Search the Exploit Intelligence Platform for vulnerabilities (CVEs). Returns a list of matching CVEs with CVSS scores, EPSS exploitation probability, exploit counts, CISA KEV status, VulnCheck KEV, InTheWild.io exploitation signals, and ransomware attribution. Supports full-text search, severity/vendor/product/ecosystem/CWE filters, CVSS/EPSS thresholds, plus any_exploited and ransomware filters. When sort is omitted, the API may automatically prefer newest exploitation, exploit, or nuclei-template activity based on the filters you set. Examples: query='apache httpd' with has_exploits=true; vendor='fortinet' with severity='critical' and is_kev=true sorted by epss_desc; any_exploited=true with ransomware=true for ransomware-linked CVEs; cwe='89' with min_cvss=9 for critical SQL injection CVEs.

Get a full intelligence brief for a specific vulnerability. Accepts both CVE-IDs (e.g. CVE-2024-3400) and EIP-IDs (e.g. EIP-2026-12345 for pre-CVE entries). Returns detailed information including CVSS score and vector, EPSS exploitation probability, CISA KEV status, description, affected products, ranked exploits (grouped by Metasploit modules, verified ExploitDB, GitHub PoCs, and trojans), Nuclei scanner templates with recon dorks, alternate identifiers, and references. Exploits are ranked by quality: Metasploit modules first (peer-reviewed), then verified ExploitDB, then GitHub by stars. Trojans are flagged at the bottom.

Retrieve the source code of a specific exploit by its platform ID. IMPORTANT: Use the platform's internal ID shown as [id=XXXXX] in results, NOT the ExploitDB number (EDB-XXXXX). These are different numbering systems. Returns code from the exploit archive. If no file_path is specified, auto-selects the most relevant code file. Use this to analyze exploit mechanics, understand attack techniques, or review PoC code.

Get the full AI analysis for a single exploit by its platform ID. Returns classification (working_poc, trojan, suspicious, scanner, stub, writeup), attack type, complexity, reliability, confidence score, authentication requirements, target software, a summary of what the exploit does, prerequisites, MITRE ATT&CK techniques, deception indicators for trojans, and the standalone backdoor-review verdict with operator-risk notes when available. Use this to check if an exploit is safe before reviewing its code. Example: exploit_id=61514 returns a TROJAN warning with deception indicators.

Get Nuclei scanner templates and recon dorks for a vulnerability. Returns template metadata, severity, verification status, tags, and ready-to-use Shodan, FOFA, and Google dork queries for target identification. Accepts both CVE-IDs and EIP-IDs. Use this to plan scanning or reconnaissance.

Get platform-wide statistics from the Exploit Intelligence Platform. Returns total counts of vulnerabilities, exploits, KEV entries, Nuclei templates, vendors, and authors, plus the last data update timestamp.

Check the EIP API health and data freshness. Returns database status and timestamps for each of the 10 ingestion sources (NVD, KEV, EPSS, ExploitDB, GitHub, Metasploit, etc.).

Browse and filter exploits using STRUCTURED FILTERS ONLY (no free-text query). Use this to filter by source (github, metasploit, exploitdb, nomisec, gitlab, inthewild, vulncheck_xdb, patchapalooza), language (python, ruby, etc.), LLM classification (working_poc, trojan, suspicious, scanner, stub, writeup, tool, no_code), author, min stars, code availability, CVE ID, vendor, or product. Also filter by AI analysis: attack_type (RCE, SQLi, XSS, DoS, LPE, auth_bypass, info_leak), complexity (trivial/simple/moderate/complex), reliability (reliable/unreliable/untested/theoretical), requires_auth. NOTE: To search by product name (e.g. 'OpenSSH', 'Apache'), use search_vulnerabilities instead — it has free-text query and get_vulnerability already includes exploits in the response. Examples: source='metasploit' for all Metasploit modules; attack_type='RCE' with reliability='reliable' for weaponizable RCE exploits; cve='CVE-2024-3400' for all exploits targeting a specific CVE; vendor='mitel' for all Mitel exploits.

List exploit authors/researchers ranked by exploit count. Returns the top security researchers with their exploit counts and handles. Use this when asked 'who are the top exploit authors?' or 'who writes the most exploits?'

Get an exploit author's profile with all their exploits. Returns author name, handle, total exploit count, activity start date, and a paginated list of their exploits with CVE context. Use this when asked about a specific researcher like 'show me all exploits by Chocapikk'.

List CWE (Common Weakness Enumeration) categories ranked by vulnerability count. Returns CWE IDs, names, short labels, exploit likelihood, and how many CVEs have that weakness. Use this when asked 'what are the most common vulnerability types?'

Get details for a specific CWE including full name, description, exploit likelihood, parent CWE, and total vulnerability count. Example: cwe_id='CWE-79' returns details about Cross-Site Scripting.

List software vendors ranked by vulnerability count. Returns the top 200 vendors with their total CVE counts. Use this when asked 'which vendors have the most vulnerabilities?' or to understand the threat landscape by vendor.

List products for a specific vendor with vulnerability counts. Use this to discover exact product names for filtering. Product names in the database use CPE conventions (e.g. 'exchange_server' not 'exchange', 'windows_10' not 'windows 10'). Example: vendor='microsoft' returns products like exchange_server, windows_10, office, edge_chromium.

Look up a vulnerability by an alternate identifier such as an ExploitDB ID (EDB-XXXXX) or GitHub Security Advisory ID (GHSA-XXXXX). Returns the matching CVE-ID with basic severity info. Use this when you have an EDB number or GHSA ID and need to find the corresponding CVE.

Audit a technology stack for exploitable vulnerabilities. Accepts a comma-separated list of technologies (max 5) and searches for critical/ high severity CVEs with public exploits for each one, sorted by EPSS exploitation probability. Use this when a user describes their infrastructure and wants to know what to patch first. Example: technologies='nginx, postgresql, node.js' returns a risk-sorted list of exploitable CVEs grouped by technology. Rate-limit cost: each technology requires up to 2 API calls; 5 technologies counts as up to 10 calls toward your rate limit.

Generate a pentest report finding in Markdown format for a specific vulnerability. Fetches full detail and formats it as a professional finding with severity, CVSS, description, affected products, exploit availability, and references. Accepts both CVE-IDs and EIP-IDs. Optionally include the target system tested and tester notes. The output is ready to paste into a pentest report. Example: cve_id='CVE-2024-3400', target='fw.corp.example.com', notes='Confirmed RCE via GlobalProtect gateway'.