{
  "name": "ContrastAPI",
  "description": "Security + OSINT API with 53 MCP tools, 7 MCP Resources (ATLAS+D3FEND+CWE catalog browsing), and conditional triage Prompt for AI agents: CVE/KEV/CWE lookup, composite risk scoring (CVSS+EPSS+KEV+PoC fusion), CVSS v3.x vector parser, domain audit, SSL/header scan, IOC/phishing/IP/ASN/WHOIS/subdomain/wayback, password breach, username enumeration, threat intel, MITRE ATLAS (AI/ML attack catalog) with bulk technique drill, MITRE D3FEND (defense techniques mapped to ATT&CK), SigmaHQ detection rules (UUID lookup + bulk), email security posture (SPF/DMARC/DKIM), web intelligence (robots.txt parser, redirect-chain walker, email validation, brand-asset scraper, SEO audit).",
  "url": "https://api.contrastcyber.com",
  "version": "1.33.15",
  "protocolVersion": "0.3",
  "protocolVersions": ["0.3"],
  "iconUrl": "https://api.contrastcyber.com/static/logo-ph.png",
  "supportedInterfaces": [
    {"protocolBinding": "MCP-HTTP", "url": "https://api.contrastcyber.com/mcp/"},
    {"protocolBinding": "OpenAPI", "url": "https://api.contrastcyber.com/openapi.json"},
    {"protocolBinding": "HTTP-REST", "url": "https://api.contrastcyber.com/v1"}
  ],
  "provider": {
    "organization": "ContrastCyber",
    "url": "https://contrastcyber.com"
  },
  "documentationUrl": "https://api.contrastcyber.com/quickstart",
  "capabilities": {
    "streaming": true,
    "pushNotifications": false,
    "stateTransitionHistory": false
  },
  "defaultInputModes": ["text", "application/json"],
  "defaultOutputModes": ["application/json"],
  "interfaces": [
    {
      "type": "mcp",
      "url": "https://api.contrastcyber.com/mcp/",
      "transport": "streamable-http"
    },
    {
      "type": "openapi",
      "url": "https://api.contrastcyber.com/openapi.json"
    }
  ],
  "skills": [
    {"id": "cve_lookup", "name": "CVE Lookup", "description": "Look up CVE details with CVSS, EPSS, KEV, patch info", "tags": ["security", "cve", "vulnerability"], "examples": ["Look up CVE-2021-44228", "Get details for Log4Shell"]},
    {"id": "cve_search", "name": "CVE Search", "description": "Search CVEs by vendor, product, keyword", "tags": ["security", "cve"], "examples": ["Find CVEs for Apache Struts", "Search recent nginx vulnerabilities"]},
    {"id": "cve_leading", "name": "Leading CVEs", "description": "Top trending/high-severity CVEs", "tags": ["security", "cve"], "examples": ["What are this week's leading CVEs?", "Top KEV-listed vulnerabilities"]},
    {"id": "bulk_cve_lookup", "name": "Bulk CVE Lookup", "description": "Batch CVE details", "tags": ["security", "cve"], "examples": ["Lookup CVE-2024-1234, CVE-2024-5678 together"]},
    {"id": "exploit_lookup", "name": "Exploit Lookup", "description": "Public exploits for a CVE", "tags": ["security", "exploit"], "examples": ["Are there public exploits for CVE-2023-34362?"]},
    {"id": "kev_detail", "name": "KEV Detail", "description": "CISA KEV record: federal patch deadline, required action, ransomware association, CWE list", "tags": ["security", "cve", "kev", "cisa"], "examples": ["KEV detail for CVE-2021-44228", "Federal patch deadline for Log4Shell"]},
    {"id": "cwe_lookup", "name": "CWE Lookup", "description": "MITRE CWE catalog: description, mitigations, parent/child weakness chain, CVE count", "tags": ["security", "cwe", "weakness"], "examples": ["Look up CWE-79 (XSS)", "Mitigations for CWE-89 (SQL injection)"]},
    {"id": "audit_domain", "name": "Domain Audit", "description": "Full-stack domain security audit", "tags": ["osint", "domain"], "examples": ["Audit example.com for security issues"]},
    {"id": "domain_report", "name": "Domain Report", "description": "Summary report for a domain", "tags": ["osint", "domain"], "examples": ["Generate security report for github.com"]},
    {"id": "subdomain_enum", "name": "Subdomain Enumeration", "description": "Enumerate subdomains via crt.sh", "tags": ["osint", "domain"], "examples": ["Find all subdomains of contrastcyber.com"]},
    {"id": "dns_lookup", "name": "DNS Lookup", "description": "DNS records (A, AAAA, MX, TXT, NS)", "tags": ["osint", "dns"], "examples": ["DNS records for cloudflare.com"]},
    {"id": "whois_lookup", "name": "WHOIS Lookup", "description": "Domain registration info", "tags": ["osint", "whois"], "examples": ["WHOIS for openai.com"]},
    {"id": "ssl_check", "name": "SSL/TLS Check", "description": "Certificate validation + grading (A-F)", "tags": ["security", "ssl"], "examples": ["Check SSL cert for api.example.com", "Grade TLS config for mydomain.com"]},
    {"id": "check_headers", "name": "Security Headers", "description": "HTTP security header validation with value checks", "tags": ["security", "headers"], "examples": ["Check security headers on example.com"]},
    {"id": "scan_headers", "name": "Scan Headers", "description": "Bulk header scan", "tags": ["security", "headers"], "examples": ["Scan headers for multiple URLs"]},
    {"id": "tech_fingerprint", "name": "Tech Fingerprint", "description": "Detect CMS, frameworks, servers, JS libraries", "tags": ["osint", "fingerprint"], "examples": ["What stack runs example.com?", "Fingerprint technologies on mysite.io"]},
    {"id": "check_injection", "name": "Injection Check", "description": "Basic SQLi/XSS reflection test", "tags": ["security", "injection"], "examples": ["Test example.com/search for injection"]},
    {"id": "check_secrets", "name": "Secret Leakage Check", "description": "Scan for exposed secrets in responses", "tags": ["security", "secrets"], "examples": ["Check if example.com leaks API keys"]},
    {"id": "check_dependencies", "name": "Dependency Check", "description": "Vulnerable JS library detection", "tags": ["security", "dependencies"], "examples": ["Check JS libs on example.com for CVEs"]},
    {"id": "ioc_lookup", "name": "IOC Lookup", "description": "Indicator of compromise check (IP, domain, hash)", "tags": ["threat-intel", "ioc"], "examples": ["Is 1.2.3.4 a known IOC?"]},
    {"id": "bulk_ioc_lookup", "name": "Bulk IOC Lookup", "description": "Batch IOC check", "tags": ["threat-intel", "ioc"], "examples": ["Check multiple IPs and hashes at once"]},
    {"id": "ip_lookup", "name": "IP Lookup", "description": "IP geolocation, ASN, reputation", "tags": ["osint", "ip"], "examples": ["Who owns 8.8.8.8?", "Geolocate 1.1.1.1"]},
    {"id": "asn_lookup", "name": "ASN Lookup", "description": "Autonomous system info", "tags": ["osint", "asn"], "examples": ["Details for AS13335 (Cloudflare)"]},
    {"id": "hash_lookup", "name": "Hash Lookup", "description": "File hash reputation (MD5/SHA1/SHA256)", "tags": ["threat-intel", "hash"], "examples": ["Is this SHA256 malicious?"]},
    {"id": "threat_intel", "name": "Threat Intel", "description": "Multi-source threat lookup", "tags": ["threat-intel"], "examples": ["Is evil.com malicious?"]},
    {"id": "threat_report", "name": "Threat Report", "description": "Consolidated threat report", "tags": ["threat-intel"], "examples": ["Generate threat report for suspicious.io"]},
    {"id": "phishing_check", "name": "Phishing Check", "description": "Phishing URL detection", "tags": ["security", "phishing"], "examples": ["Is paypal-secure.net a phishing site?"]},
    {"id": "password_check", "name": "Password Breach", "description": "HIBP password breach check (k-anonymity)", "tags": ["security", "password"], "examples": ["Has my password been leaked?"]},
    {"id": "email_disposable", "name": "Disposable Email", "description": "Detect disposable / temp email domains", "tags": ["osint", "email"], "examples": ["Is mailinator.com a disposable email?"]},
    {"id": "email_mx", "name": "Email MX", "description": "Email domain MX record validation", "tags": ["osint", "email"], "examples": ["MX records for example.com"]},
    {"id": "phone_lookup", "name": "Phone Lookup", "description": "Phone carrier, region, country", "tags": ["osint", "phone"], "examples": ["Carrier for +14155552671"]},
    {"id": "username_lookup", "name": "Username Lookup", "description": "Cross-platform username enumeration", "tags": ["osint", "username"], "examples": ["Find accounts for username torvalds"]},
    {"id": "wayback_lookup", "name": "Wayback Lookup", "description": "Internet Archive snapshots for a URL", "tags": ["osint", "wayback"], "examples": ["Archived versions of example.com"]},
    {"id": "atlas_technique_lookup", "name": "ATLAS Technique Lookup", "description": "MITRE ATLAS (AI/ML attack catalog) technique lookup by id (AML.T####). Returns tactics, maturity, ATT&CK bridge, pivot hints", "tags": ["security", "ai-ml", "atlas", "mitre"], "examples": ["Look up AML.T0051 (LLM Prompt Injection)", "Details for ATLAS AML.T0000"]},
    {"id": "atlas_technique_search", "name": "ATLAS Technique Search", "description": "Search the MITRE ATLAS AI/ML attack catalog by keyword, tactic, or maturity", "tags": ["security", "ai-ml", "atlas", "mitre"], "examples": ["Find ATLAS techniques about prompt injection", "List demonstrated AI/ML attacks"]},
    {"id": "bulk_atlas_technique_lookup", "name": "Bulk ATLAS Technique Lookup", "description": "Drill into up to 50 MITRE ATLAS technique ids in a single call — natural follow-up to atlas_case_study_lookup's techniques_used array", "tags": ["security", "ai-ml", "atlas", "mitre", "bulk"], "examples": ["Bulk drill the techniques_used from this ATLAS case study", "Lookup AML.T0051, AML.T0043, AML.T0061 together"]},
    {"id": "atlas_case_study_lookup", "name": "ATLAS Case Study Lookup", "description": "MITRE ATLAS real-world AI/ML attack incident case study (AML.CS####)", "tags": ["security", "ai-ml", "atlas", "incident"], "examples": ["Look up AML.CS0000 (Evasion of Deep Learning Detector)"]},
    {"id": "atlas_case_study_search", "name": "ATLAS Case Study Search", "description": "Search ATLAS case studies by keyword or by referenced ATLAS technique", "tags": ["security", "ai-ml", "atlas", "incident"], "examples": ["Find AI/ML evasion incidents", "Case studies using AML.T0043"]},
    {"id": "d3fend_defense_lookup", "name": "D3FEND Defense Lookup", "description": "MITRE D3FEND defense technique lookup by slug (e.g. TokenBinding). Returns tactic, artifact, mapped ATT&CK T-codes", "tags": ["security", "d3fend", "defense", "mitre"], "examples": ["Look up D3FEND TokenBinding", "Details for D3FEND FileHashing"]},
    {"id": "d3fend_defense_search", "name": "D3FEND Defense Search", "description": "Search D3FEND defenses by keyword, tactic (Harden/Detect/Isolate/...), or targeted artifact", "tags": ["security", "d3fend", "defense", "mitre"], "examples": ["Find D3FEND Harden defenses for Access Token", "Search D3FEND for sandbox techniques"]},
    {"id": "d3fend_defense_for_attack", "name": "D3FEND Reverse Lookup", "description": "Given an ATT&CK T-code, return all D3FEND defenses that mitigate it. Bridges offensive intel (CVE/ATLAS/ATT&CK) to defensive playbook", "tags": ["security", "d3fend", "defense", "mitre", "attack"], "examples": ["What D3FEND defenses mitigate T1059?", "Defenses for T1550.001"]},
    {"id": "d3fend_attack_coverage", "name": "D3FEND Coverage Audit", "description": "Batch defense coverage breakdown across multiple ATT&CK T-codes — count defenses per tactic + identify undefended techniques", "tags": ["security", "d3fend", "defense", "mitre", "audit"], "examples": ["Coverage for T1059, T1190, T1550.001", "Which of these ATT&CK techniques have no D3FEND mitigation?"]},
    {"id": "contrast_triage", "name": "Contrast Triage (Prompt)", "description": "v1.23.0 conditional MCP Prompt: pick a tool chain by perspective ('red' = offensive recon, 'blue' = defensive triage) for an auto-detected target (CVE / ATLAS / ATT&CK / CWE / hash / IP / domain).", "tags": ["security", "prompt", "triage", "workflow"], "examples": ["/contrast-triage 8.8.8.8 blue", "/contrast-triage CVE-2021-44228 red", "/contrast-triage AML.T0051 blue"]},
    {"id": "atlas_resources", "name": "ATLAS Catalog (MCP Resources)", "description": "v1.23.0 MCP Resources: browse the full MITRE ATLAS catalog (167 techniques + 57 case studies) without spending a tool slot. URIs: atlas://catalog, atlas://technique/{id}, atlas://case-study/{id}.", "tags": ["security", "ai-ml", "atlas", "mitre", "resource"], "examples": ["Browse atlas://catalog", "Read atlas://technique/AML.T0051"]},
    {"id": "d3fend_resources", "name": "D3FEND Catalog (MCP Resources)", "description": "v1.23.0 MCP Resources: browse the full MITRE D3FEND defense catalog (149 defenses). URIs: d3fend://catalog, d3fend://defense/{id}.", "tags": ["security", "d3fend", "defense", "mitre", "resource"], "examples": ["Browse d3fend://catalog", "Read d3fend://defense/TokenBinding"]},
    {"id": "cwe_resources", "name": "CWE Catalog (MCP Resources)", "description": "v1.23.0 MCP Resources: browse the full MITRE CWE catalog (944 weaknesses). URIs: cwe://catalog (slim), cwe://weakness/{id} (full record).", "tags": ["security", "cwe", "mitre", "resource"], "examples": ["Browse cwe://catalog", "Read cwe://weakness/CWE-79"]},
    {"id": "robots_txt", "name": "Robots.txt Parser", "description": "v1.25.0 Fetch + parse a target domain's robots.txt — sitemaps, per-User-agent allow/disallow, crawl-delay, Host directive (RFC 9309). Use BEFORE crawling/scraping a target site to honour its published rules.", "tags": ["osint", "web-intel", "robots", "crawler"], "examples": ["Get robots.txt rules for github.com", "What sitemaps does cloudflare.com publish?"]},
    {"id": "redirect_chain", "name": "Redirect Chain Walker", "description": "v1.25.0 Walk a URL's HTTP redirect chain hop-by-hop, returning per-hop status, Location, latency. SSRF-guarded at every hop. Use to deobfuscate URL shorteners, audit suspicious phishing links, trace marketing tracking redirects.", "tags": ["osint", "web-intel", "redirect", "phishing"], "examples": ["Where does this bit.ly link actually go?", "Trace redirect chain for https://t.co/xyz"]},
    {"id": "email_verify", "name": "Email Verify (Combined)", "description": "v1.25.0 One-call email validation combining syntax + MX records + disposable check + role-address detection (admin@/info@/noreply@) + free-provider classification (gmail/outlook/yahoo). Replaces 2-3 tool calls. NO SMTP RCPT TO probing — ethical floor declared.", "tags": ["osint", "email", "validation", "lead-gen"], "examples": ["Verify admin@example.com", "Is jane@gmail.com a personal address?"]},
    {"id": "brand_assets", "name": "Brand Assets Scraper", "description": "v1.25.0 Scrape a domain's homepage <head> for public brand assets — favicon, og:image, theme-color, og:site_name, JSON-LD Organization.logo. Enriches CRM records / company-card UIs without manual screenshots. Honours robots.txt, Cache-Control, per-target throttle.", "tags": ["osint", "web-intel", "branding", "crm"], "examples": ["Get brand assets for stripe.com", "Find logo + favicon for github.com"]},
    {"id": "seo_audit", "name": "SEO Audit (One-Page)", "description": "v1.25.0 One-shot SEO audit of a domain's homepage with a 0-100 composite score (10 rules) + missing_signals list of concrete fixes. Use BEFORE pitching SEO work, when triaging a lead's marketing maturity, or as a structured pre-flight before deeper Lighthouse / SEMrush audits. Honours robots.txt.", "tags": ["seo", "web-intel", "audit", "marketing"], "examples": ["Score the SEO of example.com", "Audit shopify.com homepage SEO"]}
  ],
  "securitySchemes": {
    "apiKey": {
      "type": "apiKey",
      "name": "X-API-Key",
      "in": "header"
    },
    "bearer": {
      "type": "http",
      "scheme": "bearer"
    }
  },
  "supportsAuthenticatedExtendedCard": false
}