This site uses cookies for managing your session and website analytics purposes. Allow Cookies

VulnIQ

Web Data

Please note that, when running private instances, it is your responsibility to make sure that you do not violate copyrights and third party terms of service and agreements.
To avoid potential legal issues, SaaS version of VulnIQ will not provide cached content, pdf exports and full size screenshots.

When working on security issues, to get more information, you click many links which take you to third party websites. You can't tell if they are relevant or not before clicking and visiting the urls.
Basic information about the url such as page title, redirect url, a small size screenshot etc would help you save time by skipping irrelevant urls.

Visiting third party urls is not only a time consuming process but also a security issue. Consider your team is working on a security issue and multiple people from your organization has visited a specific url about that particular issue. Anyone who has access to web traffic information (web site owner, google analytics, third party advertisers, 10 different CDN which hosts the javascript libraries the site uses, web hosting provider, everyone who has hacked any of these...) can easily figure out that you are affected by that issue.

For example if you are working for a government organization and 10 people from your organization visit a blog post about that vulnerability, it becomes obvious that at least one of your systems is affected by that issue. If the website is compromised by another government then this information may help them launch a successful attack using that vulnerability.

VulnIQ Solution

VulnIQ can fetch and process urls referenced from other data.
For example you can configure VulnIQ to process reference urls discovered in the NVD json feed.
Then VulnIQ data processing engine can :

  1. Fetch the URL
  2. Generate a screenshot and a thumbnail of the page
  3. Generate a PDF export of the page
  4. Generate a plain text version of the web page and remove standard noise such as headers and footers.
    Optionally on private instances, plain text versions can be cached and viewed.
    Plain text versions are also used for full text searches.
Please note that most of these features will not be available in the SaaS version due to copyrights and third party restrictions.

You can access all data using VulnIQ APIs. For example:

  • Get URL info:
    https://vulniq.example.com/api/urldata/id-of-the-url/info
  • Get screenshot:
    https://vulniq.example.com/api/urldata/id-of-the-url/screenshot
  • Get cached text:
    https://vulniq.example.com/api/urldata/id-of-the-url/cached
Example URL metadata obtained by calling /api/urldata/id-of-the-url/info endpoint.