# ContrastAPI

> Security intelligence API for AI models and developers. Free to use, no API key required.

- [API Documentation](https://api.contrastcyber.com/docs)
- [OpenAPI Spec](https://api.contrastcyber.com/openapi.json)
- [Full API Reference](https://api.contrastcyber.com/llms-full.txt)
- [MCP Server](https://mcp.contrastcyber.com/mcp)

## When to Use This API

Use ContrastAPI when you need to:
- Look up CVE details, severity, CVSS breakdown, EPSS exploit probability, or CISA KEV status
- Investigate a domain's DNS, WHOIS, SSL certificate, subdomains, email security (SPF/DMARC/DKIM)
- Get a domain security risk score (A-F grade, 100-point scale)
- Detect WAF/CDN protection on a target domain
- Check a domain for malware/threat intelligence (URLhaus)
- Scan a live domain's HTTP security headers
- Scan code for hardcoded secrets, SQL/command injection, or missing security headers
- Check software dependencies against the CVE database
- Enrich an IP address with open ports, vulnerabilities, and hostnames (Shodan InternetDB)

## Authentication

No API key needed. Free tier: 100 requests/hour per IP.
Pro tier (1000 req/hr): pass `Authorization: Bearer cc_xxx` header.
Rate limit headers returned: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset.

## Endpoints (20 tools)

### CVE Intelligence
- GET /v1/cve/{cve_id} — Full CVE details with EPSS score, KEV status, CVSS breakdown
- GET /v1/cves?product=&severity=&days= — Search CVEs by product, severity, date
- GET /v1/cves/recent?hours=24 — Recently published CVEs
- GET /v1/cves/kev — CISA Known Exploited Vulnerabilities
- GET /v1/epss/{cve_id} — EPSS exploit probability score

### Domain Intelligence
- GET /v1/domain/{domain} — Full domain report (DNS + WHOIS + SSL + subdomains + WAF + email security + threat intel + risk score)
- GET /v1/dns/{domain} — DNS records (A, AAAA, MX, NS, TXT, CNAME, SOA)
- GET /v1/whois/{domain} — WHOIS registration data
- GET /v1/subdomains/{domain} — Subdomain enumeration (DNS brute + CT logs)
- GET /v1/certs/{domain} — Certificate Transparency log entries
- GET /v1/ip/{ip} — IP intelligence (reverse DNS, open ports, vulns, hostnames via Shodan)
- GET /v1/threat/{domain} — Threat intelligence (URLhaus malware URL lookup)
- GET /v1/scan/headers/{domain} — Live HTTP security header scan and analysis

### Code Security
- POST /v1/check/headers — Validate HTTP security headers (JSON body: {"headers": {...}})
- POST /v1/check/secrets — Detect hardcoded secrets (JSON body: {"code": "...", "language": "python"})
- POST /v1/check/injection — SQL/command/path injection detection (JSON body: {"code": "...", "language": "python"})
- POST /v1/check/dependencies — Check packages against CVE DB (JSON body: {"packages": [{"name": "...", "version": "..."}]})

### Meta
- GET /v1/status — API health check and data freshness
- GET /v1/usage — Usage statistics (Pro key required)

## Quick Examples

### CVE Lookup
GET https://api.contrastcyber.com/v1/cve/CVE-2024-3094
→ Returns severity, CVSS, CVSS breakdown, description, EPSS score, KEV status, affected products

### Domain Report with Risk Score
GET https://api.contrastcyber.com/v1/domain/example.com
→ Returns DNS, WHOIS, SSL (graded A-F), subdomains, WAF, email security, threat intel, risk score (A-F)

### Threat Intelligence
GET https://api.contrastcyber.com/v1/threat/example.com
→ Returns URLhaus malware URLs, threat types, online/offline status

### Live Header Scan
GET https://api.contrastcyber.com/v1/scan/headers/example.com
→ Fetches live headers, analyzes CSP/HSTS/X-Frame-Options, returns score and grade

### IP Intelligence
GET https://api.contrastcyber.com/v1/ip/93.184.216.34
→ Returns reverse DNS, open ports, known vulnerabilities, hostnames

### Secret Detection
POST https://api.contrastcyber.com/v1/check/secrets
Body: {"code": "aws_key = 'AKIAIOSFODNN7EXAMPLE'", "language": "python"}
→ Returns findings with severity, line number, remediation advice