As the world's leading cyber threat service, we provide API & Webhook solutions to our customers. If you need to customize your notifications or process data for your own projects, we will proud of being a part of your excellent jobs.
You can use our API & Webhook for lots of purposes:
What is the Difference Between API and Webhook?
API is a page that prints the output of our database records. You can filter your queries and search our database.
Webhook is an automated communication mechanism, our bots will send a POST request to your server when a new cyber threat detected. So, you can process the data however you want.
You need to check our API regularly to learn the last threats, but if you use Webhook solution, our system automatically will send you last threats.
How to Use API?
We have 4 parameters for API and it will generate a JSON output when you entered parameters.
Parameter | Type | Description | Usage |
---|---|---|---|
api_key | required | User authorization | ?api_key=<ACCOUNT_API_KEY> |
product | optional | List entered product only | &product=<PRODUCT> |
limit | optional | Limit records count | &limit=<COUNT> |
list | optional | List all threats in database | &list=all |
?api_key is required and other parameters are optional. You can find your API key in the dashboard by following "Edit Profile > API & Webhook" tab.
API Examples
Output:
{"records":109,"threats":[{"threat_id":"3237","product":"VMWare","cve":"CVE-2020-3948","source":"ZeroDayInitiative","date":"2020-03-13 18:32:12 (UTC)","advisory":"https:\/\/www.zerodayinitiative.com\/advisories\/ZDI-20-299"},{"threat_id":"3116","product":"webmail","cve":"CVE-2020-8865","source":"PacketStorm","date":"2020-03-12 20:27:06 (UTC)","advisory":"https:\/\/packetstormsecurity.com\/files\/156699\/Horde-Groupware-Webmail-Edition-5.2.22-PHP-File-Inclusion.html"},{"threat_id":"2698","product":"WordPress","cve":"CVE-2020-9371","source":"Exploit-DB","date":"2020-03-12 06:26:13 (UTC)","advisory":"https:\/\/www.exploit-db.com\/exploits\/48204"} ...
Output:
{"records":41,"threats":[{"threat_id":"3396","product":"WordPress","cve":"CVE-2020-10564","source":"NVD\/NIST","date":"2020-03-13 23:18:07 (UTC)","advisory":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-10564"},{"threat_id":"2750","product":"WordPress","cve":"NO-CVE","source":"0day.today","date":"2020-03-12 10:09:06 (UTC)","advisory":"http:\/\/0day.today\/exploits\/34083"},{"threat_id":"2698","product":"WordPress","cve":"CVE-2020-9371","source":"Exploit-DB","date":"2020-03-12 06:26:13 (UTC)","advisory":"https:\/\/www.exploit-db.com\/exploits\/48204"} ...
Output:
{"records":59,"threats":[{"threat_id":"3629","product":"windows","cve":"CVE-2020-9290","source":"NVD\/NIST","date":"2020-03-15 22:19:04 (UTC)","advisory":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-9290"},{"threat_id":"3590","product":"Windows","cve":" CVE-2020-0796 ","source":"CXSecurity","date":"2020-03-15 16:18:11 (UTC)","advisory":"https:\/\/cxsecurity.com\/issue\/WLB-2020030071"},{"threat_id":"3544","product":"windows","cve":"CVE-2020-0796","source":"PacketStorm","date":"2020-03-15 14:01:47 (UTC)","advisory":"https:\/\/packetstormsecurity.com\/files\/156731\/CoronaBlue-SMBGhost-Microsoft-Windows-10-SMB-3.1.1-Proof-Of-Concept.html"} ...
Output:
{"records":2,"threats":[{"threat_id":"3629","product":"windows","cve":"CVE-2020-9290","source":"NVD\/NIST","date":"2020-03-15 22:19:04 (UTC)","advisory":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-9290"},{"threat_id":"3590","product":"Windows","cve":" CVE-2020-0796 ","source":"CXSecurity","date":"2020-03-15 16:18:11 (UTC)","advisory":"https:\/\/cxsecurity.com\/issue\/WLB-2020030071"}]}
How to Use Webhook?
You can configure Webhook in dashboard while adding your products or following by "My Products" tab.
If you select "Customizable Notification & API" option as your alert channel, you can see your API key and an option to enable Webhook feature. After you enabled Webhook, you need to enter your website where we will post the data to.
Meanwhile, you have to verify that its really your website. So, click the Click and Download text. It will generate a randomly named HTML file for you and you need to upload this file to your website's root directory directly. So, our systems will check this URL and validate this website if you correctly uploaded file. Don't change filename and upload to root directory directly:
If everything is okay, you will get a POST request for each threat alert. Example request:
POST /vullnerability/capture.php HTTP/1.1
Host: example.com
Accept: */*
Content-Length: 150
Content-Type: application/json
User-Agent: VULLNERABILITY.COM - Threat Alert Bot
X-Contact-Us: [email protected]
X-Security-Code: 15036177a150f01ea3off2da051f3ic0
{"product":"VMWare","cve":"CVE-2020-3948","source":"ZeroDayInitiative","date":"13-03-2020 18:32:12","advisory":"https:\/\/www.zerodayinitiative.com\/advisories\/ZDI-20-299"}
X-Security-Code is an unique code for your account. You can validate requests according to X-Security-Code header value and source IP address.
Last edited: Mar 30, 2020