From zero to first API call in 30 seconds. No signup, no API key required.
Copy, paste, run.
curl https://api.contrastcyber.com/v1/domain/example.com# CVE lookup
curl https://api.contrastcyber.com/v1/cve/CVE-2024-3094
# Live header scan
curl https://api.contrastcyber.com/v1/scan/headers/example.com
# IP intelligence
curl https://api.contrastcyber.com/v1/ip/8.8.8.8
# Code secrets scan
curl -X POST https://api.contrastcyber.com/v1/check/secrets \
-H "Content-Type: application/json" \
-d '{"code": "aws_key = AKIAIOSFODNN7EXAMPLE"}'npm No SDK needed — just fetch.
// Domain security report
const res = await fetch('https://api.contrastcyber.com/v1/domain/example.com');
const data = await res.json();
console.log(data.risk_score); // { grade: "B", score: 72, ... }
console.log(data.ssl.grade); // "A"
console.log(data.dns.records); // [{ type: "A", value: "93.184.216.34" }, ...]
// CVE lookup
const cve = await fetch('https://api.contrastcyber.com/v1/cve/CVE-2024-3094');
const vuln = await cve.json();
console.log(vuln.severity); // "critical"
console.log(vuln.epss_score); // 0.94import requests
# Domain report
r = requests.get('https://api.contrastcyber.com/v1/domain/example.com')
data = r.json()
print(data['risk_score']['grade']) # "B"
# Scan code for secrets
r = requests.post('https://api.contrastcyber.com/v1/check/secrets',
json={'code': 'password = "hunter2"'})
print(r.json()['findings'])# .github/workflows/security.yml
- name: Security header check
run: |
GRADE=$(curl -s https://api.contrastcyber.com/v1/scan/headers/$DOMAIN | jq -r '.grade')
if [ "$GRADE" = "F" ]; then echo "Security grade F!" && exit 1; fiAll 35+ endpoints with try-it-out. Open docs →
Free 100 req/hr · Pro 1000 req/hr. Pricing →
Use with Claude, Cursor, VS Code. Setup guide →
Star, issues, contributions. Repository →