Security intelligence MCP server for AI agents. CVE/KEV/CWE lookup with EPSS, composite risk scoring (CVSS+EPSS+KEV+PoC fusion — v1.29.1), CVSS v3.x vector parser (v1.29.1), domain audit, IP threat reports, IOC enrichment, code security, MITRE ATLAS (AI/ML attacks) + D3FEND (defenses), web intelligence (robots.txt, redirect-chain, email validation, brand-assets, SEO audit — v1.25.0). 53 tools + 7 Resources (ATLAS+D3FEND+CWE catalog browsing) + conditional triage Prompt, free, no API key, 30 credits/hour.
中文 · Live: api.contrastcyber.com
{
"mcpServers": {
"contrastapi": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
}
}
}Restart your agent. Other clients (Python SDK, Node SDK, cURL, VS Code): mcp-setup · quickstart
pip install contrastapi # Python 3.10+ — sync + async, typed responses, shortcut helpers
npm install contrastapi # Node 14+ — concrete TypeScript types, 14 namespacesBoth SDKs cover all 60+ HTTP endpoints / 53 MCP tools (CVE/KEV/CWE, ATLAS, D3FEND, Sigma rules, email security posture, domain, IP, IOC, code-security, web-intel, etc.) with the same wire-exact response shapes and a typed exception hierarchy mirroring the v1.22.2+ error envelope. v1.23.0 adds MCP Resources (ATLAS+D3FEND+CWE catalog browsing — see docs/resources.md) and a conditional triage Prompt (see docs/PROMPTS.md#contrast-triage-v1230). v1.25.0 adds 5 web-intelligence tools (robots_txt, redirect_chain, email_verify, brand_assets, seo_audit) with explicit ethical-floor guardrails (per-target eTLD+1 throttle, robots.txt respected, no SMTP probing).
curl 'https://api.contrastcyber.com/v1/cves?product=openssl&kev=true' # cve_search — CVEs by product, KEV-only filter
curl https://api.contrastcyber.com/v1/domain/example.com # domain_report — DNS+WHOIS+SSL+subdomains+intel, one call
curl https://api.contrastcyber.com/v1/cve/CVE-2021-44228 # cve_lookup — full record (CVSS+EPSS+KEV+CWE)
curl https://api.contrastcyber.com/v1/exploit/CVE-2021-44228 # exploit_lookup — public PoC / exploit availability
curl https://api.contrastcyber.com/v1/ip/1.1.1.1 # ip_lookup — reputation, geo, ASN, threat intelOr ask your agent:
- "Search for KEV-listed OpenSSL CVEs, then pull the full record for the highest-EPSS one."
- "Run a full domain report for example.com — DNS, WHOIS, SSL, subdomains, and threat intel in one call."
- "Does CVE-2021-44228 have a public exploit or PoC available?"
- "What's the reputation, country, and ASN for 1.1.1.1 — is it flagged in any threat feed?"
Endpoints: docs/ENDPOINTS.md · OpenAPI: openapi.json · Playground: /playground
Also available on
Smithery · npm · VS Code Marketplace · Awesome OSINT MCP · RapidAPI
Multi-agent verdict metadata
Responses include a verdict block — deterministic, falsifiable_fields, data_age_seconds, sources_queried / sources_unavailable, completeness — so a verifier agent can independently re-derive specific fields from the upstream authority (NVD, RDAP, CT logs, URLhaus). Probe GET /v1/capabilities for "verdict_metadata": true.
CVE responses also embed next_calls: list[PivotHint] — {tool, input, reason} triples that suggest the next MCP tool to call (e.g. kev_detail when kev.in_kev=true, cwe_lookup when cwe_id is set). Agents chain workflows without manual prompting.
MIT