Skip to main content

Vulnerability Intelligence (OEM)

OEM Vulnerability Intelligence APIs provide premium access to comprehensive vulnerability databases with advanced features including caching, enhanced result limits, and detailed audit logging.

Authentication: Enterprise API key required with OEM module enabled.

Rate Limiting: No rate limits for OEM customers.

Caching: 24-hour TTL caching for improved performance.

Result Limits: Up to 50 results per query (5x standard limit).

Search for vulnerabilities by CVE identifier, description, or vendor/product information from the NVD Database with OEM-level access.

HTTP Request

POST https://fullhunt.io/api/v1/oem/vulnerability-intelligence/vulnerability-search

Request Body

ParameterTypeRequiredDescription
queryStringYesThe search query (CVE identifier, description, or vendor/product). Must be 3-50 characters long.
query_tagsObjectNoCustom tags for query tracking and organization

Example Request

curl -X POST "https://fullhunt.io/api/v1/oem/vulnerability-intelligence/vulnerability-search" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "CVE-2014-0160",
    "query_tags": {
      "project": "security-assessment",
      "team": "red-team"
    }
  }'

Example Response

{
  "response": [
    {
      "source": "nvd",
      "cve_id": "CVE-2014-0160",
      "title": "CVE-2014-0160",
      "description": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.",
      "source_identifier": "secalert@redhat.com",
      "published_date": "2014-04-07T22:55:03.893",
      "last_modified_date": "2025-09-09T13:33:47.875Z",
      "vuln_status": "Deferred",
      "cvss_v3_score": 7.5,
      "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "cvss_v2_score": 5,
      "cvss_v2_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "cwes": ["CWE-125"],
      "cpe_ids": ["cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"],
      "epss_percentile": 0.99985,
      "epss_score": 0.94436,
      "is_exploit_available": true,
      "is_kev": true,
      "cisa_exploit_add": "2022-05-04",
      "cisa_action_due": "2022-05-25",
      "cisa_required_action": "Apply updates per vendor instructions.",
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0160",
          "source": "secalert@redhat.com",
          "tags": ["Third Party Advisory"]
        }
      ]
    }
  ]
}

Search for exploits, proof-of-concepts, and exploit code from the FullHunt database with OEM-level access.

HTTP Request

POST https://fullhunt.io/api/v1/oem/vulnerability-intelligence/exploits-search

Request Body

ParameterTypeRequiredDescription
queryStringYesThe search query (CVE identifier, exploit title, description, type, or platform). Must be 3-100 characters long.
query_tagsObjectNoCustom tags for query tracking and organization

Example Request

curl -X POST "https://fullhunt.io/api/v1/oem/vulnerability-intelligence/exploits-search" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "CVE-2023-23397",
    "query_tags": {
      "project": "threat-hunting",
      "priority": "high"
    }
  }'

Example Response

{
  "response": [
    {
      "source": "exploitdb",
      "edb_id": "33943",
      "cve_id": null,
      "title": "Flussonic Media Server 4.1.25 < 4.3.3 - Arbitrary File Disclosure",
      "file_path": "exploits/aix/dos/33943.txt",
      "author": "BGA Security",
      "type": "dos",
      "platform": "aix",
      "port": "8080",
      "date_published": "2014-07-01",
      "date_added": "2014-07-01",
      "date_updated": "2014-07-01",
      "verified": false,
      "codes": ["OSVDB-108610", "OSVDB-108609"],
      "tags": [],
      "aliases": "",
      "screenshot_url": "",
      "application_url": "",
      "source_url": "",
      "epss_percentile": 0,
      "epss_score": 0,
      "is_kev": false
    }
  ]
}

OEM Features

Advanced Audit Logging

All OEM API requests include comprehensive logging:

  • Account and user identification
  • Request parameters and query tags
  • Timestamp and IP address tracking
  • Custom query tagging for organization

Higher Result Limits

  • Standard APIs: 10 results per query
  • OEM APIs: 50 results per query
  • Deep Search: More comprehensive result sets

Query Tagging

Custom tags for request organization and tracking:

{
  "query_tags": {
    "project": "red-team-exercise",
    "team": "security",
    "priority": "high",
    "environment": "production"
  }
}

Response Fields

Enhanced Vulnerability Data

OEM responses include additional fields not available in standard APIs:

  • exploitability_score: CVSS exploitability subscore
  • impact_score: CVSS impact subscore
  • attack_vector: Detailed attack vector information
  • attack_complexity: Attack complexity assessment
  • privileges_required: Required privilege level
  • user_interaction: User interaction requirements

Enhanced Exploit Data

OEM responses include additional exploit intelligence from multiple sources:

ExploitDB Source Fields:

  • edb_id: Exploit Database identifier
  • file_path: Path to exploit code file
  • verified: Verification status
  • codes: Reference codes (OSVDB, etc.)

Metasploit Source Fields:

  • module_path: Metasploit module path
  • full_name: Full module name
  • rank: Module reliability rank (300-700)
  • disclosure_date: Vulnerability disclosure date
  • mod_time: Module last modification time
  • rport: Remote target port
  • arch: Target architecture
  • references: Array of reference codes and URLs
  • notes: Module stability, side effects, and reliability info

CISA KEV Source Fields:

  • vendor: Affected vendor name
  • product: Affected product name
  • date_added: Date added to KEV catalog
  • due_date: Federal remediation deadline
  • ransomware_use: Ransomware exploitation status
  • recommendation: CISA remediation guidance
  • notes: Additional CISA reference links

Error Responses

Status CodeErrorDescription
400Missing required parameter: queryThe query parameter is required
400Query must be at least 3 characters longSearch query is too short
400Query must be less than X characters longSearch query exceeds maximum length
401Unauthorized accessInvalid or missing API key
403Access forbiddenAPI key doesn't have enterprise access
403OEM API is not enabled for your accountOEM module not enabled
403OEM API credits exhaustedNo remaining API credits

OEM Use Cases

Enterprise Threat Intelligence

  • Large-scale vulnerability monitoring
  • Automated threat intelligence feeds
  • Custom vulnerability dashboards
  • Integration with SIEM systems

Security Operations Centers (SOC)

  • Real-time vulnerability alerting
  • Threat hunting operations
  • Incident response support
  • Vulnerability lifecycle tracking

Managed Security Service Providers (MSSP)

  • Multi-tenant vulnerability management
  • Customer-specific vulnerability reports
  • Bulk vulnerability assessments
  • White-label security solutions

Security Tool Integration

  • Vulnerability scanner enhancement
  • Security platform data enrichment
  • Custom vulnerability databases
  • Automated patch management systems

Implementation Examples

Python Example

import requests
import json

def search_vulnerabilities(api_key, query, project_tag=None):
    url = "https://fullhunt.io/api/v1/oem/vulnerability-intelligence/vulnerability-search"
    
    headers = {
        "X-API-KEY": api_key,
        "Content-Type": "application/json"
    }
    
    payload = {
        "query": query,
        "no_cache": False
    }
    
    if project_tag:
        payload["query_tags"] = {"project": project_tag}
    
    response = requests.post(url, headers=headers, json=payload)
    
    if response.status_code == 200:
        return response.json()["response"]
    else:
        print(f"Error: {response.status_code} - {response.text}")
        return None

# Usage
vulnerabilities = search_vulnerabilities(
    api_key="your-api-key",
    query="CVE-2023-23397",
    project_tag="security-assessment"
)

Node.js Example

const axios = require('axios');

async function searchExploits(apiKey, query, queryTags = {}) {
    const url = 'https://fullhunt.io/api/v1/oem/vulnerability-intelligence/exploits-search';
    
    const payload = {
        query: query,
        query_tags: queryTags
    };
    
    try {
        const response = await axios.post(url, payload, {
            headers: {
                'X-API-KEY': apiKey,
                'Content-Type': 'application/json'
            }
        });
        
        return response.data.response;
    } catch (error) {
        console.error('Error:', error.response.status, error.response.data);
        return null;
    }
}

// Usage
searchExploits('your-api-key', 'CVE-2023-23397', {
    team: 'red-team',
    priority: 'high'
}).then(exploits => {
    console.log('Found exploits:', exploits.length);
});

Best Practices

Query Optimization

  • Use specific CVE identifiers for fastest results
  • Use query tags for better organization and tracking

Error Handling

  • Implement proper retry logic for network errors
  • Handle rate limiting gracefully (though not applicable to OEM)
  • Log API responses for audit trails

Security Considerations

  • Store API keys securely (environment variables, key management systems)
  • Use HTTPS for all API communications
  • Implement proper access controls for API usage

Performance Tips

  • Batch similar queries when possible
  • Monitor API response times and adjust accordingly