Vulners search, how does it work and how to use it?

This guide aims to detail the functionalities of the Vulners Search via the API, paralleling its capabilities to those accessible through the Vulners Web Interface. This document is designed for technical users seeking a thorough understanding of our search mechanisms and how to leverage them using the API.

Introduction

Vulners aggregates a comprehensive database of vulnerabilities, exploits, threats, and security news relevant to software products. Users can leverage both basic and advanced search functionalities, including cross-referencing associated records and executing targeted searches for specific software versions and CPEs.

Three types of search in Vulners database

Vulners vulnerability database currently uses three types of searches.

Basic search

To become proficient in Vulners, begin with basic search and queries. Find information with a query like “Microsoft Exchange” or “Cisco AnyConnect”.

Basic search is designed for ease of use, similar to online shopping, where you can filter results with the parameters such as CVSS Basic Score, bulletin type, is it wild exploited, etc. This type of search is similar to shopping on eBay or Amazon. If you are unsure of what to enter, we have provided a selection of pre-made search queries, including Daily Hot, EPSS High Score, CVE Feed, and others.

These searches allow users to quickly access the vulnerability information they need in the most straightforward way without having to know a specific syntax.

Lucene Search

This was originally a standard Vulners database search, but due to the use of Lucene syntax and rules Vulners currently considers Lucene to be an advanced search, as some experience with Elastic-like searches is required. In this search it's possible to use typical logic such as OR, AND, NOT, to combine conditions based on different pieces of data.

This search is based on Lucene syntax:

• AND "apache" AND "vulnerabilities"
• OR "apache" OR "Lucene"
• NOT NOT type:"robot"
• Boolean Operators: (Lucene OR apache) AND website
• Special characters + - && || ! ( ) { } ^ " ~ * ? : \
• Range Searches status:[400 TO 499]

API Call:

Previously it was also mentioned how to make such the same calls via python wrapper in our docs:

• https://vulners.com/docs/api_reference/api_methods/#search-in-database
• https://vulners.com/docs/api_reference/api_methods/#public-available-exploits

POST /api/v3/search/lucene/

curl -X POST https://vulners.com/api/v3/search/lucene/ -H 'Content-Type: application/json' -d '{
  "query": "(affectedPackage.packageName:php*) OR (title:php* AND bulletinFamily:exploit) -type:openvas -type:nessus",
  "apiKey": "{API key}"
}'

Below are some basic examples for clarity:

• Software vulnerabilities that affect Chrome: affectedSoftware.name:"*Chrome*" OR affectedPackage.packageName:"*Chrome*" OR cnaAffected.product:"*Chrome*" OR product_info.product:"*Chrome*"

• Software vulnerabilities for exact version. Nginx from 1.1* version vulnerabilities: affectedSoftware.name:nginx AND affectedSoftware.version:1.1*

• Vulnerabilities for any libcurl packages: affectedPackage.packageName:libcurl*

• Search for php* vulnerabilities or php* exploits: (affectedPackage.packageName:php*) OR (title:php* AND bulletinFamily:exploit)

  Sometimes it would be better to filter some results and exclude results for some collections: (affectedPackage.packageName:php*) OR (title:php* AND bulletinFamily:exploit) -type:openvas -type:nessus Exploits with "F5" in title sorted by CVSS score: title:*f5* bulletinFamily:exploit order:cvss3.cvssV3.baseScore

Data Ranges

For example, a Vulners dashboard is collected with such queries. Let's see how you can collect information for a certain period of time:

• number of vulnerabilities added for Q2 in 2024: published:[2024-01-01 TO 2024-04-01] type:cve
• exploits added to vulners.com Q2 в 2023: published:[2023-04-01 TO 2023-07-01] bulletinFamily:exploit
• CVE в Q2 2023 у которых CVSS > 7: (cvss3.cvssV3.baseScore:[7 TO 10] OR cvss.score:[7 TO 10]) published:[2023-04-01 TO 2023-07-01] type:cve

Stay In the Loop

• Exploring VPN vulnerabilities: VPN AND bulletinFamily:NVD
• Nmap NSE scripts: type:nmap
• Most expensive publicly disclosed portswigger vulnerabilities: h1team.handle:portswigger order:bounty
• Microsoft is always in trend: Microsoft AND bulletinFamily:NVD

Play with scores

• Vulnerabilities without CVSS already exploited in the wild: type:cve AND enchantments.exploitation.wildExploited:* AND NOT cvss3.cvssV3.baseScore:* AND NOT cvss2.cvssV2.baseScore:*
• Microsoft vulnerabilities with CVSSv3 score in range 8 to 10 in CVE collection sorted by date: type:cve AND cvss3.cvssV3.baseScore:[8 TO *] AND "Microsoft"

Also, it’s possible to combine CVSS scores parameters: type:cve AND cvss3.cvssV3.baseScore:[8 TO *] AND cvss2.exploitabilityScore:[7 TO *] "Microsoft"

• Underestimated vulnerabilities: cvss3.cvssV3.baseScore:[0 TO 4] AND enchantments.score.value:[7 TO 10] AND bulletinFamily:NVD AND order:published AND viewCount:[200 TO *]
• Vulnerabilities with high AI score and without CVSSv3: type:cve AND enchantments.score.value:[7 TO 10] AND NOT cvss3.cvssV3.baseScore:* AND NOT cvss2.cvssV2.baseScore:*

By product

This type of search allows users to find vulnerabilities by specifying a software product and version. This search is particularly useful for retrieving all vulnerabilities associated with a specific Common Platform Enumeration (CPE) product and version. There are two primary ways to perform this search via the API: by software name or by CPE identifier.

Search by Software Name and Version

To search for vulnerabilities by specifying a software name and version, use the following API call. This method allows you to specify the type of vulnerabilities you're interested in and limit the number of results returned.

API Call:

POST /api/v3/burp/softwareapi/

curl -X POST https://vulners.com/api/v3/burp/softwareapi/ -H 'Content-Type: application/json' -d '{
  "software": "ivanti connect secure",
  "version": "22.3",
  "type": "software",
  "maxVulnerabilities": 10,
  "apiKey": "{API key}"
}'

In this example:

• software: The name of the software product.
• version: The specific version of the software.
• type: Indicates the search type, here it's software.
• maxVulnerabilities: Limits the number of vulnerabilities returned.
• apiKey: Vulners API key.

Search by CPE Identifier

To obtain all vulnerabilities for a specific CPE product and version, use the CPE identifier in your API call. This method provides accurate results because CPE identifiers are standardized.

API Call:

POST /api/v3/burp/softwareapi/

curl -X POST https://vulners.com/api/v3/burp/softwareapi/ -H 'Content-Type: application/json' -d '{
  "software": "cpe:/a:cybozu:garoon:4.2.1",
  "version": "4.2.1",
  "type": "cpe",
  "maxVulnerabilities": 50,
  "apiKey": "{API key}"
}'

In this example:

• software: The CPE identifier of the product.
• version: The specific version of the CPE product.
• type: Indicates the search type, here it's cpe.
• maxVulnerabilities: Limits the number of vulnerabilities returned.
• apiKey: Your activated API key.

Additional Parameters

Refine the search by using additional parameters to filter and sort the results. For example, sort vulnerabilities by CVSS score or filter by specific attributes.

Advanced API Call:

curl -X POST https://vulners.com/api/v3/burp/softwareapi/ -H 'Content-Type: application/json' -d '{
  "software": "cpe:/a:adobe:acrobat_reader:2020.009.20063",
  "version": "2020.009.20063",
  "type": "cpe",
  "maxVulnerabilities": 20,
  "filters": {
    "cvssScore": "[7 TO 10]",
    "bulletinFamily": "NVD"
  },
  "sort": "cvss3.cvssV3.baseScore:desc",
  "apiKey": "{API key}"
}'

In this example:

• filters: Additional filters applied to the search, such as cvssScore and bulletinFamily.
• sort: Sorts the results by a specified attribute, here by descending CVSSv3 score.

Supported Operating Systems

Use the following API call to retrieve the current list of supported operating systems for vulnerability scanning:

API Call:

GET api/v3/audit/getSupportedOS

curl -X GET https://vulners.com/api/v3/audit/getSupportedOS -H 'Content-Type: application/json' -H 'apiKey: {API key}'

Conclusions

This guide should serve as a foundational tool for understanding and utilizing the Vulners Search API effectively. For further assistance or clarifications, please consult our additional documentation or contact support.