InternetDB

Everyone

The InternetDB API is our answer for situations where you need to lookup a lot of IPs in a short amount of time. It has a rate limit that allows bursts of up to 10,000 requests per second and we offer a tool called nrich that takes advantage of the InternetDB API to quickly enrich a list of IPs. The database powering the InternetDB API is updated weekly at midnight UTC. Below is a sample response:

{
    "ip": "51.83.59.99",
    "ports": [
        22,
        80,
        443,
        500
    ],
    "cpes": [
        "cpe:/a:f5:nginx",
        "cpe:/a:openbsd:openssh:7.4"
    ],
    "hostnames": [
        "www.sampleresponse.fr"
    ],
    "tags": [
        "vpn"
    ],
    "vulns": [
        "CVE-2017-15906"
    ]
}

A few things:

• The list of available tags can be found in the Datapedia
• The vulns property includes both verified and unverified vulnerabilities
• hostnames are based on the reverse DNS of the IP and certificate information

A downloadable SQLite version of InternetDB is available to Enterprise customers.

Note

Shodan uses the CVEDB API to add the top-level vulns property on banners by looking up the banner["cpe23"] values.