API Resources

GET
/v3/index/{index}/cursor

Retrieve an unlimited paginated list of all documents from the index of your choice. By default, a maximum of 100 documents are shown per page.

Path Parameters

indexrequired
string

Name of an Exploit, Vulnerability, or IP Intelligence index

Query Parameters for All Indexes

cursor
string

Specify the cursor value to page with.

Example Requests

Exploits

curl --request GET \
    --url https://api.vulncheck.com/v3/index/exploits/cursor \
    --header "Accept: application/json" \
    --header 'Authorization: Bearer insert_token_here'

Response

{
  "_benchmark": 0.092906,
  "_meta": {
    "timestamp": "2024-02-23T18:08:24.8902244Z",
    "index": "exploits",
    "limit": 100,
    "total_documents": 79387,
    "sort": "_timestamp",
    "parameters": [
      {
        "name": "cve",
        "format": "CVE-YYYY-N{4-7}"
      },
      {
        "name": "alias"
      },
      {
        "name": "iava",
        "format": "[0-9]{4}[A-Z-0-9]+"
      },
      {
        "name": "threat_actor"
      },
      {
        "name": "mitre_id"
      },
      {
        "name": "misp_id"
      },
      {
        "name": "ransomware"
      },
      {
        "name": "botnet"
      },
      {
        "name": "published"
      },
      {
        "name": "lastModStartDate",
        "format": "YYYY-MM-DD"
      },
      {
        "name": "lastModEndDate",
        "format": "YYYY-MM-DD"
      },
      {
        "name": "pubStartDate",
        "format": "YYYY-MM-DD"
      },
      {
        "name": "pubEndDate",
        "format": "YYYY-MM-DD"
      }
    ],
    "order": "desc",
    "next_cursor": "MjAyNC0wMi0yM1QxNToxNTo1N1o="
  },
  "data": [
    {
      "id": "CVE-2024-1709",
      "public_exploit_found": true,
      "commercial_exploit_found": false,
      "weaponized_exploit_found": true,
      "max_exploit_maturity": "weaponized",
      "reported_exploited": true,
      "reported_exploited_by_threat_actors": true,
      "reported_exploited_by_ransomware": true,
      "reported_exploited_by_botnets": false,
      "inKEV": true,
      "inVCKEV": true,
      "timeline": {
        "nvd_published": "2024-02-21T16:15:00Z",
        "nvd_last_modified": "2024-02-23T02:00:00Z",
        "first_exploit_published": "2024-02-20T00:00:00Z",
        "most_recent_exploit_published": "2024-02-22T00:00:00Z",
        "first_reported_threat_actor": "2024-02-20T00:00:00Z",
        "most_recent_reported_threat_actor": "2024-02-21T00:00:00Z",
        "first_reported_ransomware": "2024-02-22T00:00:00Z",
        "most_recent_reported_ransomware": "2024-02-22T00:00:00Z",
        "cisa_kev_date_added": "2024-02-22T00:00:00Z",
        "cisa_kev_date_due": "2024-02-29T00:00:00Z",
        "vulncheck_kev_date_added": "2024-02-20T00:00:00Z",
        "vulncheck_kev_date_due": "2024-02-29T00:00:00Z"
      },
      "trending": {
        "github": false
      },
      "epss": {
        "epss_score": 0.93461,
        "epss_percentile": 0.99017,
        "last_modified": "2024-02-23T10:38:36.110896Z"
      },
      "counts": {
        "exploits": 7,
        "threat_actors": 1,
        "botnets": 0,
        "ransomware_families": 1
      },
      "exploits": [
        {
          "url": "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2",
          "name": "Detection Guidance for ConnectWise CVE-2024-1709",
          "refsource": "blogs",
          "date_added": "2024-02-20T00:00:00Z",
          "exploit_maturity": "poc",
          "exploit_availability": "privately-available"
        },
        {
          "url": "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass",
          "name": "A Catastrophe For Control: Understanding the ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)",
          "refsource": "blogs",
          "date_added": "2024-02-21T00:00:00Z",
          "exploit_maturity": "poc",
          "exploit_availability": "publicly-available"
        },
        {
          "url": "https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/",
          "name": "ConnectWise ScreenConnect: Authentication Bypass Deep Dive",
          "refsource": "blogs",
          "date_added": "2024-02-21T00:00:00Z",
          "exploit_maturity": "poc",
          "exploit_availability": "publicly-available"
        },
        {
          "url": "https://www.logpoint.com/en/blog/emerging-threats/screenconnect-authentication-bypass/",
          "name": "Unveiling the ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)",
          "refsource": "blogs",
          "date_added": "2024-02-22T00:00:00Z",
          "exploit_maturity": "poc",
          "exploit_availability": "publicly-available"
        },
        {
          "url": "https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE",
          "name": "W01fh4cker/ScreenConnect-AuthBypass-RCE exploit repository",
          "refsource": "github-exploits",
          "date_added": "2024-02-21T00:00:00Z",
          "exploit_maturity": "poc",
          "exploit_availability": "publicly-available",
          "exploit_type": "initial-access",
          "reference_url": "https://raw.githubusercontent.com/W01fh4cker/ScreenConnect-AuthBypass-RCE/main/ScreenConnect-AuthBypass-RCE.py",
          "clone_ssh_url": "git@github.com:W01fh4cker/ScreenConnect-AuthBypass-RCE.git",
          "clone_ssh_url_cached": "git@git.vulncheck.com:github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE.git"
        },
        {
          "url": "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc",
          "name": "watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc exploit repository",
          "refsource": "github-exploits",
          "date_added": "2024-02-21T00:00:00Z",
          "exploit_maturity": "poc",
          "exploit_availability": "publicly-available",
          "exploit_type": "initial-access",
          "reference_url": "https://raw.githubusercontent.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc/main/watchtowr-vs-ConnectWise_2024-02-21.py",
          "clone_ssh_url": "git@github.com:watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc.git",
          "clone_ssh_url_cached": "git@git.vulncheck.com:github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc.git"
        },
        {
          "url": "https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2024/CVE-2024-1709.yaml",
          "name": "ConnectWise ScreenConnect 23.9.7 - Authentication Bypass",
          "refsource": "nuclei-templates",
          "date_added": "2024-02-21T00:00:00Z",
          "exploit_maturity": "poc",
          "exploit_availability": "publicly-available"
        }
      ],
      "reported_exploitation": [
        {
          "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
          "name": "ConnectWise ScreenConnect Authentication Bypass Vulnerability",
          "refsource": "cisa-kev",
          "date_added": "2024-02-22T00:00:00Z"
        },
        {
          "url": "https://dashboard.shadowserver.org/statistics/honeypot/map/?day=2024-02-21&host_type=src&vulnerability=cve-2024-1709",
          "name": "ScreenConnect (CVE-2024-1709)",
          "refsource": "shadowserver-exploited",
          "date_added": "2024-02-21T00:00:00Z"
        },
        {
          "url": "https://dashboard.shadowserver.org/statistics/honeypot/map/?day=2024-02-22&host_type=src&vulnerability=cve-2024-1709",
          "name": "ScreenConnect (CVE-2024-1709)",
          "refsource": "shadowserver-exploited",
          "date_added": "2024-02-22T00:00:00Z"
        },
        {
          "url": "https://infosec.exchange/@SophosXOps/111975043941611370",
          "name": "LockBit",
          "refsource": "vulncheck-ransomware",
          "date_added": "2024-02-22T00:00:00Z"
        },
        {
          "url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8",
          "name": "Unattributed",
          "refsource": "vulncheck-threat-actors",
          "date_added": "2024-02-20T00:00:00Z"
        },
        {
          "url": "https://www.rapid7.com/blog/post/2024/02/20/etr-high-risk-vulnerabilities-in-connectwise-screenconnect/",
          "name": "Unattributed",
          "refsource": "vulncheck-threat-actors",
          "date_added": "2024-02-21T00:00:00Z"
        }
      ],
      "date_added": "2024-02-20T00:00:00Z",
      "_timestamp": "2024-02-23T18:00:12.192906Z"
    }
  ]
}

Using the Cursor Parameter

Exploits

curl --request GET \
     --url "https://api.vulncheck.com/v3/index/exploits/cursor?cursor=MjAyNC0wMi0yM1QxNToxNTo1N1o=" \
     --header "Accept: application/json" \
     --header "Authorization: Bearer insert_token_here"

Response

{
  "_benchmark": 0.070311,
  "_meta": {
    "timestamp": "2024-02-23T18:16:37.281993511Z",
    "index": "exploits",
    "limit": 100,
    "total_documents": 79387,
    "sort": "_timestamp",
    "parameters": [
      {
        "name": "cve",
        "format": "CVE-YYYY-N{4-7}"
      },
      {
        "name": "alias"
      },
      {
        "name": "iava",
        "format": "[0-9]{4}[A-Z-0-9]+"
      },
      {
        "name": "threat_actor"
      },
      {
        "name": "mitre_id"
      },
      {
        "name": "misp_id"
      },
      {
        "name": "ransomware"
      },
      {
        "name": "botnet"
      },
      {
        "name": "published"
      },
      {
        "name": "lastModStartDate",
        "format": "YYYY-MM-DD"
      },
      {
        "name": "lastModEndDate",
        "format": "YYYY-MM-DD"
      },
      {
        "name": "pubStartDate",
        "format": "YYYY-MM-DD"
      },
      {
        "name": "pubEndDate",
        "format": "YYYY-MM-DD"
      }
    ],
    "order": "desc",
    "cursor": "MjAyNC0wMi0yM1QxNToxNTo1N1o=",
    "next_cursor": "MjAyNC0wMi0yM1QxMjoyOTo1OVo="
  },
  "data": [
    {
      "id": "CVE-2010-0031",
      "public_exploit_found": false,
      "commercial_exploit_found": true,
      "weaponized_exploit_found": true,
      "max_exploit_maturity": "weaponized",
      "reported_exploited": false,
      "reported_exploited_by_threat_actors": false,
      "reported_exploited_by_ransomware": false,
      "reported_exploited_by_botnets": false,
      "inKEV": false,
      "inVCKEV": false,
      "timeline": {
        "nvd_published": "2010-02-10T18:30:00Z",
        "nvd_last_modified": "2018-10-12T21:56:00Z",
        "first_exploit_published": "2010-02-12T00:00:00Z",
        "first_exploit_published_weaponized_or_higher": "2010-02-12T00:00:00Z",
        "most_recent_exploit_published": "2010-03-04T00:00:00Z"
      },
      "trending": {
        "github": false
      },
      "epss": {
        "epss_score": 0.88608,
        "epss_percentile": 0.98592,
        "last_modified": "2024-02-22T09:44:17.604920Z"
      },
      "counts": {
        "exploits": 2,
        "threat_actors": 0,
        "botnets": 0,
        "ransomware_families": 0
      },
      "exploits": [
        {
          "url": "https://www.coresecurity.com/core-labs/exploits",
          "name": "Microsoft PowerPoint OEPlaceholderAtom Record Invalid Index Exploit (MS10-004) Update",
          "refsource": "coreimpact",
          "date_added": "2010-03-04T00:00:00Z",
          "exploit_maturity": "weaponized",
          "exploit_availability": "commercially-available"
        },
        {
          "url": "https://my.saintcorporation.com/cgi-bin/exploit_info/powerpoint_oeplaceholderatom_placementid",
          "name": "Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption",
          "refsource": "saint",
          "date_added": "2010-02-12T00:00:00Z",
          "exploit_maturity": "weaponized",
          "exploit_availability": "commercially-available"
        }
      ],
      "date_added": "2010-02-12T00:00:00Z",
      "_timestamp": "2024-02-23T15:15:26.77336Z"
    }
  ]
}