{% include "nav.html" %}

API Playground

Try every endpoint from your browser. No signup, no API key, no setup.

Domain Intelligence

GET /v1/domain/{domain} Full domain security report with DNS, WHOIS, SSL, subdomains, and risk score 
{
  "domain": "cloudflare.com",
  "risk_score": 15,
  "dns": {
    "a": ["104.16.132.229"],
    "mx": ["route1.mx.cloudflare.net"]
  },
  "whois": {
    "registrar": "Cloudflare, Inc.",
    "created": "2009-02-17"
  },
  "ssl": {
    "grade": "A",
    "issuer": "Google Trust Services",
    "expires_in_days": 89
  },
  "subdomains": ["www.cloudflare.com", "api.cloudflare.com", "dash.cloudflare.com"]
}
GET /v1/audit/{domain} Full audit — domain report + tech fingerprint + live headers (4 credits) 
{
  "domain": "example.com",
  "summary": "Audit for example.com · 3 technologies detected",
  "technologies": {"count": 3, "summary": "nginx, Cloudflare, jQuery"},
  "live_headers": {"server": "nginx", "x-powered-by": "Express"},
  "report": {"...full domain report...": null}
}
GET /v1/dns/{domain} DNS records — A, AAAA, MX, NS, TXT, CNAME, SOA 
{
  "domain": "cloudflare.com",
  "records": [
    {"type": "A", "value": "104.16.132.229", "ttl": 300},
    {"type": "MX", "value": "route1.mx.cloudflare.net", "ttl": 300, "priority": 36},
    {"type": "NS", "value": "ns1.cloudflare.com", "ttl": 86400},
    {"type": "TXT", "value": "v=spf1 include:_spf.google.com ~all", "ttl": 300}
  ]
}
GET /v1/whois/{domain} WHOIS registration data — registrar, dates, nameservers, DNSSEC 
{
  "domain": "cloudflare.com",
  "registrar": "Cloudflare, Inc.",
  "creation_date": "2009-02-17T00:00:00",
  "expiration_date": "2033-02-17T00:00:00",
  "updated_date": "2024-01-15T00:00:00",
  "nameservers": ["ns1.cloudflare.com", "ns2.cloudflare.com"],
  "status": ["clientTransferProhibited"],
  "dnssec": true
}
GET /v1/subdomains/{domain} Subdomain enumeration via certificate transparency logs 
{
  "domain": "cloudflare.com",
  "subdomains": [
    "www.cloudflare.com",
    "api.cloudflare.com",
    "dash.cloudflare.com",
    "support.cloudflare.com",
    "blog.cloudflare.com"
  ],
  "total": 5
}
GET /v1/ssl/{domain} SSL/TLS certificate analysis — grade, cipher, expiry, SAN 
{
  "domain": "cloudflare.com",
  "grade": "A",
  "protocol": "TLSv1.3",
  "cipher": "TLS_AES_256_GCM_SHA384",
  "issuer": "Google Trust Services",
  "not_before": "2024-12-01T00:00:00",
  "not_after": "2025-03-01T00:00:00",
  "days_remaining": 89,
  "san": ["cloudflare.com", "*.cloudflare.com"]
}
GET /v1/threat/{domain} URLhaus threat intelligence lookup 
{
  "domain": "example.com",
  "malware_urls": 0,
  "threat_tags": [],
  "threat_status": "clean",
  "summary": "No threats found in URLhaus"
}
GET /v1/ip/{ip} IP intelligence — geolocation, ports, reputation 
{
  "ip": "8.8.8.8",
  "ptr": "dns.google",
  "geo": {
    "country": "US",
    "city": "Mountain View",
    "org": "Google LLC"
  },
  "ports": [53, 443],
  "hostnames": ["dns.google"],
  "reputation": {
    "score": 0,
    "categories": []
  }
}
GET /v1/tech/{domain} Technology fingerprinting — CMS, frameworks, CDN 
{
  "domain": "shopify.com",
  "technologies": [
    {"name": "Cloudflare", "category": "CDN", "confidence": 100},
    {"name": "Ruby on Rails", "category": "Framework", "confidence": 80},
    {"name": "Nginx", "category": "Web Server", "confidence": 90}
  ]
}
GET /v1/asn/{target} ASN lookup — network operator, IP prefixes 
{
  "asn": 13335,
  "holder": "CLOUDFLARENET - Cloudflare, Inc.",
  "prefixes_v4": ["104.16.0.0/20", "172.64.0.0/13"],
  "prefixes_v6": ["2606:4700::/32"],
  "resolved_from": "cloudflare.com"
}
GET /v1/email/mx/{domain} Email security — MX, SPF, DMARC, DKIM, provider detection 
{
  "domain": "google.com",
  "provider": "Google Workspace",
  "mx_records": ["smtp.google.com"],
  "spf": {
    "record": "v=spf1 include:_spf.google.com ~all",
    "valid": true
  },
  "dmarc": {
    "record": "v=DMARC1; p=reject",
    "policy": "reject"
  },
  "grade": "B",
  "score": 80
}
GET /v1/email/disposable/{email} Disposable email provider detection 
{
  "email": "test@tempmail.com",
  "disposable": true,
  "domain": "tempmail.com",
  "risk": "high"
}
GET /v1/email/verify/{email} Combined email validation: syntax + MX + disposable + role + free-provider (no SMTP probe) 
{
  "email": "admin@gmail.com",
  "syntax_valid": true,
  "role_address": true,
  "free_provider": true
}
GET /v1/email/security-posture/{domain} SPF / DKIM / DMARC posture — 0-100 score, A+/A/B/C/D/F grade, remediation findings 
{
  "domain": "github.com",
  "score": 95,
  "grade": "A",
  "spf": { "present": true, "all_mechanism": "-all" },
  "dmarc": { "policy": "reject" },
  "dkim": { "selectors_tested": 2 }
}
GET /v1/robots/{domain} Parsed robots.txt — sitemaps, per-UA allow/disallow, crawl-delay (RFC 9309) 
{
  "domain": "github.com",
  "status_code": 200,
  "sitemaps": ["https://github.com/sitemap.xml"],
  "user_agents": { "*": { ... } }
}
GET /v1/redirect/{url:path} Walk a URL's redirect chain hop-by-hop, SSRF-guarded at every hop 
{
  "start_url": "https://bit.ly/3xyz",
  "final_url": "https://example.com/",
  "hop_count": 2,
  "loop_detected": false
}
GET /v1/brand/{domain} Public brand assets from homepage <head>: favicon, og:image, theme-color, JSON-LD logo 
{
  "domain": "stripe.com",
  "favicon_url_untrusted": "https://stripe.com/favicon.ico",
  "og_image_url_untrusted": "https://stripe.com/og.png",
  "site_name_untrusted": "Stripe"
}
GET /v1/seo/{domain} One-page SEO audit + 0-100 composite score (10 rules) + concrete missing_signals 
{
  "domain": "example.com",
  "score": 85,
  "h1_count": 1,
  "missing_signals": ["meta_description_length_off"]
}
GET /v1/phone/{number} Phone number validation — carrier, type, location 
{
  "number": "+14155552671",
  "valid": true,
  "country": "US",
  "region": "California",
  "carrier": "",
  "line_type": "fixed_line_or_mobile",
  "timezone": "America/Los_Angeles"
}
GET /v1/username/{username} Username OSINT — check 16 platforms 
{
  "username": "torvalds",
  "total_found": 7,
  "platforms": [
    {"name": "github", "exists": true, "url": "https://github.com/torvalds"},
    {"name": "reddit", "exists": true, "url": "https://reddit.com/user/torvalds"},
    {"name": "keybase", "exists": true, "url": "https://keybase.io/torvalds"}
  ]
}
GET /v1/archive/{domain} Wayback Machine archive history 
{
  "domain": "example.com",
  "first_snapshot": {
    "date": "1997-01-01",
    "url": "https://web.archive.org/web/19970101/http://example.com"
  },
  "last_snapshot": {
    "date": "2026-04-01",
    "url": "https://web.archive.org/web/20260401/http://example.com"
  },
  "total_snapshots": 125000
}
GET /v1/scan/headers/{domain} Live HTTP security header scan 
{
  "domain": "contrastcyber.com",
  "headers_present": [
    "Strict-Transport-Security",
    "X-Frame-Options",
    "X-Content-Type-Options",
    "Content-Security-Policy",
    "Referrer-Policy",
    "Permissions-Policy"
  ],
  "headers_missing": [],
  "score": 100,
  "grade": "A"
}

CVE Intelligence

GET /v1/cve/{cve_id} CVE details — CVSS, EPSS, KEV, affected products 
{
  "cve_id": "CVE-2024-3094",
  "description": "Malicious code in xz/liblzma 5.6.0-5.6.1",
  "cvss_score": 10.0,
  "cvss_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
  "epss": {
    "score": 0.85,
    "percentile": 0.99
  },
  "kev": true,
  "severity": "CRITICAL"
}
POST /v1/cves/bulk Bulk CVE lookup — up to 10 (free) or 50 (pro), 1 credit each 
{
  "count": 3,
  "results": [
    {"cve_id": "CVE-2024-3094", "cvss_score": 10.0, "kev": true},
    {"cve_id": "CVE-2021-44228", "cvss_score": 10.0, "kev": true},
    {"cve_id": "CVE-2014-0160", "cvss_score": 7.5, "kev": false}
  ]
}
GET /v1/exploit/{cve_id} Public exploits and PoC code for a CVE 
{
  "cve_id": "CVE-2024-3094",
  "total_count": 21,
  "exploits": [
    {
      "source": "GitHub Advisory",
      "title": "xz-utils backdoor",
      "url": "https://github.com/advisories/GHSA-rxwq-x6h5-x525",
      "published_date": "2024-03-29"
    }
  ]
}
GET /v1/cve/{cve_id}/risk_score Composite risk score — CVSS+EPSS+KEV+PoC fusion with multiplicative boosters 
{
  "cve_id": "CVE-2021-44228",
  "score": 100.0,
  "label": "CRITICAL",
  "urgency": "Patch immediately — actively exploited (CISA KEV).",
  "has_public_poc": true,
  "components": {
    "cvss_v3": 10.0,
    "epss_score": 0.95,
    "in_kev": true,
    "has_public_poc": true
  },
  "boosters_applied": ["kev_with_public_poc", "critical_severity_high_epss"],
  "recommendation": "Active exploitation confirmed by CISA — apply the vendor patch now and review intrusion telemetry for the affected service."
}
GET /v1/cvss/details?vector= Parse a CVSS v3.x vector string into per-metric breakdown + recomputed base score 
{
  "version": "3.1",
  "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "base_score": 9.8,
  "base_severity": "CRITICAL",
  "metrics": {
    "attack_vector": "NETWORK",
    "attack_complexity": "LOW",
    "privileges_required": "NONE",
    "user_interaction": "NONE",
    "scope": "UNCHANGED",
    "confidentiality_impact": "HIGH",
    "integrity_impact": "HIGH",
    "availability_impact": "HIGH"
  }
}
GET /v1/kev/{cve_id} CISA KEV detail — federal patch deadline, required action, ransomware association, CWE list 
{
  "cve_id": "CVE-2021-44228",
  "vendor_project": "Apache",
  "product": "Log4j2",
  "vulnerability_name": "Apache Log4j2 Remote Code Execution Vulnerability",
  "date_added": "2021-12-10",
  "due_date": "2021-12-24",
  "required_action": "Apply updates per vendor instructions.",
  "known_ransomware_use": true,
  "cwes": ["CWE-20", "CWE-400", "CWE-502"],
  "next_calls": [
    {"tool": "cve_lookup", "input": "CVE-2021-44228"},
    {"tool": "cwe_lookup", "input": "CWE-502"}
  ]
}
GET /v1/cwe/{cwe_id} MITRE CWE catalog (research view 1000) — description, mitigations, parent/child weakness chain, CVE count 
{
  "cwe_id": "CWE-79",
  "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
  "abstract_type": "Base",
  "status": "Stable",
  "likelihood": "High",
  "parent_cwe": "CWE-74",
  "child_cwes": ["CWE-80", "CWE-81", "CWE-83"],
  "mitigations": ["PHASE: Architecture and Design DESCRIPTION: Use a vetted library or framework..."],
  "cve_count": 43011
}

MITRE ATLAS (AI/ML Threats)

GET /v1/atlas/{technique_id} ATLAS technique lookup — adversarial ML/LLM attack catalog ({{ atlas_technique_count }} techniques) 
{
  "technique_id": "AML.T0051",
  "name": "LLM Prompt Injection",
  "tactics": ["AML.TA0011"],
  "maturity": "realized",
  "attack_reference_id": null,
  "description": "An adversary may craft malicious prompts as inputs to an LLM...",
  "next_calls": [
    {"tool": "atlas_case_study_search", "input": "prompt injection"}
  ]
}
GET /v1/atlas/case-studies/{case_study_id} Real-world ML attack case study ({{ atlas_case_study_count }} entries) 
{
  "case_study_id": "AML.CS0009",
  "name": "ChatGPT Plugin Privacy Leak",
  "techniques_used": ["AML.T0051", "AML.T0054"],
  "description": "A researcher demonstrated indirect prompt injection..."
}

MITRE D3FEND (Defense Mapping)

GET /v1/d3fend/{defense_id} Defense technique lookup — {{ d3fend_defense_count }} defenses mapped to ATT&CK 
{
  "defense_id": "TokenBinding",
  "label": "Token Binding",
  "tactic": "Harden",
  "parent_label": "Credential Hardening",
  "attack_techniques": ["T1550.001", "T1539"],
  "description": "Cryptographically binds tokens to a specific TLS session..."
}
GET /v1/d3fend/attack/{attack_technique_id} Reverse lookup — defenses for an ATT&CK technique (e.g. T1059) 
{
  "attack_technique_id": "T1059",
  "total": 15,
  "truncated": true,
  "coverage_by_tactic": {"Harden": 4, "Detect": 8, "Isolate": 3},
  "defenses": [
    {"defense_id": "ContentFiltering", "label": "Content Filtering", "tactic": "Harden"}
  ]
}
POST /v1/d3fend/coverage Batch coverage map — defenses across multiple ATT&CK techniques 
{
  "queried_techniques": ["T1059", "T1190", "T1078"],
  "defended_techniques": ["T1059", "T1190"],
  "undefended_techniques": ["T1078"],
  "coverage_by_tactic": {
    "Harden": 7,
    "Detect": 12,
    "Isolate": 4
  }
}

Sigma Detection Rules

GET /v1/sigma/{rule_id} Lookup Sigma rule by UUID — full detection logic + tags (SigmaHQ corpus, ~3,200 rules) 
{
  "rule": {
    "rule_id": "195e1b9d-...",
    "title": "Suspicious Powershell Process Creation",
    "status": "stable",
    "level": "high",
    "tags": ["attack.t1059"],
    "logsource": {"product": "windows"}
  }
}

Threat Intelligence

GET /v1/threat-report/{ip} IP threat report — Shodan + AbuseIPDB + ASN + enrichment (4 credits) 
{
  "ip": "8.8.8.8",
  "threat_level": "none",
  "summary": "IP 8.8.8.8 · AS15169 · 2 open ports · threat level: none",
  "enrichment": {"ports": [53, 443], "vulns": []},
  "abuseipdb": {"abuse_score": 0},
  "asn": {"asn": 15169}
}
GET /v1/ioc/{indicator} IOC enrichment — ThreatFox, URLhaus, Feodo 
{
  "indicator": "8.8.8.8",
  "type": "ip",
  "found": false,
  "threat_type": null,
  "malware_family": null,
  "tags": [],
  "confidence": null,
  "source": "abuse.ch",
  "references": []
}
POST /v1/iocs/bulk Bulk IOC enrichment — up to 10 (free) or 50 (pro), 1 credit each 
{
  "count": 3,
  "summary": "All 3 indicators processed",
  "results": [
    {"indicator": "8.8.8.8", "type": "ip", "found": false},
    {"indicator": "1.1.1.1", "type": "ip", "found": false},
    {"indicator": "malware.example.com", "type": "domain", "found": false}
  ]
}
GET /v1/hash/{file_hash} File hash malware lookup — MalwareBazaar 
{
  "file_hash": "d41d8cd98f00b204e9800998ecf8427e",
  "found": false,
  "malware_family": null,
  "file_type": null,
  "file_size": null,
  "tags": [],
  "first_seen": null,
  "last_seen": null,
  "signature": null
}
GET /v1/password/{sha1_hash} Password breach check — Have I Been Pwned (k-anonymity) 
{
  "found": true,
  "count": 52256179
}
GET /v1/phishing/{url} Phishing/malware URL check — URLhaus 
{
  "url": "https://example.com/login",
  "found": false,
  "threat_type": "none",
  "status": null,
  "tags": [],
  "date_added": null,
  "source": "URLhaus"
}

Code Security

POST /v1/check/secrets Scan code for hardcoded secrets and API keys 
{
  "total": 3,
  "by_severity": {
    "CRITICAL": 1,
    "HIGH": 2,
    "MEDIUM": 0,
    "LOW": 0
  },
  "findings": [
    {
      "severity": "CRITICAL",
      "type": "AWS Access Key",
      "line_number": 1,
      "matched_text": "EXAMPLE_KEY_NOT_REAL",
      "recommendation": "Remove and rotate this AWS access key immediately"
    }
  ]
}
POST /v1/check/injection Detect SQL/command injection vulnerabilities 
{
  "total": 3,
  "by_severity": {
    "CRITICAL": 0,
    "HIGH": 3,
    "MEDIUM": 0,
    "LOW": 0
  },
  "findings": [
    {
      "severity": "HIGH",
      "type": "SQL Injection",
      "line_number": 1,
      "matched_text": "SELECT * FROM users WHERE id = \" + user_input",
      "recommendation": "Use parameterized queries instead of string concatenation"
    }
  ]
}
POST /v1/check/dependencies Check packages for CVEs (free 10, pro 50 per request) 
{
  "total": 2,
  "by_severity": {
    "critical": 1,
    "high": 1
  },
  "summary": "Found 2 CVEs across 2 of 3 packages (1 critical, 1 high)",
  "findings": [
    {
      "package": "openssl",
      "version": "3.0.0",
      "cve_id": "CVE-2023-0286",
      "severity": "high",
      "cvss_v3": 7.4,
      "in_kev": false
    }
  ]
}