Initial Access Intelligence

Fetch Detection Artifacts

To download the latest available detection artifacts, VulnCheck Initial Access Intelligence detection artifacts are available via git, backup file, and API.

VulnCheck Initial Access Intelligence provides in-house developed exploit PoCs, packet captures, and Suricata signatures to defend against initial access vulnerabilities.

VulnCheck tracks initial access vulnerabilities, remote code execution vulnerabilities that do not require authentication, and authors detection artifacts to help organizations defend against weaponized exploits for those vulnerabilities. VulnCheck Initial Access Intelligence provides these detection artifacts in timely manner, to help organizations author detections and defend themselves, during the unclear times of recent disclosures.

Generate SSH Keys

Learn how to generate VulnCheck SSH Keys for accessing VulnCheck Detection Artifacts.

Using Git

After setting up your SSH keys in the VulnCheck web portal and activating your paid subscription license to VulnCheck Initial Access Intelligence, simply leverage git clone, to get the latest detection artifacts available.

git clone git@git.vulncheck.com:vulncheck/initial-access.git

Using the Backup File

The Initial Access Git repository is also available as an unencrypted or encrypted backup file. The encrypted variants password is vulncheck.

Offline Backup	Description
initial-access-git	Initial Access Git repository is an offline backup
initial-access-git-encrypted	Initial Access Git repository is an offline password-protected backup

To request a specific offline backup, simply call /v3/backup/:index as follows (initial-access-git shown below):

curl --request GET \
    --url https://api.vulncheck.com/v3/backup/initial-access-git \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

package main

import (
    "fmt"

    "github.com/vulncheck-oss/sdk-go"
)

func main() {
    client := sdk.Connect("https://api.vulncheck.com", "insert_token_here")
    response, err := client.GetIndexBackup("initial-access-git")

    if err != nil {
        panic(err)
    }

    fmt.Println(response.Urls())
}

import vulncheck_sdk

configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"

with vulncheck_sdk.ApiClient(configuration) as api_client:
    endpoints_client = vulncheck_sdk.EndpointsApi(api_client)

    api_response = endpoints_client.backup_index_get("initial-access-git")

    print(api_response.data[0].url)

vulncheck backup download initial-access-git

Accessing Suricata and Snort Rules

VulnCheck offers API endpoints for quick and easy access to the Suricata and Snort rules. The following endpoints contain one rule on each line:

For example, to fetch the Suricata rules, call /v3/rules/initial-access/suricata as follows:

curl --request GET \
    --url https://api.vulncheck.com/v3/rules/initial-access/suricata \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

package main

import (
    "fmt"
    "github.com/vulncheck-oss/sdk-go"
)

func main() {
    client := sdk.Connect("https://api.vulncheck.com", "insert_token_here")
    response, err := client.GetRule("suricata")

    if err != nil {
        panic(err)
    }

    fmt.Println(response)
}

import vulncheck_sdk

configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"

with vulncheck_sdk.ApiClient(configuration) as api_client:
    endpoints_client = vulncheck_sdk.EndpointsApi(api_client)

    api_response = endpoints_client.rules_initial_access_type_get("suricata")

    print(api_response)

Example Initial Access Artifacts

Compile Exploit Code