Strobes Intel API
Vulnerability Intelligence API Documentation
Access comprehensive CVE data, vulnerability intelligence, threat actor information, and security metrics programmatically. Our REST API provides real-time access to 390,000+ vulnerabilities with CVSS scores, EPSS predictions, and exploit intelligence.
REST API390K+ CVEsReal-time DataFree Tier Available
Base URL
https://intel.strobes.co/apiOverview
The Strobes Intel API provides programmatic access to our comprehensive vulnerability intelligence database. Use it to integrate CVE data, exploit information, and threat intelligence into your security tools and workflows.
Key Features
- CVE Database: Access 390,000+ vulnerabilities with detailed metadata
- Real-time Updates: Data refreshed daily from NVD, CISA KEV, and other sources
- EPSS Scores: Exploit Prediction Scoring System probabilities
- Priority Scores: Strobes proprietary vulnerability prioritization (0-1000)
- Threat Actors: APT groups and their exploited vulnerabilities
- Product Mapping: CVEs mapped to affected software products
Response Format
All API responses are returned in JSON format. Successful responses include the requested data, while errors return a consistent error object.
Authentication
Most endpoints are publicly accessible without authentication. Premium endpoints (ASM, bulk downloads) require a license key passed via the X-LICENSE-KEY header.
Authentication Header
curl -X GET "https://intel.strobes.co/api/download/latest" \
-H "X-LICENSE-KEY: your-license-key"PublicFree Access
CVE lookups, search, statistics, threat actors
LicensedPremium Access
Bulk downloads, ASM endpoints, IP geolocation
Rate Limits
The API currently does not enforce strict rate limits for public endpoints. However, we recommend limiting requests to reasonable levels:
- Public endpoints: ~100 requests/minute
- Licensed endpoints: ~1000 requests/minute
Excessive usage may result in temporary blocks. For bulk data needs, use the /api/download endpoint with a license key.
CVE Endpoints
GET
/api/vulnerabilities/{cve_id}Retrieve detailed information about a specific CVE
Parameters
| Name | Type | Location | Required | Description |
|---|---|---|---|---|
cve_id | string | path | Required | CVE identifier (e.g., CVE-2021-44228) |
Response
{
"id": "CVE-2021-44228",
"sources": ["nvd", "mitre"],
"cvss_v2": 9.3,
"cvss_v3": 10.0,
"cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"exploits": {
"exploit_available": true,
"references": [...]
},
"zeroday": {
"is_zeroday": false
},
"patches": {
"patch_available": true,
"references": [...]
},
"priority_score": 985,
"epss_score": 0.97548,
"seen_wild": true,
"trend": 3,
"published": "2021-12-10T00:00:00",
"last_modified": "2024-01-15T00:00:00",
"cisa_due_date": "2021-12-24",
"taxonomy": {
"cwe": [{"id": "CWE-917", "description": "..."}]
},
"advisories": [...]
}Example Request
curl "https://intel.strobes.co/api/vulnerabilities/CVE-2021-44228"POST
/api/vulnerabilitiesQuery CVEs with advanced filters and pagination
Parameters
| Name | Type | Location | Required | Description |
|---|---|---|---|---|
operator | string | body | Optional | "and" or "or" for combining conditions (default: "and") |
sort | string | body | Optional | "asc" or "desc" for sorting by CVE ID (default: "desc") |
skip | integer | body | Optional | Offset for pagination (default: 0) |
limit | integer | body | Optional | Number of results (default: 10, max: 100) |
query | object | body | Optional | Filter conditions |
Request Body
{
"operator": "and",
"sort": "desc",
"skip": 0,
"limit": 10,
"query": {
"exploit_available": {"eq": true},
"patch_available": {"eq": false},
"priority_score": {"gte": 800},
"epss_score": {"gte": 0.5}
}
}Response
{
"total_count": 1250,
"cves": [
{
"id": "CVE-2024-1234",
"cvss_v3": 9.8,
"priority_score": 950,
...
}
],
"has_next": true
}Example Request
curl -X POST "https://intel.strobes.co/api/vulnerabilities" \
-H "Content-Type: application/json" \
-d '{"query": {"exploit_available": {"eq": true}}, "limit": 5}'GET
/api/latest/zerodaysGet the latest zero-day vulnerabilities
Response
[
{
"id": "CVE-2024-0001",
"cvss_v3": 9.8,
"zeroday": {"is_zeroday": true},
"published": "2024-01-15T00:00:00",
...
}
]Example Request
curl "https://intel.strobes.co/api/latest/zerodays"Search Endpoints
GET
/api/search/Search for CVE IDs by prefix
Parameters
| Name | Type | Location | Required | Description |
|---|---|---|---|---|
cve | string | query | Optional | CVE ID prefix to search (e.g., CVE-2024) |
Response
["CVE-2024-1234", "CVE-2024-1235", "CVE-2024-1236"]Example Request
curl "https://intel.strobes.co/api/search/?cve=CVE-2024-12"GET
/api/search/cpe/Search CVEs by product keyword (CPE-based)
Parameters
| Name | Type | Location | Required | Description |
|---|---|---|---|---|
keyword | string | query | Required | Product keyword (e.g., apache, nginx, windows) |
skip | integer | query | Optional | Pagination offset (default: 0) |
limit | integer | query | Optional | Results per page (default: 10, max: 100) |
filters | string | query | Optional | JSON string with additional filters |
Response
{
"total_count": 2500,
"cves": [
{
"id": "CVE-2024-1234",
"advisories": [{"cpe": ["cpe:2.3:a:apache:*"]}],
...
}
],
"has_next": true
}Example Request
curl "https://intel.strobes.co/api/search/cpe/?keyword=apache&limit=10&filters=%7B%22exploit_available%22%3A%7B%22eq%22%3Atrue%7D%7D"POST
/api/v2/vulnerabilities/filterAdvanced filtering with cursor-based pagination and facets
Parameters
| Name | Type | Location | Required | Description |
|---|---|---|---|---|
conditions | array | body | Optional | Array of filter conditions |
operator | string | body | Optional | "and" or "or" (default: "and") |
text_search | string | body | Optional | Full-text search query |
sort_by | string | body | Optional | Field to sort by |
sort_order | string | body | Optional | "asc" or "desc" |
cursor | string | body | Optional | Cursor for pagination |
limit | integer | body | Optional | Results per page (default: 20) |
include_facets | boolean | body | Optional | Include aggregation facets |
Request Body
{
"conditions": [
{"field": "priority_score", "operator": "gte", "value": 900},
{"field": "exploits.exploit_available", "operator": "eq", "value": true}
],
"operator": "and",
"text_search": "remote code execution",
"sort_by": "priority_score",
"sort_order": "desc",
"limit": 20,
"include_facets": true
}Response
{
"total_count": 500,
"cves": [...],
"has_next": true,
"next_cursor": "eyJzb3J0X3ZhbHVlIjogOTUwfQ==",
"facets": {
"tags": [{"value": "rce", "count": 250}],
"sources": [{"value": "nvd", "count": 500}]
}
}Example Request
curl -X POST "https://intel.strobes.co/api/v2/vulnerabilities/filter" \
-H "Content-Type: application/json" \
-d '{"conditions": [{"field": "priority_score", "operator": "gte", "value": 900}]}'Product Endpoints
POST
/api/affected-productFind products affected by vulnerabilities
Parameters
| Name | Type | Location | Required | Description |
|---|---|---|---|---|
ecosystem | string | body | Optional | Package ecosystem (npm, pypi, maven, etc.) |
name | string | body | Optional | Product name |
cves | array | body | Optional | List of CVE IDs to filter by |
skip | integer | body | Optional | Pagination offset |
limit | integer | body | Optional | Results per page |
Request Body
{
"ecosystem": "npm",
"name": "lodash",
"skip": 0,
"limit": 10
}Response
{
"total_count": 15,
"products": [
{
"id": "hash-123",
"name": "lodash",
"ecosystem": "npm",
"cpe": "cpe:2.3:a:lodash:lodash:*",
"affected": [
{
"cve_id": "CVE-2021-23337",
"affected_version_range": ["0.0.0", "4.17.20"],
"fixed_version": ["4.17.21"]
}
]
}
],
"has_next": true
}Example Request
curl -X POST "https://intel.strobes.co/api/affected-product" \
-H "Content-Type: application/json" \
-d '{"ecosystem": "npm", "name": "lodash"}'Threat Actor Endpoints
POST
/api/threat-actorsSearch threat actors and their exploited vulnerabilities
Parameters
| Name | Type | Location | Required | Description |
|---|---|---|---|---|
name | string | body | Optional | Threat actor name to search |
cve | string | body | Optional | CVE ID to find actors exploiting it |
skip | integer | body | Optional | Pagination offset |
limit | integer | body | Optional | Results per page |
Request Body
{
"name": "Lazarus",
"skip": 0,
"limit": 10
}Response
{
"total_count": 1,
"threat_actors": [
{
"id": "Lazarus Group",
"description": "North Korean state-sponsored threat actor...",
"country": "North Korea",
"aliases": ["APT38", "Guardians of Peace", "HIDDEN COBRA"],
"cves_exploited": ["CVE-2021-44228", "CVE-2022-26134"],
"target_category": ["Financial", "Cryptocurrency"],
"techniques": ["Spear Phishing", "Supply Chain"],
"references": [...]
}
],
"has_next": false
}Example Request
curl -X POST "https://intel.strobes.co/api/threat-actors" \
-H "Content-Type: application/json" \
-d '{"name": "Lazarus"}'POST
/api/kb-supercedenceFind Microsoft KB article supersedence chains
Parameters
| Name | Type | Location | Required | Description |
|---|---|---|---|---|
kb | string | body | Required | Microsoft KB article ID (e.g., KB5001234) |
skip | integer | body | Optional | Pagination offset |
limit | integer | body | Optional | Results per page |
Response
{
"total_count": 1,
"msrc_kbs": [
{
"id": "KB5001234",
"product": "Windows 10 Version 21H2",
"build_number": "19044",
"supercedence": ["KB5002345", "KB5003456"],
"cves": ["CVE-2024-1234", "CVE-2024-1235"]
}
],
"has_next": false
}Example Request
curl -X POST "https://intel.strobes.co/api/kb-supercedence" \
-H "Content-Type: application/json" \
-d '{"kb": "KB5001234"}'Statistics Endpoint
GET
/api/stats/Get vulnerability database statistics
Response
{
"today": {
"vulnerability_count": 390000,
"zeroday_count": 125,
"exploits_count": 45000,
"above_900": 2500,
"daily_entries": 45,
"recent_findings": 350,
"created": "2024-01-15"
},
"yesterday": {
"vulnerability_count": 389955,
"zeroday_count": 124,
...
}
}Example Request
curl "https://intel.strobes.co/api/stats/"Code Examples
Python Example
import requests
BASE_URL = "https://intel.strobes.co/api"
# Get a specific CVE
def get_cve(cve_id):
response = requests.get(f"{BASE_URL}/vulnerabilities/{cve_id}")
return response.json()
# Search for high-priority vulnerabilities with exploits
def get_critical_vulns():
payload = {
"query": {
"exploit_available": {"eq": True},
"priority_score": {"gte": 900}
},
"sort": "desc",
"limit": 20
}
response = requests.post(f"{BASE_URL}/vulnerabilities", json=payload)
return response.json()
# Get threat actors exploiting a CVE
def get_threat_actors(cve_id):
payload = {"cve": cve_id}
response = requests.post(f"{BASE_URL}/threat-actors", json=payload)
return response.json()
# Example usage
cve = get_cve("CVE-2021-44228")
print(f"CVE: {cve['id']}, Priority: {cve['priority_score']}")JavaScript/Node.js Example
const BASE_URL = "https://intel.strobes.co/api";
// Get a specific CVE
async function getCVE(cveId) {
const response = await fetch(`${BASE_URL}/vulnerabilities/${cveId}`);
return response.json();
}
// Search for vulnerabilities with filters
async function searchVulnerabilities(filters) {
const response = await fetch(`${BASE_URL}/vulnerabilities`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
query: filters,
sort: "desc",
limit: 20
})
});
return response.json();
}
// Example: Get all CVEs with EPSS > 0.9
const criticalVulns = await searchVulnerabilities({
epss_score: { gte: 0.9 },
exploit_available: { eq: true }
});
console.log(`Found ${criticalVulns.total_count} critical vulnerabilities`);cURL Examples
# Get CVE details
curl "https://intel.strobes.co/api/vulnerabilities/CVE-2021-44228"
# Search for exploitable vulnerabilities
curl -X POST "https://intel.strobes.co/api/vulnerabilities" \
-H "Content-Type: application/json" \
-d '{
"query": {
"exploit_available": {"eq": true},
"patch_available": {"eq": false}
},
"limit": 10
}'
# Get latest zero-days
curl "https://intel.strobes.co/api/latest/zerodays"
# Search by product
curl "https://intel.strobes.co/api/search/cpe/?keyword=apache&limit=20"
# Get threat actors
curl -X POST "https://intel.strobes.co/api/threat-actors" \
-H "Content-Type: application/json" \
-d '{"cve": "CVE-2021-44228"}'Error Handling
The API uses standard HTTP status codes to indicate the success or failure of requests.
| Status Code | Description |
|---|---|
| 200 | Success - Request completed successfully |
| 400 | Bad Request - Invalid parameters or malformed request |
| 403 | Forbidden - Invalid or missing license key (premium endpoints) |
| 404 | Not Found - CVE or resource not found |
| 500 | Server Error - Internal server error |
Error Response Format
{
"detail": "CVE not found",
"status_code": 404
}Filter Operators Reference
| Operator | Description | Example |
|---|---|---|
eq | Equals | {"eq": true} |
neq | Not equals | {"neq": false} |
gt | Greater than | {"gt": 7.0} |
gte | Greater than or equal | {"gte": 900} |
lt | Less than | {"lt": 5.0} |
lte | Less than or equal | {"lte": 0.5} |
in | In list | {"in": ["rce", "xss"]} |
contains | Contains (case-insensitive) | {"contains": "apache"} |
Filterable Fields (CVEs)
idstringcvss_v2numbercvss_v3numberpriority_scorenumberepss_scorenumbertrendnumberseen_wildbooleanexploits.exploit_availablebooleanpatches.patch_availablebooleanzeroday.is_zerodaybooleanpublisheddatelast_modifieddatetagsarraysourcesarraytaxonomy.cwe.idstringNeed Help?
If you have questions about the API or need assistance, reach out to our team.