Free Cybersecurity Data Sources for Raw Trend Data Snapshots

Real-time Threat Intelligence

CVE Databases

• National Vulnerability Database (NVD)

  • https://nvd.nist.gov/

  • API: https://nvd.nist.gov/developers/vulnerabilities

  • JSON Feed: https://nvd.nist.gov/feeds/json/cve/1.1

• MITRE CVE

  • https://cve.mitre.org/

  • Search: https://cve.mitre.org/cgi-bin/cvename.cgi

• Exploit-DB

  • https://www.exploit-db.com/

  • JSON API: https://www.exploit-db.com/api/

Internet-wide Scanning Data

• Shodan

  • https://www.shodan.io/

  • Free Tier: https://account.shodan.io/register

  • Query Help: https://help.shodan.io/

• Project Sonar (Rapid7)

  • https://opendata.rapid7.com/

  • Sonar datasets: https://opendata.rapid7.com/sonar.rapid7.com/

  • DNS: https://opendata.rapid7.com/sonar.rapid7.com/2024-01-dns-ptr/

  • SSL Certificates: https://opendata.rapid7.com/sonar.rapid7.com/2024-01-ssl-certificates/

• Censys

  • https://censys.io/

  • Free Account: https://app.censys.io/register

  • API Docs: https://docs.censys.io/api

IP Reputation

• GreyNoise

  • https://www.greynoise.io/

  • Free Community API: https://docs.greynoise.io/reference/community-api

  • Query: https://www.greynoise.io/viz/query/

Malware & Botnet Data

IP/Domain Abuse Tracking

• AbuseIPDB

  • https://www.abuseipdb.com/

  • Check IP: https://www.abuseipdb.com/check

  • API (Free): https://docs.abuseipdb.com/

• URLhaus (Abuse.ch)

  • https://urlhaus.abuse.ch/

  • API: https://urlhaus-api.abuse.ch/v1/

  • Phishing URLs: https://urlhaus.abuse.ch/browse/phishing/

  • Malware URLs: https://urlhaus.abuse.ch/browse/malware/

• PhishTank

  • https://phishtank.com/

  • Verified Phishing: https://phishtank.com/phish_archive.php

  • JSON API: https://phishtank.com/api_info.php

Malware Signatures

• YARA Rules (GitHub)

  • https://github.com/Yara-Rules/rules

  • VirusShare YARA: https://github.com/VirusShare/VirusShare

  • YARA Rules Index: https://github.com/topics/yara-rules

• Shodan Botnet/C2 Tracking

  • Query syntax: https://help.shodan.io/

  • Example C2 filter: ssl.cert.subject:"*botnet*" (Shodan query)

DNS & Domain Intelligence

Passive DNS & Historical Data

• DShield (Internet Storm Center)

  • https://www.dshield.org/

  • Top Attackers: https://www.dshield.org/top10.html

  • API: https://isc.sans.edu/api/

  • Passive DNS: https://www.dshield.org/reports/dns/

• OpenDNS Umbrella

  • https://umbrella.cisco.com/

  • Top Domains: https://docs.umbrella.com/investigate-api/docs

  • Free Tier: Limited API access via registration

• Farsight Security DNSDB

  • https://www.farsightsecurity.com/

  • Free Community Tier: https://www.farsightsecurity.com/trial/

Certificate Transparency

• Certificate Transparency Logs (crt.sh)

  • https://crt.sh/

  • Search: https://crt.sh/?q=example.com

  • JSON API: https://crt.sh/?q=example.com&output=json

• Google CT Logs

  • https://certificate.transparency.dev/

  • Log List: https://certificate.transparency.dev/logs/

• CT Search Alternative (Certspotter)

  • https://certspotter.com/

  • Free: https://certspotter.com/integrations/

Domain & WHOIS Data

• WHOIS Data (Bulk)

  • IANA WHOIS: https://www.iana.org/whois

  • Verisign WHOIS: https://www.verisign.com/whois

• DNS Dumpster

  • https://dnsdumpster.com/

  • Free DNS reconnaissance tool

Network & Traffic Patterns

Internet Topology & BGP Data

• CAIDA Datasets

  • https://www.caida.org/

  • Data & Maps: https://www.caida.org/data/

  • Router Topology: https://www.caida.org/data/routing/

• Team Cymru IP Reputation

  • https://www.team-cymru.com/

  • IP ASN Lookup: https://asn.cymru.com/

  • Whois API: https://www.team-cymru.com/IP-ASN-mapping.html

• RIPE NCC Routing Data

  • https://www.ripe.net/

  • RIPEstat API: https://stat.ripe.net/

  • BGP Data: https://www.ripe.net/data-tools/stats

Firewall & IDS Logs

• DShield (Covered Above)

  • Firewall logs: https://www.dshield.org/

  • Port Activity: https://www.dshield.org/reports/top-ports/

  • Attacks by Country: https://www.dshield.org/reports/sources/

Attack Surface Data

Vulnerability Disclosures

• HackerOne Disclosures

  • https://hackerone.com/

  • Public Reports: https://hackerone.com/reports

  • Hacker-powered Security: https://hackerone.com/vulnerability-disclosure

Bug Bounty Aggregation

• Intigriti Leaderboard

  • https://www.intigriti.com/

  • Public Bugs: https://www.intigriti.com/programs

• Bugcrowd Data

  • https://www.bugcrowd.com/

  • Public Disclosures: (varies by program)

Web Vulnerability Standards

• OWASP Top 10

  • https://owasp.org/www-project-top-ten/

  • 2021 Latest: https://owasp.org/Top10/

• OWASP API Top 10

  • https://owasp.org/www-project-api-security/

Ransomware Tracking

• Ransomware.live

  • https://ransomware.live/

  • Payment sites tracker: https://ransomware.live/?tab=payments

• Ransomware Leak Sites Tracker

  • https://www.bleepingcomputer.com/tag/ransomware-data-leak-sites/

• CISA Ransomware Guide

  • https://www.cisa.gov/ransomware/

Application Security

Code Repository Analysis

• GitHub Advanced Search

  • https://github.com/search/advanced

  • Secrets scanning: https://github.com/search?q=language:json+password

  • Public datasets: https://github.com/topics/vulnerability-database

Dependency Vulnerability Data

• npm Security Advisories

  • https://www.npmjs.com/advisories

  • npm Audit: https://docs.npmjs.com/cli/v8/commands/npm-audit

  • JSON Feed: https://registry.npmjs.org/

• Python Package Index (PyPI) Vulnerabilities

  • https://pypi.org/

  • Safety Database: https://pyup.io/

  • Bandit Security Scanner: https://bandit.readthedocs.io/

• OWASP Dependency-Check

  • https://owasp.org/www-project-dependency-check/

  • NVD Integration: Uses NVD data

  • GitHub Action: https://github.com/dependency-check/Dependency-Check_Action

SBOM & Component Tracking

• NTIA SBOM Minimum Elements

  • https://ntia.gov/report/2021/minimum-elements-software-bill-materials-sbom

• CycloneDX (SBOM Standard)

  • https://cyclonedx.org/

  • Component Index: https://cyclonedx.org/schema/

• SPDX (Software Package Data Exchange)

  • https://spdx.dev/

  • License List: https://spdx.org/licenses/

Geopolitical & Regulatory

Data Breach Notifications

• HHS Breach Portal (HIPAA)

  • https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

• California Attorney General Data Breaches

  • https://oag.ca.gov/privacy/databreach/

• New York Attorney General (23 NYCRR 500)

  • https://www.ag.ny.gov/internet-bureau/cybersecurity

Regulatory & Advisory Data

• CISA Alerts & Advisories

  • https://www.cisa.gov/news-events/alerts-advisories

  • Active Exploited Vulnerabilities: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

  • ICS Advisories: https://www.cisa.gov/ics-advisories

Privacy & Compliance Enforcement

• GDPR Fines Database

  • https://www.gdprhub.eu/

  • Enforcement Tracker: https://www.enforcementtracker.com/

• FTC Data Breaches

  • https://reportfraud.ftc.gov/

  • FTC Cases: https://www.ftc.gov/cases-proceedings/

• FBI IC3 Internet Crime Report

  • https://ic3.gov/

  • Annual Reports: https://www.ic3.gov/Media/PDF/

Ransomware Payment Tracking

• Ransomware Payment Tracker (Statista/Academic)

  • Chainalysis: https://www.chainalysis.com/

  • Crypto Ransomware Payments: Tracked via blockchain analysis

• Patchwork AI/Academic Datasets

  • https://patchwork.ai/