ContrastAPI Plugin for Dify

Free security intelligence API with 29 tools — CVE/EPSS/KEV lookup, domain recon, threat
intelligence, IOC enrichment, code security, and OSINT. No API key required (100 requests/hour
free tier; 1,000/hour Pro).

Tools (29)

Domain Intelligence (10): , , , ,
, (orchestrated full audit), , ,
,

CVE Intelligence (4): , , , (up to
50 CVEs in one call)

Threat Intelligence / IOC (5): , (up to 50 indicators in one call),
, , (orchestrated IP threat report — Shodan + AbuseIPDB + ASN)

Network / OSINT (6): , , , , ,

Code Security (3): , ,

Authentication (1): — HIBP-style breach check. The plain-text password is
SHA-1 hashed inside the plugin process before any network call. The raw password never leaves
your machine.

Usage

1. Install the ContrastAPI plugin from the Dify Marketplace
2. No configuration needed — the API is free with a 100 requests/hour rate limit per IP
3. Add any tool to your workflow or agent

Privacy & Data Handling

• No query logging. Submitted domains, IPs, CVE IDs, file hashes, emails, phone numbers,
  usernames, and code are not stored. Only the endpoint category and a salted IP hash are logged
  for rate limiting.
• No API key required, so no identity binding for free-tier use.
• All upstream sources are public (NVD, EPSS, CISA KEV, Shodan InternetDB, abuse.ch, HIBP via
  k-anonymity, MalwareBazaar, etc.) — no opaque proprietary feeds.
• Verify in real time: returns every
  row our database has about you.

Full data-handling details: DATA_HANDLING.md [blocked].

Links

• API: https://api.contrastcyber.com
• Privacy: https://contrastcyber.com/privacy
• GitHub: https://github.com/UPinar/contrastapi
• MCP server: same 29 tools, available at