Is Contrastapi safe to use?

Contrastapi has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Contrastapi?

Contrastapi can be installed by cloning its GitHub repository and following the setup instructions in the README.

What can Contrastapi do?

Contrastapi provides 33 tools: domain_report, dns_lookup, whois_lookup, subdomain_enumeration, certificate_transparency and 28 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Contrastapi?

Contrastapi is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is Contrastapi actively maintained?

Contrastapi is actively maintained — last commit was 0 days ago. It has 15 GitHub stars.

ContrastAPI

Security intelligence API and MCP server for AI agents. 25 MCP tools / 35+ endpoints: CVE lookup with EPSS/KEV enrichment, domain reconnaissance, SSL analysis, IP reputation (AbuseIPDB, Shodan), IOC/malware lookup, exploit search, technology fingerprinting, email security, phone validation, and code security scanning. Free, no API key required.

English | 中文

Live: api.contrastcyber.com | Quick Start: API · MCP · VS Code | Docs: Endpoints | Scanner: contrastcyber.com | Blog: I Built 25 Security Tools That AI Agents Can Use

Use with AI Agents

VS Code Extension: Install ContrastAPI from the Marketplace — 25 security tools in your editor, no API key required.

MCP Setup for Claude Desktop, Cursor, VS Code, Windsurf: MCP Setup Guide

Then ask your AI:

Recon & Domain

"Run a full security audit on example.com"
"What are the DNS records for example.com?"
"Is the SSL certificate on example.com expiring soon?"
"What technologies does example.com use?"
"Check the security headers on example.com"
"Find all subdomains of example.com"
"Who registered example.com and when does it expire?"
"Does example.com have proper SPF and DMARC records?"

CVE & Exploits

"Look up CVE-2024-3094 — is it being exploited in the wild?"
"Find critical Apache vulnerabilities from the last 6 months"
"Are there public exploits for CVE-2021-44228?"

IP & Network

"Is 8.8.8.8 malicious? Check its reputation"
"What ASN does 1.1.1.1 belong to?"

Threat Intelligence

"Check example.com for known malware URLs"
"Enrich this IOC: 185.220.101.1"
"Check if http://evil-example.test/login is a phishing URL"
"Has this password been exposed in a data breach?"
"Is this file hash known malware? a1b2c3d4..."

Code Security

"Check this code for hardcoded API keys and secrets"
"Scan this function for SQL injection vulnerabilities"
"Validate these HTTP security headers: Content-Security-Policy, X-Frame-Options"

Contact Validation

"Is user@example.com a disposable email?"
"Look up this phone number: +1-555-0123"
"Find accounts for username 'johndoe' across platforms"

Quick Start

Node.js SDK

npm install contrastapi

const api = require("contrastapi")();

const report = await api.domain.report("example.com");
const cve = await api.cve.lookup("CVE-2024-3094");
const ssl = await api.domain.ssl("example.com");
const headers = await api.scan.headers("example.com");

With API key (Pro): const api = require("contrastapi")({ apiKey: "your-key" });

Full SDK docs: [sdk/node/](sdk/node

... View full README on GitHub

Contrastapi

Quick Install

Should you use this server?

Score Breakdown

MCPpedia Score

Test This Server

Tools (33)

Security

Reviews

Frequently Asked Questions

Similar servers

Sequential Thinking MCP Server

Arxiv Mcp Server

Gemini Cli

Python Sdk

Discussion

ContrastAPI

Use with AI Agents

Quick Start

Node.js SDK