{ "openapi": "3.1.0", "info": { "title": "CyberPulse API", "description": "Global cybersecurity intelligence API — CVE briefs, vulnerability scanning, CISA KEV, OSINT, threat intelligence, ransomware tracking, breach checks, compliance gap analysis, dark web monitoring, and attack surface assessments. All endpoints require x402 payment (USDC on Base mainnet) via the PAYMENT-SIGNATURE header.", "version": "1.0.0", "contact": { "url": "https://cyberpulse-six.vercel.app" } }, "servers": [{ "url": "https://cyberpulse-six.vercel.app" }], "components": { "securitySchemes": { "x402": { "type": "apiKey", "in": "header", "name": "PAYMENT-SIGNATURE", "description": "x402 payment signature. Send GET without this header to receive 402 with payment requirements. Sign and retry.", "required": true } } }, "security": [{ "x402": [] }], "paths": { "/api/cyber/cve-brief": { "get": { "summary": "CVE deep-dive — CVSS, exploitation status, patch urgency, remediation", "description": "Returns CVSS score, affected products, CISA KEV status, active exploitation signals, PoC availability, patch urgency, and remediation steps for any CVE ID.", "operationId": "getCveBrief", "parameters": [ { "name": "cve", "in": "query", "required": true, "schema": { "type": "string" }, "description": "CVE ID — e.g. CVE-2024-3400 | CVE-2023-44487 | CVE-2021-44228" }, { "name": "lang", "in": "query", "schema": { "type": "string" }, "description": "Response language: en|es|fr|de|ja|zh|ko|pt|ar|hi (default: en)" } ], "responses": { "200": { "description": "CVE brief JSON" }, "402": { "description": "Payment required — $0.10 USDC" } }, "x-price-usdc": 0.10, "x-model": "claude-haiku-4-5-20251001", "x-data-sources": ["NVD REST API v2", "CISA KEV", "Tavily"] } }, "/api/cyber/vuln-scan": { "get": { "summary": "Vulnerability scan — all known CVEs for any software + version", "description": "Returns known CVEs, CISA KEV matches, OSV open-source vulns, version risk assessment, and prioritized patch guidance for any software product.", "operationId": "getVulnScan", "parameters": [ { "name": "software", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Software name — e.g. Apache Log4j | OpenSSL | Spring Boot | Ivanti Connect Secure" }, { "name": "version", "in": "query", "schema": { "type": "string" }, "description": "Version string — e.g. 2.14.0 | 3.0.8" }, { "name": "ecosystem", "in": "query", "schema": { "type": "string" }, "description": "Package ecosystem — npm | PyPI | Maven | Go | crates.io | NuGet" }, { "name": "lang", "in": "query", "schema": { "type": "string" }, "description": "Response language (default: en)" } ], "responses": { "200": { "description": "Vulnerability scan JSON" }, "402": { "description": "Payment required — $0.12 USDC" } }, "x-price-usdc": 0.12, "x-model": "claude-haiku-4-5-20251001", "x-data-sources": ["NVD REST API v2", "CISA KEV", "OSV API", "Tavily"] } }, "/api/cyber/cisa-kev": { "get": { "summary": "CISA KEV — Known Exploited Vulnerabilities catalog search", "description": "Filter the CISA Known Exploited Vulnerabilities catalog by vendor, product, or time range. Includes ransomware-linked flags, CISA due dates, and patch prioritization.", "operationId": "getCisaKev", "parameters": [ { "name": "vendor", "in": "query", "schema": { "type": "string" }, "description": "Vendor/product name — e.g. Cisco | Ivanti | Microsoft | Palo Alto | Fortinet" }, { "name": "days", "in": "query", "schema": { "type": "integer" }, "description": "Entries added in last N days (default: 90)" }, { "name": "filter", "in": "query", "schema": { "type": "string" }, "description": "ransomware | recent (alternative to vendor search)" }, { "name": "lang", "in": "query", "schema": { "type": "string" }, "description": "Response language (default: en)" } ], "responses": { "200": { "description": "CISA KEV analysis JSON" }, "402": { "description": "Payment required — $0.08 USDC" } }, "x-price-usdc": 0.08, "x-model": "claude-haiku-4-5-20251001", "x-data-sources": ["CISA KEV live feed (updated daily)"] } }, "/api/cyber/osint": { "get": { "summary": "OSINT — domain and IP intelligence for authorized defensive use", "description": "Open-source intelligence on any domain or IP: Shodan port/CVE data, email security posture (SPF/DMARC/DKIM), SSL grade, threat feed status, geolocation.", "operationId": "getOsint", "parameters": [ { "name": "target", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Domain or public IP — e.g. example.com | 8.8.8.8" }, { "name": "lang", "in": "query", "schema": { "type": "string" }, "description": "Response language (default: en)" } ], "responses": { "200": { "description": "OSINT report JSON" }, "402": { "description": "Payment required — $0.15 USDC" } }, "x-price-usdc": 0.15, "x-model": "claude-haiku-4-5-20251001", "x-data-sources": ["Shodan InternetDB (free, no key)", "Tavily"] } }, "/api/cyber/threat-intel": { "get": { "summary": "Threat intelligence — global threat actors and campaigns by sector and region", "description": "Active threat campaigns, nation-state APTs, eCrime groups, TTPs, MITRE ATT&CK mapping, and regional geopolitical threat context for any industry and region globally.", "operationId": "getThreatIntel", "parameters": [ { "name": "industry", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Sector — e.g. healthcare | finance | energy | manufacturing | government | education" }, { "name": "region", "in": "query", "schema": { "type": "string" }, "description": "Region — e.g. North America | Europe | Southeast Asia | MENA | Sub-Saharan Africa | Global (default: Global)" }, { "name": "lang", "in": "query", "schema": { "type": "string" }, "description": "Response language (default: en)" } ], "responses": { "200": { "description": "Threat intelligence JSON" }, "402": { "description": "Payment required — $0.20 USDC" } }, "x-price-usdc": 0.20, "x-model": "claude-sonnet-4-6", "x-data-sources": ["CISA KEV", "Tavily global threat intelligence"] } }, "/api/cyber/ransomware-intel": { "get": { "summary": "Ransomware intelligence — group profiles, victim patterns, TTPs, defensive playbook", "description": "Ransomware group intelligence including status, targets, TTPs, ransom economics, CISA KEV linked vulns, and defensive playbook. Covers LockBit, ALPHV, Cl0p, RansomHub, BlackBasta, Akira, Play, and 50+ groups.", "operationId": "getRansomwareIntel", "parameters": [ { "name": "group", "in": "query", "schema": { "type": "string" }, "description": "Ransomware group name — e.g. LockBit | ALPHV | Cl0p | RansomHub (omit for landscape overview)" }, { "name": "lang", "in": "query", "schema": { "type": "string" }, "description": "Response language (default: en)" } ], "responses": { "200": { "description": "Ransomware intelligence JSON" }, "402": { "description": "Payment required — $0.20 USDC" } }, "x-price-usdc": 0.20, "x-model": "claude-sonnet-4-6", "x-data-sources": ["CISA KEV ransomware-linked entries", "Tavily"] } }, "/api/cyber/breach-check": { "get": { "summary": "Breach check — domain breach history and credential exposure intelligence", "description": "Known data breaches, credential dump exposure, dark web signals, and regulatory notification obligations (GDPR, CCPA, PDPA, LGPD, POPIA) for any domain.", "operationId": "getBreachCheck", "parameters": [ { "name": "domain", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Domain to check — e.g. example.com" }, { "name": "lang", "in": "query", "schema": { "type": "string" }, "description": "Response language (default: en)" } ], "responses": { "200": { "description": "Breach check JSON" }, "402": { "description": "Payment required — $0.15 USDC" } }, "x-price-usdc": 0.15, "x-model": "claude-haiku-4-5-20251001", "x-data-sources": ["Tavily OSINT"] } }, "/api/cyber/compliance-gap": { "get": { "summary": "Compliance gap analysis — global security frameworks (SOC2, ISO27001, GDPR, NIS2, PDPA, POPIA, LGPD...)", "description": "Control domains, common audit failures, penalties and enforcement, tooling recommendations, cost to comply, and fastest path to certification for 13 global security frameworks.", "operationId": "getComplianceGap", "parameters": [ { "name": "framework", "in": "query", "required": true, "schema": { "type": "string", "enum": ["SOC2", "ISO27001", "GDPR", "HIPAA", "PCI-DSS", "NIST-CSF", "NIS2", "PDPA", "POPIA", "LGPD", "CCPA", "FISMA", "CMMC"] }, "description": "Compliance framework" }, { "name": "sector", "in": "query", "schema": { "type": "string" }, "description": "Industry sector — e.g. healthcare | finance | SaaS | e-commerce" }, { "name": "lang", "in": "query", "schema": { "type": "string" }, "description": "Response language (default: en)" } ], "responses": { "200": { "description": "Compliance gap analysis JSON" }, "402": { "description": "Payment required — $0.25 USDC" } }, "x-price-usdc": 0.25, "x-model": "claude-sonnet-4-6", "x-data-sources": ["Tavily compliance research"] } }, "/api/cyber/dark-web-monitor": { "get": { "summary": "Dark web monitor — brand and domain underground intelligence (ethical OSINT)", "description": "Paste site mentions, credential dump signals, forum chatter, ransomware leak site activity, brand impersonation domains. Ethical OSINT only.", "operationId": "getDarkWebMonitor", "parameters": [ { "name": "brand", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Brand name or domain — e.g. acme.com | MyCompany" }, { "name": "lang", "in": "query", "schema": { "type": "string" }, "description": "Response language (default: en)" } ], "responses": { "200": { "description": "Dark web intelligence JSON" }, "402": { "description": "Payment required — $0.20 USDC" } }, "x-price-usdc": 0.20, "x-model": "claude-sonnet-4-6", "x-data-sources": ["Tavily OSINT"] } }, "/api/cyber/attack-surface": { "get": { "summary": "Attack surface assessment — external risk analysis for authorized defensive use", "description": "Internet-facing asset exposure, email security posture (SPF/DMARC/DKIM), supply chain risk, identity exposure, and prioritized remediation roadmap for any company.", "operationId": "getAttackSurface", "parameters": [ { "name": "company", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Company name — e.g. Acme Corporation" }, { "name": "domain", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Primary domain — e.g. acme.com" }, { "name": "lang", "in": "query", "schema": { "type": "string" }, "description": "Response language (default: en)" } ], "responses": { "200": { "description": "Attack surface assessment JSON" }, "402": { "description": "Payment required — $0.25 USDC" } }, "x-price-usdc": 0.25, "x-model": "claude-sonnet-4-6", "x-data-sources": ["Shodan InternetDB", "CISA KEV", "Tavily OSINT"] } } } }