VulnCheck IP Intelligence includes tracking of potentially vulnerable systems that may be targeted by initial access exploits as well as tracking of command & control (C2) attacker infrastructure and honeypots.
VulnCheck IP Intelligence makes it easy to query our IP data set with a number of API query parameters, useful for filtering the results. Supported API query parameters are as follows:
| Query Parameter | Description |
|---|---|
| asn | Filter based on ASN: e.g., "AS719" |
| cidr | Filter based on IP address or range: e.g., "165.227.231.125" |
| country | Filter based on country_code: e.g., "Australia" |
| country_code | Filter based on country_code: e.g., "AU" |
| hostname | Filter based on keyword or FQDN: e.g., "google" or "amazonaws.com" |
| id | Filter based on supported detection types: e.g., "c2", "honeypot", or "initial-access" |
VulnCheck IP Intelligence supports a wide range of use cases.
By combining two of the API query parameters (Country and ID) we can quickly zoom in one Command & Control (C2) detections in a given geography -- in this case, Sweden.
curl --request GET \
--url https://api.vulncheck.com/v3/index/ipintel-3d?id=c2&country=Sweden \
--header 'Accept: application/json' \
--header 'Authorization: Bearer insert_token_here'
package main
import (
"encoding/json"
"fmt"
"log"
"github.com/vulncheck-oss/sdk-go"
)
func main() {
client := sdk.Connect("https://api.vulncheck.com", "insert_token_here")
response, err := client.GetIndexIpintel3d(sdk.IndexQueryParameters{
Country: "Sweden",
ID: "c2",
})
if err != nil {
panic(err)
}
prettyJSON, err := json.MarshalIndent(response.Data, "", " ")
if err != nil {
log.Fatalf("Failed to generate JSON: %v", err)
return
}
fmt.Println(string(prettyJSON))
}
import vulncheck_sdk
configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"
with vulncheck_sdk.ApiClient(configuration) as api_client:
indices_client = vulncheck_sdk.IndicesApi(api_client)
api_response = indices_client.index_ipintel3d_get(id="c2", country="Sweden")
print(api_response)
vulncheck index browse ipintel-3d --id c2 --country Sweden
| Offline Backup | Description |
|---|---|
| ipintel-3d | IP Intelligence detections for the past 3 days |
| ipintel-10d | IP Intelligence detections for the past 10 days |
| ipintel-30d | IP Intelligence detections for the past 30 days |
| ipintel-90d | IP Intelligence detections for the past 90 days |
To request a specific offline backup, simply call /v3/backup/:index as follows (ipintel-3d shown below):
curl --request GET \
--url https://api.vulncheck.com/v3/backup/ipintel-3d \
--header 'Accept: application/json' \
--header 'Authorization: Bearer insert_token_here'
package main
import (
"fmt"
"github.com/vulncheck-oss/sdk-go"
)
func main() {
client := sdk.Connect("https://api.vulncheck.com", "insert_token_here")
response, err := client.GetIndexBackup("ipintel-3d")
if err != nil {
panic(err)
}
fmt.Println(response.Urls())
}
import vulncheck_sdk
configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"
with vulncheck_sdk.ApiClient(configuration) as api_client:
endpoints_client = vulncheck_sdk.EndpointsApi(api_client)
api_response = endpoints_client.backup_index_get("ipintel-3d")
print(api_response.data[0].url)
vulncheck backup download ipintel-3d