Vulners API update: download database in one click

Vulners development team added a new call to Vulners API v.3, which provides an easy way to export collections of security bulletins.

For example, to download all CVEs you need to

wget “https://vulners.com/api/v3/archive/collection/?type=cve” -O cve.zip

The result will be cve.zip with cve.json inside.

The same file can be downloaded with GUI at Stats tab

Vulners Stats

Moreover, with new API call you can download security bulletins for a particular OS version:

wget “https://vulners.com/api/v3/archive/distributive/?os=centos&version=6” -O centos.zip

It makes possible to get the data, which you won’t find anywhere else: the archives of exploits, hackerone history, all CentOS vulnerabilities, etc. This functionality might be useful if you want to make your own tools and data synchronization, if you already use some knowledge base.

No problem if you forgot “type” values. Just enter a nonexistent type, and you get a full list of available values:

https://vulners.com/api/v3/archive/collection/?type=FAKE

“Error”: “There is no type ‘FAKE’ Available collection types:. [ ‘Nessus’, ‘cve’, ‘exploitdb’, ‘xssed’, ‘zdt’, ‘hackapp’, ‘threatpost’, ‘redhat’, ‘debian’, ‘ubuntu’, ‘cert’, ‘metasploit’, ‘freebsd’, ‘zdi’, ‘oraclelinux’, ‘suse’, ‘centos’,’ cisco ‘,’ hackerone ‘,’ vulnerlab ‘,’ f5 ‘,’ mozilla ‘,’ ics’, ‘archlinux’, ‘ptsecurity’, ‘rdot’, ‘erpscan’, ‘huawei’, ‘xen’, ‘openssl’, ‘opera’, ‘vmware’, ‘wpvulndb’, ‘samba’, ‘postgresql’, ‘drupal’, ‘lenovo’, ‘msvr’, ‘paloalto’, ‘nginx’] “

It is also possible to obtain these results through the search queries. Unfortunately now it was not so easy, the maximum size for a single request is reduced from 10 000 to 500. It’s a forced measure, since the load on a server and the traffic volumes increased significantly.

Now we have a separation: search for the search, and archive/collection for content export.

Advertisements

Vulners API v.3 released

Vulners development team has released a major update for Vulners API. Automate your routine operations with vulners.com database easier and effectively than ever.

What’s new:

  • The most of Vulners API v.3 request are now use Get
  • New “search/id” request to view content of the bulletin by identifier
  • Requests for searching or viewing the content by id now support option “references = true”, which adds referenced objects to the results
  • Json output is now pretty-printed by default

All API methods: https://vulners.com/api/v3/
“Validateparam” contains all input parameters and types:

"lucene": [
        {
          "requireparam": {
            "parameters": [
              "query"
            ]
          }
        },
        {
          "validateparam": {
            "parameters": [
              {
                "skip": "int",
                "query": "str",
                "size": "int",
                "sort": "str"
              }
            ]
          }
        }
      ],

Examples:

Available fields and values: https://vulners.com/api/v3/search/suggest/?type=distinct&fieldName=type

{
  "data": [
    "nessus",
    "cve",
    "exploitdb",
    "xssed",
    "zdt",
...
    "lenovo",
    "msvr",
    "paloalto",
    "nginx"
  ],
  "result": "OK"
}

Vulners.com search query speed remains extremely high:

$ curl "https://vulners.com/api/v3/search/lucene/?query=type:centos&size=3&skip=2&references=true" -w %{time_connect}:%{time_starttransfer}:%{time_total}
...
],
"result": "OK"
}0,000:0,144:0,204

Average execution time is 35-45ms