Bugb Threat Intelligence
Planet‑scale visibility with AI that enriches every signal and agents that prove exploitability. Evidence‑backed intelligence you can ship to owners with confidence.
We find more services and protocols than other Internet‑scale providers.
AI enriches each observation: stack, auth, risk, owners.
VVTI provides PoC + evidence. If it’s listed, it’s vulnerable.
We continuously map the public Internet. Below is a compact catalogue you can filter or expand in product. Highlights:
- DNS (A/AAAA/CNAME/NS/MX/TXT/SOA) + reverse DNS
- Certificates (SANs, issuers, expiry, key params)
- Whois snapshots & registrar drift
- Open ports & service/version mapping
- Banners across HTTP/SMTP/SSH/FTP/IMAP/POP3/…
- HTML responses & redirect chains
- Edge/CDN/WAF presence
- Geo, cloud, region & ASNs
- Mobile/API endpoints
- Object storage exposure (S3/GCS/Azure)
- K8s/Container UIs & orchestrators
- IoT/OT surfaces (MQTT, Modbus, BACnet, …)
- Protocol traits (HTTP/2, QUIC, TLS, SSH, RDP, SMB, MQTT, AMQP)
- JA3 / JA3S, JARM
- Service fingerprints & tech‑stack inference
- Auth patterns (Basic/OAuth/OIDC/SAML)
- Botnets, malware infra, C2 panels
- Sinkhole & honeypot correlations
- Credential leak metadata & paste/code artefacts
- Banner & HTML parse
- Redirect chain map
- Endpoint/param mining
- Tech‑stack inference
- Chain health
- Issuer/expiry drift
- JA3/JA3S
- Weak ciphers
- Version/auth hints
- Default‑creds signals
- Brute heuristics
- Exposed UIs
- RBAC hints
- Image signatures
- Unauth exposure
- Version→CVE map
- Replica/role detect
- Family attribution
- Infra graph
- Sinkhole overlap
Agents attach to each discovered host, learn its stack, select exploit templates, run safe checks in sandbox, and verify impact. You can trigger manual checks too. If it appears here, it is vulnerable.
- Cert SANs & issuers, forward/reverse DNS
- App content (about/policy/contact) & redirects
- Infra ownership & routing patterns
- Enriched org profiles (6sense, Apollo, …)
- Decision‑maker discovery & contacts
- Pre‑filled responsible disclosure email drafts
- Hunt exposures and validated vulns
- Use PoCs & evidence packs
- Export intelligence for offline study
- External TI feeds plug into BUGB CNAPP
- Correlated with discovered cloud architecture
- Autofix plans with guardrails
- Nation‑scale malware/C2 tracking
- Honeypot analytics & state actor patterns
- Gov domain/asset TI curation
Security data is our big data. We train models on it and collaborate with universities in India and the US to build meaningful outcomes. Curated datasets are available under responsible use.
If you’re a student or researcher, write to info@bugb.report. We can provide datasets to work on and guidance for citation.
| Type | Value | Severity | First Seen | Last Seen | Tags |
|---|---|---|---|---|---|
| IP | 203.0.113.21 | High | 2025-10-20 | 2025-10-21 | C2SSH Brute |
| Domain | api-greyfalcon[.]com | Critical | 2025-10-19 | 2025-10-21 | PhishExfil |
| Hash | 2b1f…e9a0 | Medium | 2025-10-17 | 2025-10-18 | MalwareLoader |
| URL | hxxp://pay‑svc[.]cc/track | High | 2025-10-16 | 2025-10-21 | SSRFCallback |
Build your own workflows on top of Bugb TI.
GET /api/v1/ti/iocs?query=domain:example.com&severity=high Authorization: Bearer <token>
GET /api/v1/ti/validated?since=2025-10-01 Authorization: Bearer <token>
POST /api/v1/ti/evidence
{ "service": "payments-api", "vector": "ssrf", "poc": "…", "autoverify": true }GET /api/v1/ti/attrib?ip=203.0.113.21 Authorization: Bearer <token>