// MCP TOOL REFERENCE

CONTRASTAPI TOOLS

53 tools from the ContrastAPI MCP Server, categorised by risk level.

View the ContrastAPI policy → Token cost: 18,721 tokens →
// ALL 53 CONTRASTAPI TOOLS
READ 48 tools
Read asn_lookup Look up Autonomous System Number (ASN) for a domain or IP: AS number, organization, IPv4/IPv6 prefixes. Use... Read atlas_case_study_lookup Look up a MITRE ATLAS case study — a documented real-world AI/ML attack incident. Each case study links a s... Read atlas_case_study_search Search ATLAS case studies (real-world AI/ML attack incidents) by keyword or referenced technique. Default r... Read atlas_technique_lookup Look up a MITRE ATLAS technique — the AI/ML adversarial attack catalog. ATLAS catalogues TTPs targeting mac... Read atlas_technique_search Search the MITRE ATLAS catalog of AI/ML attack techniques by keyword, tactic, or maturity. Default response... Read audit_domain Perform comprehensive domain audit: combines domain_report + live HTTP security headers + technology finger... Read bulk_atlas_technique_lookup Bulk ATLAS technique lookup — retrieve full records for up to 50 techniques in a single request instead of ... Read bulk_cve_lookup Batch query multiple CVEs (up to 50 per call, same for Free and Pro): retrieve full CVE details for all in ... Read bulk_ioc_lookup Batch query multiple IOCs (IP/domain/URL/hash, up to 50 per call, same for Free and Pro) in 1 request: auto... Read bulk_sigma_rule_lookup Bulk Sigma rule lookup — retrieve full records for up to 50 rule UUIDs in a single request instead of N sep... Read calculate_risk_score Composite CVE risk score (0-100) — fuses CVSS, EPSS, KEV, and PoC into a single agent-ready triage signal. ... Read check_dependencies Audit project dependencies (npm/PyPI/Maven/RubyGems/etc.) against CVE database: find known vulnerabilities ... Read check_headers Validate HTTP security headers you provide (JSON): CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Perm... Read check_injection Scan source code for injection vulnerabilities: SQL injection, command injection, path traversal via unsafe... Read check_secrets Scan source code (or snippet) for hardcoded secrets — cloud provider keys, API tokens, connection strings, ... Read cve_leading List CVEs indexed from MITRE/GHSA BEFORE NVD publication (early-warning, freshest data). By default each re... Read cve_lookup Retrieve detailed CVE data by ID: description, CVSS v3.1 + vector, CVSS v2 (always emitted), EPSS score + p... Read cve_search Search CVE database with filters: product/vendor, severity, published date range, EPSS score, CWE, CVSS ran... Read cwe_lookup Look up MITRE CWE (Common Weakness Enumeration) catalog record from research view 1000. Default response is... Read d3fend_attack_coverage Batch coverage breakdown: given a list of ATT&CK T-codes, return distinct defense counts per D3FEND tactic ... Read d3fend_defense_lookup Look up a MITRE D3FEND defense technique. D3FEND is the canonical defensive counterpart to ATT&CK — each de... Read d3fend_defense_search Search the MITRE D3FEND catalog of defensive techniques by keyword, tactic, or targeted artifact. Default r... Read dns_lookup Query all DNS record types (A, AAAA, MX, NS, TXT, CNAME, SOA) for a domain. Use for mail routing inspection... Read domain_report Query DNS, WHOIS, SSL, subdomains, and threat intel for a domain in one call. By default dns.txt is filtere... Read email_disposable Check if email address uses a known disposable/temporary provider (Guerrilla Mail, Temp Mail, Mailinator, e... Read email_mx Analyze email security: MX records, SPF policy, DMARC policy, DKIM probe across common+date-based selectors... Read email_security_posture Analyze domain email authentication posture: SPF, DMARC, DKIM with numeric score and findings. Dual-use: re... Read email_verify One-call email validation combining syntax + MX records + disposable check + role-address detection (admin@... Read exploit_lookup Search public exploits/PoC for a specific CVE across three sources: (1) GitHub Advisory Database (sources.g... Read get_cvss_details Parse a CVSS v3.x vector string into a per-metric breakdown plus a recomputed base score. Returns the canon... Read hash_lookup Query MalwareBazaar for file hash (MD5/SHA1/SHA256): malware family, file type, size, tags, first/last seen... Read ioc_lookup Enrich Indicator of Compromise (IP/domain/URL/hash) by auto-detecting type and querying abuse.ch feeds. Per... Read ip_lookup Query comprehensive IP intelligence: reverse DNS, ASN + holder name + country inline (RIPE Stat, Phase 1), ... Read password_check Check if SHA-1 hash appears in Have I Been Pwned (HIBP) breach dataset using k-anonymity (5-char prefix onl... Read phishing_check Query URLhaus for a specific URL and its host. is_malicious is True only when there is ACTIVE evidence — ex... Read phone_lookup Validate and analyze phone number: country, region, carrier, line type (mobile/landline/VoIP), timezone, fo... Read robots_txt Fetch + parse the target domain's robots.txt — sitemaps, per-User-agent allow/disallow rules, crawl-delay, ... Read scan_headers Perform live HTTP GET and analyze security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Per... Read sigma_rule_lookup Look up a single Sigma detection rule by UUID from the SigmaHQ corpus (~3,200 rules, refreshed daily at 02:... Read ssl_check Analyze SSL/TLS certificate: grade (A/B/C/D/F), protocol version, cipher suite, chain, expiry, Subject Alte... Read subdomain_enum Discover subdomains using passive methods: Certificate Transparency logs + DNS brute-force (no active probi... Read tech_fingerprint Detect website technology stack: CMS, frameworks, CDN, analytics tools, web servers, languages (via HTTP he... Read tech_stack_cve_audit Composite tech-stack + CVE audit (MCP-only, no REST endpoint). Detects technologies on the target domain, q... Read threat_intel Check domain against abuse.ch URLhaus for known malware-distribution URLs (single source — for multi-feed c... Read threat_report Query comprehensive threat profile for an IP: Shodan host data, AbuseIPDB reputation, ASN/geolocation, and ... Read username_lookup Search for username across 15+ social/dev platforms (GitHub, Reddit, X/Twitter, LinkedIn, Instagram, TikTok... Read wayback_lookup Retrieve Wayback Machine snapshots for a domain: first capture, latest, total count, snapshot list. Use to ... Read whois_lookup Retrieve WHOIS registration data: registrar, creation/expiry dates, nameservers, status. Use to verify doma...
WRITE 3 tools
Write d3fend_defense_for_attack Reverse lookup: given an ATT&CK T-code, return D3FEND defenses that mitigate it. This is the bridge from of... Write kev_detail Look up CISA KEV (Known Exploited Vulnerabilities) full record for a CVE. Returns federal patch deadline (d... Write seo_audit One-shot SEO audit of a domain's homepage with a 0-100 composite score + a `missing_signals` list of concre...
EXECUTE 2 tools
Execute brand_assets Scrape a domain's homepage `<head>` for public brand assets — favicon, og:image, theme-color, og:site_name,... Execute redirect_chain Walk an HTTP redirect chain hop-by-hop, returning per-hop {url, status_code, location, latency_ms}. Use to ...
// FAQ
How many tools does the ContrastAPI MCP server have? +

The ContrastAPI MCP server exposes 53 tools across 3 categories: Read, Write, Execute.

How do I enforce policies on ContrastAPI tools? +

Route the ContrastAPI server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard — they are enforced on every call before it reaches the server.

What risk categories do ContrastAPI tools fall into? +

ContrastAPI tools are categorised as Read (48), Write (3), Execute (2). Each category has a recommended default policy.

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

SECURE YOUR MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.