ContrastAPI — Security Intelligence API

Web Intelligence

Single-page audits with explicit ethical floor: per-target eTLD+1 throttle (60/min), self-identifying UA, robots.txt respected, Cache-Control honoured, no SMTP probing.

GET /v1/robots/{domain} Parsed robots.txt — sitemaps, per-UA allow/disallow, crawl-delay (RFC 9309)

GET /v1/redirect/{url:path} Walk a URL's redirect chain hop-by-hop, SSRF-guarded at every hop

GET /v1/email/verify/{email} Combined email validation: syntax + MX + disposable + role + free-provider (no SMTP probe)

GET /v1/brand/{domain} Public brand assets from homepage <head>: favicon, og:image, theme-color, JSON-LD logo

GET /v1/seo/{domain} One-page SEO audit + 0-100 composite score (10 rules) + concrete missing_signals

Domain Intelligence

GET /v1/domain/{domain} Full domain report

GET /v1/audit/{domain} Full audit (report + tech + headers)

GET /v1/dns/{domain} DNS records

GET /v1/whois/{domain} WHOIS lookup

GET /v1/subdomains/{domain} Subdomain enumeration

GET /v1/certs/{domain} CT log certificates

GET /v1/ssl/{domain} SSL certificate details, grade, chain & cipher

GET /v1/threat/{domain} URLhaus threat intel

GET /v1/ip/{ip} IP intel + reputation (AbuseIPDB, Shodan)

GET /v1/tech/{domain} Technology fingerprinting (CMS, frameworks, CDN, analytics)

GET /v1/asn/{target} ASN lookup (AS number or IP)

GET /v1/email/mx/{domain} Mail provider detection + email security grade

GET /v1/email/disposable/{email} Disposable/temporary email check

GET /v1/phone/{number} Phone validation, carrier, country, timezone

GET /v1/username/{username} Username OSINT across 30+ sites (presence + breach hints)

GET /v1/archive/{domain} Wayback Machine snapshots — first/last seen, archive timeline

CVE Intelligence

GET /v1/cve/{cve_id} CVE details + EPSS + KEV

GET /v1/cve/{cve_id}/risk_score Composite risk score (CVSS+EPSS+KEV+PoC fusion, 0-100) + label + urgency

GET /v1/cvss/details?vector= Parse a CVSS v3.x vector into per-metric breakdown + recomputed score

GET /v1/cves?product=&severity=&published_after=&published_before=&kev=&epss_min=&sort=&offset= Search CVEs (paginated)

GET /v1/cve/leading Early-warning feed: CVEs MITRE/GHSA-indexed before NVD enrichment

GET /v1/exploit/{cve_id} Public exploits & advisories

GET /v1/kev/{cve_id} CISA KEV detail (federal patch deadline, ransomware, CWE list)

GET /v1/cwe/{cwe_id} MITRE CWE catalog (description, mitigations, parent/child chain)

MITRE ATLAS (AI/ML Threats)

GET /v1/atlas/{technique_id} ATLAS technique lookup (e.g. AML.T0051 LLM Prompt Injection)

GET /v1/atlas/techniques?keyword=&tactic=&maturity= Search ATLAS techniques (167 entries)

GET /v1/atlas/case-studies/{case_study_id} Real-world ML attack case study (e.g. AML.CS0009 ChatGPT Plugins)

GET /v1/atlas/case-studies?keyword= Search ATLAS case studies (57 entries)

POST /v1/atlas/techniques/bulk Bulk technique drill (up to 50 IDs per request)

MITRE D3FEND (Defense Mapping)

GET /v1/d3fend/{defense_id} Defense technique lookup (e.g. TokenBinding) with mapped ATT&CK techniques

GET /v1/d3fend/defenses?keyword=&tactic= Search D3FEND defenses (149 entries, 7 tactics)

GET /v1/d3fend/attack/{attack_technique_id} Reverse lookup: defenses for an ATT&CK technique (e.g. T1059)

POST /v1/d3fend/coverage Batch coverage map for a list of ATT&CK technique IDs

Threat Intelligence

GET /v1/ioc/{indicator} Unified IOC enrichment (IP, domain, URL, hash)

GET /v1/hash/{hash} Malware hash reputation (MalwareBazaar)

GET /v1/password/{sha1_hash} Password breach check (HIBP, found + count only)

GET /v1/phishing/{url} Phishing/malware URL check (URLhaus)

GET /v1/monitor/{domain} Lightweight domain health check

GET /v1/domain/{domain}/vulns Tech stack CVE scan

GET /v1/threat-report/{ip} IP threat report (Shodan + AbuseIPDB + ASN)

POST /v1/domains/bulk Bulk domain scan (up to 10 domains)

POST /v1/cves/bulk Bulk CVE lookup (free 10, pro 50 per request)

POST /v1/iocs/bulk Bulk IOC enrichment (free 10, pro 50 per request)

Code Security

POST /v1/check/headers Validate HTTP headers

POST /v1/check/secrets Detect hardcoded secrets

POST /v1/check/injection SQL/cmd injection patterns

POST /v1/check/dependencies Check packages for CVEs (free 10, pro 50 per request)

GET /v1/scan/headers/{domain} Live header security scan

Operations

GET /v1/status API health + data freshness

GET /v1/usage Your usage stats (Pro)

30-Second Setup

1. MCP (Claude / Cursor / VS Code)

{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote",
        "https://api.contrastcyber.com/mcp/"]
    }
  }
}

Full MCP guide →

2. SDKs Python · Node

pip install contrastapi
npm install contrastapi

from contrastapi import ContrastAPI
c = ContrastAPI()
c.cve.lookup("CVE-2024-3094")
c.atlas.bulk_technique_lookup(["AML.T0051"])

PyPI → · npm →

3. cURL

curl https://api.contrastcyber.com\
  /v1/audit/example.com

curl https://api.contrastcyber.com\
  /v1/cve/CVE-2024-3094

Quick start guide →

4. VS Code Extension

code --install-extension \
  ContrastAPI.contrastapi

29 commands · sidebar tree · right-click menu · no API key

Marketplace →

49 security tools,
one JSON config.

Web Intelligence

Domain Intelligence

CVE Intelligence

MITRE ATLAS (AI/ML Threats)

MITRE D3FEND (Defense Mapping)

Threat Intelligence

Code Security

Operations

30-Second Setup

1. MCP (Claude / Cursor / VS Code)

2. SDKs Python · Node

3. cURL

4. VS Code Extension

Credit Costs

FAQ

Data Freshness

49 security tools,one JSON config.

Web Intelligence

Domain Intelligence

CVE Intelligence

MITRE ATLAS (AI/ML Threats)

MITRE D3FEND (Defense Mapping)

Threat Intelligence

Code Security

Operations

30-Second Setup

1. MCP (Claude / Cursor / VS Code)

2. SDKs Python · Node

3. cURL

4. VS Code Extension

Credit Costs

FAQ

Data Freshness

49 security tools,
one JSON config.