MCP Setup

Give your AI agent 23 security tools. One config, zero signup.

1 Claude Desktop

Edit ~/.claude/claude_desktop_config.json:

json{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
    }
  }
}

Restart Claude Desktop. Done.

2 Cursor

Add to .cursor/mcp.json in your project root:

json{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
    }
  }
}

3 VS Code (Claude Code)

Add to .mcp.json in your project root:

json{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
    }
  }
}

4 Windsurf

Add to ~/.codeium/windsurf/mcp_config.json:

json{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
    }
  }
}

5 Any MCP Client (HTTP)

Use the remote HTTP transport directly:

httpPOST https://api.contrastcyber.com/mcp/
Content-Type: application/json
Accept: application/json, text/event-stream

{"jsonrpc":"2.0","id":1,"method":"initialize",
 "params":{"protocolVersion":"2025-03-26",
   "capabilities":{},
   "clientInfo":{"name":"my-app","version":"1.0"}}}

Try it now

After setup, ask your AI:

"Scan example.com for security issues"

"Look up CVE-2024-3094"

"Check if 8.8.8.8 is malicious"

"Find subdomains of example.com"

"Scan this code for hardcoded secrets"

23 Tools

domain_report Full domain security audit

dns_lookup DNS records

whois_lookup Registration data

ssl_check Certificate analysis

subdomain_enum Subdomain discovery

tech_fingerprint CMS/framework detection

threat_intel Malware/URLhaus lookup

scan_headers Live header analysis

email_mx SPF/DMARC/DKIM check

email_disposable Disposable email detection

ip_lookup IP intelligence (Shodan)

asn_lookup ASN/network info

cve_lookup CVE + EPSS + KEV

cve_search Search CVEs by product

exploit_lookup Public exploits

ioc_lookup IOC enrichment

hash_lookup File hash reputation

password_check Breach database check

phishing_check URL phishing detection

phone_lookup Phone number OSINT

check_secrets Hardcoded secret scan

check_injection SQL/command injection

check_headers Header validation

What's next?

REST API

Use without MCP — cURL, Node.js, Python. API Quick Start →

Full Reference

All endpoints with try-it-out. API Docs →