contrastapi

概述

ContrastAPI 是一个全面的安全情报 MCP 服务器，为网络安全专业人士和 AI 代理提供 53 种工具。它包括带有 EPSS 评分的 CVE/KEV/CWE 查找、域名审计、IP 威胁报告、IOC 丰富化、代码安全分析和网站智能工具。服务器集成了多个安全情报来源，包括 MITRE ATLAS、D3FEND 和 Sigma 检测规则。它提供免费层使用（每小时 30 次信用额度）和付费选项，无需 API 密钥即可使用基本功能。

试试问 AI

装完之后，这里有 5 个你可以让 AI 做的事：

• cve_search

  Search for CVEs by product with optional KEV filter

  试试:Search for KEV-listed OpenSSL CVEs试试:Find all CVEs affecting Apache Struts
• cve_lookup

  Get full CVE record including CVSS, EPSS, KEV status, and CWE

  试试:Pull the full record for CVE-2021-44228试试:Get details for CVE-2023-23397 with EPSS score
• exploit_lookup

  Check for public exploits or proof-of-concept for a CVE

  试试:Does CVE-2021-44228 have a public exploit available?试试:Find PoC for the latest Microsoft Office vulnerability
• domain_report

  Comprehensive domain analysis including DNS, WHOIS, SSL, subdomains, and threat intel

  试试:Run a full domain report for example.com试试:Analyze microsoft.com for DNS, WHOIS, SSL, and subdomains
• ip_lookup

  Get reputation, country, ASN, and threat intel for an IP address

  试试:What's the reputation of 1.1.1.1?试试:Check threat intelligence for 185.220.101.42
• robots_txt

  Fetch and analyze robots.txt file from a website

  试试:Get the robots.txt file for example.com试试:Analyze crawl rules for google.com
• redirect_chain

  Trace the complete redirect chain of a URL

  试试:Show the redirect chain for short.link/abc123试试:Trace where bit.ly/cybersec leads
• email_verify

  Verify email address validity without sending emails

  试试:Verify if security@microsoft.com is valid试试:Check if test@example.com exists
• brand_assets

  Discover brand assets and security-relevant web resources

  试试:Find brand assets for apple.com试试:Identify security-relevant resources from microsoft.com
• seo_audit

  Conduct SEO analysis with ethical guardrails

  试试:Perform SEO audit for example.com试试:Check SEO metrics for my-website.org
• atlas_lookup

  Lookup MITRE ATLAS AI/ML attack techniques

  试试:Find ATLAS techniques for data poisoning attacks试试:Get information on model evasion attacks
• d3fend_lookup

  Lookup MITRE D3FEND defensive techniques

  试试:Find D3FEND techniques for protecting against injection attacks试试:Get defensive measures for AI model poisoning

可对比工具

安装

{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
    }
  }
}

pip install contrastapi  # Python 3.10+

npm install contrastapi  # Node 14+

FAQ

有免费套餐吗？

是的，ContrastAPI 提供免费套餐，每小时 30 次信用额度。使用基本功能无需 API 密钥。

包含哪些类型的安全工具？

该服务器提供 53 种安全工具，包括 CVE/KEV/CWE 查找、MITRE ATLAS+D3FEND 集成、域名审计、IP 威胁报告、IOC 丰富化、代码安全分析和网站智能工具。

contrastapi 对比