CVE Hunter

A threat intelligence dashboard — NVD · CISA KEV · MITRE ATT&CK
ready
Quick range: long ranges are auto-split in 120-day windows
Filter: All 0 KEV only 0 With ATT&CK 0 Critical 0 High 0 Medium 0
Showing
Total matched
Critical
High
KEV
ATT&CK mapped

Results

sort by date ↓ · click any row to expand
Enter a query, pick a date range, or just press Search — defaults to last 30 days.

MITRE ATT&CK — Enterprise matrix

Full enterprise technique catalog, loaded from the MITRE STIX feed.

Loading ATT&CK matrix…

Recon utilities

Wrappers around whois, DNS, IP geolocation, HTTP headers and TLS certificates.

Whois

/api/whois
awaiting input…

IP intel

/api/ipinfo
awaiting input…

DNS records

/api/dns
awaiting input…

HTTP headers

/api/headers
awaiting input…

TLS certificate

/api/ssl
awaiting input…

CVE Hunter API v1.0

Read-only REST API aggregating NVD, CISA KEV and MITRE ATT&CK. All endpoints accept GET, return JSON, no auth required.

Base URL https://cve-hunter-api.julien-schz.fr
Jump to: GET /api/cves GET /api/kev GET /api/mitre GET /api/whois GET /api/ipinfo GET /api/dns GET /api/headers GET /api/ssl GET /health

Vulnerabilities

CVE records, exploited catalog, and MITRE taxonomy
GET
/api/cves
Search CVEs from NVD with optional filters. Ranges >120 days are split server-side.
NVD

Proxies the NIST NVD cves/2.0 endpoint. Supports keyword search, severity filter, and published-date range. If pubEndDate − pubStartDate > 120 days, the API automatically splits the request into 120-day windows, deduplicates by CVE ID, sorts by published descending, and paginates client-side via startIndex / resultsPerPage.

Query parameters
NameInTypeDescription
keywordSearchquerystring
Free-text search against vendor, product, description. apache struts
cvssV3Severityqueryenum
One of CRITICAL, HIGH, MEDIUM, LOW.
cvssV2Severityqueryenum
Legacy CVSS v2 severity filter.
pubStartDatequeryISO-8601
Inclusive lower bound on published date. 2024-01-01T00:00:00.000Z
pubEndDatequeryISO-8601
Inclusive upper bound on published date.
resultsPerPagequeryinteger
Page size, 1-2000. Default 50.
startIndexqueryinteger
Offset for pagination. Default 0.
Try it out
GET
Responses

Success 200 application/json

{
  "resultsPerPage": 50,
  "startIndex": 0,
  "totalResults": 1284,
  "aggregated": true,
  "rawTotalFromNvd": 1284,
  "vulnerabilities": [
    {
      "cve": {
        "id": "CVE-2024-3400",
        "published": "2024-04-12T08:15:06.230",
        "lastModified": "2024-11-21T09:29:34.140",
        "descriptions": [...],
        "metrics": { "cvssMetricV31": [...] },
        "weaknesses": [...],
        "configurations": [...],
        "references": [...]
      }
    }
  ]
}
GET
/api/kev
Returns all CVE IDs currently in CISA's Known Exploited Vulnerabilities catalog.
CISA

Fetches the live CISA KEV feed, extracts every cveID, and returns a flat array. Useful as a set-membership check when triaging a batch of CVEs.

Query parameters

None.

Try it out
GET
Responses

Success 200 application/json

[
  "CVE-2021-44228",
  "CVE-2023-23397",
  "CVE-2024-3400",
  ...
]
GET
/api/mitre
Full MITRE ATT&CK Enterprise STIX bundle.
MITRE

Proxies the upstream MITRE ATT&CK Enterprise STIX 2.1 bundle. The client filters attack-pattern objects to derive techniques, their tactics (kill-chain phases), and cross-references.

Query parameters

None.

Try it out
GET
Responses

Success 200 application/json

{
  "type": "bundle",
  "id": "bundle--...",
  "objects": [
    {
      "type": "attack-pattern",
      "name": "Command and Scripting Interpreter",
      "external_references": [
        { "source_name": "mitre-attack", "external_id": "T1059" }
      ],
      "kill_chain_phases": [
        { "kill_chain_name": "mitre-attack", "phase_name": "execution" }
      ]
    }
  ]
}

Recon

Quick lookups for the first ten minutes of triage
GET
/api/whois
Whois record for a domain.
domain

Runs a standard whois query via python-whois. datetime fields are stringified so the payload is JSON-safe.

Query parameters
NameInTypeDescription
q*querystring
Domain name to look up. example.com
Try it out
GET
Responses

Success 200 application/json

{
  "domain_name": "EXAMPLE.COM",
  "registrar": "RESERVED-Internet Assigned Numbers Authority",
  "creation_date": "1995-08-14 04:00:00",
  "expiration_date": "2025-08-13 04:00:00",
  "name_servers": ["A.IANA-SERVERS.NET", "B.IANA-SERVERS.NET"]
}

Error 400 / 500

{ "error": "Domain is required" }
GET
/api/ipinfo
RDAP lookup + geolocation for an IPv4 or IPv6 address.
network

Combines ipwhois RDAP lookup with ip-api.com geolocation. The geo block is nested under geo.

Query parameters
NameInTypeDescription
q*querystring
IPv4 or IPv6 address. 8.8.8.8
Try it out
GET
Responses

Success 200 application/json

{
  "asn": "15169",
  "asn_country_code": "US",
  "asn_description": "GOOGLE, US",
  "network": { "cidr": "8.8.8.0/24", ... },
  "geo": {
    "country": "United States",
    "city": "Mountain View",
    "lat": 37.406,
    "lon": -122.0785,
    "isp": "Google LLC"
  }
}
GET
/api/dns
Resolve DNS records for a domain.
domain

Resolves the requested record type via dnspython. Returns each answer as a string.

Query parameters
NameInTypeDescription
q*querystring
Domain to resolve. example.com
typequeryenum
Record type. Default A. Supported: A, AAAA, MX, TXT, NS, CNAME, SOA, CAA.
Try it out
GET
Responses

Success 200 application/json

{
  "domain": "example.com",
  "type": "MX",
  "records": ["0 ."]
}
GET
/api/headers
HTTP response headers for a given URL.
http

Sends an HTTP HEAD request with redirects followed, returns the final response headers, status code and final URL.

Query parameters
NameInTypeDescription
url*querystring
Target URL. If no scheme is given, http:// is assumed. https://example.com
Try it out
GET
Responses

Success 200 application/json

{
  "status": 200,
  "final_url": "https://example.com/",
  "headers": {
    "Content-Type": "text/html; charset=UTF-8",
    "Server": "ECS (dcb/7F3A)",
    "Cache-Control": "max-age=604800"
  }
}
GET
/api/ssl
Inspect the TLS certificate presented by a host.
tls

Opens a TLS 1.2+ connection to port 443 and returns the peer certificate as parsed by Python's ssl module.

Query parameters
NameInTypeDescription
host*querystring
Hostname (with or without scheme). example.com
Try it out
GET
Responses

Success 200 application/json

{
  "subject": [[["commonName", "example.com"]]],
  "issuer": [[["commonName", "DigiCert Global G2 TLS RSA SHA256 2020 CA1"]]],
  "version": 3,
  "serialNumber": "075BCEF30689C8ADDF13E51AF4AFE187",
  "notBefore": "Jan 30 00:00:00 2024 GMT",
  "notAfter": "Mar  1 23:59:59 2025 GMT",
  "subjectAltName": [["DNS", "example.com"], ["DNS", "www.example.com"]]
}

System

Service introspection
GET
/health
Lightweight readiness probe.
system

Returns 200 with a tiny JSON payload when the service is up. Used by the Docker healthcheck.

Try it out
GET
Responses

Success 200 application/json

{
  "status": "ok",
  "time": "2026-04-24T14:32:11.123Z"
}

About this dashboard

CVE Hunter is a thin UI over a Flask API that proxies three authoritative sources: the NIST National Vulnerability Database, CISA's Known Exploited Vulnerabilities catalog, and the MITRE ATT&CK Enterprise matrix. Everything is fetched on demand — nothing is stored client-side beyond the API endpoint preference.

ATT&CK mapping works on three signals: explicit T#### references in CVE metadata, CWE-to-technique heuristics (e.g. CWE-78 → T1059 Command and Scripting Interpreter), and keyword inference over the description text.

Long date ranges (>120 days) are automatically split server-side into 120-day windows to respect NVD's public API limits, then re-aggregated and paginated.

Keyboard: / focus search · Enter run · Esc collapse all · t toggle theme.