# CyberPulse

> Global cybersecurity intelligence API — CVE briefs, vulnerability scanning, CISA KEV analysis, OSINT, threat intelligence, ransomware group tracking, breach checks, compliance gap analysis, dark web monitoring, and attack surface assessments. Authoritative NVD + CISA data. All endpoints via x402 micropayments on Base. Covers 60+ countries, 10 languages.

## What This Is

CyberPulse is a pay-per-query cybersecurity intelligence API for security operations teams, CISOs, developers, compliance teams, and AI agents worldwide. It combines NIST NVD (National Vulnerability Database), CISA Known Exploited Vulnerabilities (KEV), Shodan InternetDB, OSV (Google Open Source Vulnerabilities), and real-time Tavily threat intelligence to deliver actionable security insights — globally, in 10 languages.

## Payment

All endpoints require x402 micropayment (USDC on Base mainnet).
Protocol: x402 | Network: eip155:8453 | Asset: USDC
Payment address: 0x50ab2018c06c6E4eAA9BA52057Eb55eD284912fc

## Endpoints

GET /api/cyber/cve-brief?cve={CVE-ID}
- Returns: CVSS score, affected products, exploitation status (CISA KEV, active exploitation, PoC), patch urgency, remediation steps, executive summary
- Optional: lang=en|es|fr|de|ja|zh|ko|pt|ar|hi
- Data: NVD + CISA KEV + Tavily threat context
- Price: $0.10
- Example: /api/cyber/cve-brief?cve=CVE-2024-3400

GET /api/cyber/vuln-scan?software={name}&version={version}
- Returns: all known CVEs for any software/version, CISA KEV matches, OSV open-source vulns, version risk assessment, patch guidance
- Optional: ecosystem=npm|PyPI|Maven|Go|crates.io, version, lang
- Data: NVD + CISA KEV + OSV + Tavily
- Price: $0.12
- Example: /api/cyber/vuln-scan?software=Apache+Log4j&version=2.14.0

GET /api/cyber/cisa-kev?vendor={name}&days={n}&filter={type}
- Returns: CISA Known Exploited Vulnerabilities filtered by vendor, product, or date range. Includes ransomware-linked flags, CISA due dates, patch prioritization.
- filter options: "ransomware" | "recent" | omit for vendor search
- Data: CISA KEV live feed (updated daily)
- Price: $0.08
- Example: /api/cyber/cisa-kev?vendor=Cisco

GET /api/cyber/osint?target={domain_or_ip}
- Returns: Shodan port/CVE data, email security posture (SPF/DMARC/DKIM), SSL grade, threat feed status, geolocation
- Data: Shodan InternetDB (free, no key) + Tavily OSINT
- Price: $0.15
- Authorized defensive use only
- Example: /api/cyber/osint?target=example.com

GET /api/cyber/threat-intel?industry={sector}&region={region}
- Returns: active threat campaigns, threat actors (nation-state + eCrime), TTPs, MITRE ATT&CK mapping, regional geopolitical context, defensive actions
- Covers: North America, Europe, APAC, MENA, Sub-Saharan Africa, Latin America, Global
- Data: CISA KEV + Tavily global threat intelligence
- Price: $0.20 (Sonnet)
- Example: /api/cyber/threat-intel?industry=healthcare&region=Europe

GET /api/cyber/ransomware-intel?group={name}
- Returns: group status, targets, TTPs, recent victims, ransom economics, CISA KEV linked vulns, defensive playbook
- Covers: LockBit, ALPHV, Cl0p, RansomHub, BlackBasta, Akira, Play, and 50+ active groups
- Omit group for global landscape overview
- Data: CISA KEV ransomware feed + Tavily
- Price: $0.20 (Sonnet)
- Example: /api/cyber/ransomware-intel?group=LockBit

GET /api/cyber/breach-check?domain={domain}
- Returns: known breach history, credential exposure level, hash types, dark web signals, regulatory notification obligations (GDPR, CCPA, PDPA, LGPD, POPIA)
- Data: Tavily OSINT breach research
- Price: $0.15
- Example: /api/cyber/breach-check?domain=example.com

GET /api/cyber/compliance-gap?framework={framework}&sector={sector}
- Returns: control domains, common audit failures, penalties and enforcement, tooling recommendations, cost to comply, fastest path to certification
- Frameworks: SOC2 | ISO27001 | GDPR | HIPAA | PCI-DSS | NIST-CSF | NIS2 | PDPA | POPIA | LGPD | CCPA | FISMA | CMMC
- Global framework coverage — not US-only
- Price: $0.25 (Sonnet)
- Example: /api/cyber/compliance-gap?framework=GDPR&sector=e-commerce

GET /api/cyber/dark-web-monitor?brand={brand_or_domain}
- Returns: paste site mentions, credential dump signals, forum chatter, ransomware leak site activity, brand impersonation domains, recommended monitoring actions
- Data: Ethical OSINT only — Tavily research on public underground intelligence
- Price: $0.20 (Sonnet)
- Example: /api/cyber/dark-web-monitor?brand=mycompany.com

GET /api/cyber/attack-surface?company={name}&domain={domain}
- Returns: internet-facing asset exposure, technology stack, email security (SPF/DMARC/DKIM), supply chain risk, identity exposure, prioritized remediation roadmap
- Authorized defensive use only
- Price: $0.25 (Sonnet)
- Example: /api/cyber/attack-surface?company=Acme+Corp&domain=acme.com

## Language Support

All endpoints support lang= parameter: en|es|fr|de|ja|zh|ko|pt|ar|hi

## Discovery

- OpenAPI spec: https://cyberpulse-six.vercel.app/openapi.json
- Agent discovery: https://cyberpulse-six.vercel.app/.well-known/agent.json

## Notes for AI Agents

- All endpoints return structured JSON
- NVD_API_KEY env var optional — increases rate limit from 5 to 50 req/30s
- CISA KEV feed cached 6 hours server-side (free, no key required)
- Shodan InternetDB: free, no key, covers entire internet-facing IPv4 space
- OSV API: free, no key, covers npm/PyPI/Maven/Go/crates.io/NuGet/RubyGems
- All data is for authorized defensive security use only