# ContrastAPI Security intelligence MCP server for AI agents. 25 tools: CVE/EPSS/KEV lookup, domain recon (DNS, WHOIS, SSL, subdomains, WAF, Wayback), IP reputation, threat intel, username OSINT, and code security… ## Quick Start ```bash # Connect this server (installs CLI if needed) npx -y @smithery/cli@latest mcp add contrastcyber/contrastapi # Browse available tools npx -y @smithery/cli@latest tool list contrastcyber/contrastapi # Get full schema for a tool npx -y @smithery/cli@latest tool get contrastcyber/contrastapi domain_report # Call a tool npx -y @smithery/cli@latest tool call contrastcyber/contrastapi domain_report '{}' ``` ## Direct MCP Connection Endpoint: `https://contrastapi--contrastcyber.run.tools` **Optional config:** - `apiKey` (header) — Optional API key for higher rate limits (1000/hr vs 100/hr free) ## Tools (25) - `domain_report` — Full security report for a domain — DNS, WHOIS, SSL, subdomains, reputation, risk score. - `dns_lookup` — DNS records for a domain — A, AAAA, MX, NS, TXT, CNAME, SOA. - `whois_lookup` — WHOIS registration data — registrar, creation date, expiry, nameservers. - `ssl_check` — SSL/TLS certificate analysis — cipher suite, chain, expiry, grade. - `subdomain_enum` — Subdomain enumeration via DNS brute-force and certificate transparency. - `tech_fingerprint` — Technology fingerprinting — CMS, frameworks, CDN, analytics, server. - `threat_intel` — Threat intelligence for a domain — URLhaus malware URL check. - `wayback_lookup` — Web archive history — snapshots from the Wayback Machine showing when a domain was first seen and how it changed over t… - `scan_headers` — Live HTTP security header scan — CSP, HSTS, X-Frame-Options, etc. - `email_mx` — Email MX analysis — mail provider detection, SPF/DMARC/DKIM check, security grade. - `email_disposable` — Check if an email uses a disposable/temporary email provider. - `phone_lookup` — Phone number validation and intelligence — format, country, type, carrier, timezone. - `ip_lookup` — IP intelligence — PTR, ports, hostnames, vulnerabilities, reputation. - `asn_lookup` — ASN lookup — AS number, holder, IPv4/IPv6 prefixes. - `cve_lookup` — CVE details — description, CVSS, EPSS score, KEV status, affected products. - `cve_search` — Search CVEs by product, severity, or date range. - `exploit_lookup` — Find public exploits for a CVE — GitHub Advisory, ExploitDB. - `ioc_lookup` — IOC enrichment — auto-detects IP, domain, URL, or file hash and queries ThreatFox/URLhaus/Feodo. - `hash_lookup` — Malware hash reputation via MalwareBazaar — family, file type, tags. - `password_check` — Check if a password has been exposed in data breaches via HIBP (k-anonymity, safe). - `phishing_check` — Check if a URL is a known phishing/malware URL via URLhaus. - `check_secrets` — Detect hardcoded secrets in source code — AWS keys, tokens, passwords. - `check_injection` — Detect SQL injection, command injection, and path traversal vulnerabilities. - `username_lookup` — Username OSINT — check if a username exists on 16 platforms (GitHub, Reddit, X, Instagram, etc.). - `check_headers` — Validate HTTP security headers — CSP, HSTS, X-Frame-Options, etc. ```bash # Get full input/output schema for a tool npx -y @smithery/cli@latest tool get contrastcyber/contrastapi ``` ## Prompts (2) - `security_audit` (domain) — Run a full security audit on a domain — combines domain report, SSL, headers, and threat intel. - `vulnerability_check` (product) — Check recent vulnerabilities and exploits for a product.