, 100 credits/hour.
中文 · Live: api.contrastcyber.com
{
"mcpServers": {
"contrastapi": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
}
}
}Restart your agent. Other clients (Python SDK, Node SDK, cURL, VS Code): mcp-setup · quickstart
pip install contrastapi # Python 3.10+ — sync + async, typed responses, shortcut helpers
npm install contrastapi # Node 14+ — concrete TypeScript types, 14 namespacesBoth SDKs cover all 55+ HTTP endpoints / 47 MCP tools (CVE/KEV/CWE, ATLAS, D3FEND, domain, IP, IOC, code-security, web-intel, etc.) with the same wire-exact response shapes and a typed exception hierarchy mirroring the v1.22.2+ error envelope. v1.23.0 adds MCP Resources (ATLAS+D3FEND+CWE catalog browsing — see docs/resources.md) and a conditional triage Prompt (see docs/PROMPTS.md#contrast-triage-v1230). v1.25.0 adds 5 web-intelligence tools (robots_txt, redirect_chain, email_verify, brand_assets, seo_audit) with explicit ethical-floor guardrails (per-target eTLD+1 throttle, robots.txt respected, no SMTP probing).
curl https://api.contrastcyber.com/v1/cve/CVE-2021-44228
curl https://api.contrastcyber.com/v1/atlas/AML.T0051 # MITRE ATLAS — LLM Prompt Injection
curl https://api.contrastcyber.com/v1/d3fend/attack/T1059 # D3FEND defenses for ATT&CK T1059Or ask your agent:
- "Is CVE-2024-3094 exploited in the wild? Check EPSS + KEV, then look up the underlying CWE."
- "Explain LLM Prompt Injection in MITRE ATLAS and bridge it to D3FEND defenses."
- "For these ATT&CK techniques [T1059, T1190, T1550.001, T9999], which have NO D3FEND mitigation?"
Endpoints: docs/ENDPOINTS.md · OpenAPI: openapi.json · Playground: /playground
Self-host / tests / stack
git clone https://github.com/UPinar/contrastapi.git
cd contrastapi && python3 -m venv venv && venv/bin/pip install -r requirements.txt
cd app && ../venv/bin/uvicorn main:app --port 8002
cd app && python -m pytest tests/ -q # 1886 testsPython 3.12 · FastAPI · uvicorn · mcp-python-sdk Streamable HTTP at /mcp · SQLite WAL · dnspython with SSRF-safe backend.
Also available on
Smithery · npm · VS Code Marketplace · Awesome OSINT MCP · RapidAPI
Multi-agent verdict metadata
Responses include a verdict block — deterministic, falsifiable_fields, data_age_seconds, sources_queried / sources_unavailable, completeness — so a verifier agent can independently re-derive specific fields from the upstream authority (NVD, RDAP, CT logs, URLhaus). Probe GET /v1/capabilities for "verdict_metadata": true.
CVE responses also embed next_calls: list[PivotHint] — {tool, input, reason} triples that suggest the next MCP tool to call (e.g. kev_detail when kev.in_kev=true, cwe_lookup when cwe_id is set). Agents chain workflows without manual prompting.
MIT