Documentation

Web Extensions

Our browser extensions make it easy to probe websites directly from your browser while viewing them. Simply install the extension for your browser and click the Xposer icon to analyze any website you're currently visiting.

Features

  • Instant Analysis: Probe any website you're viewing with a single click
  • Technology Detection: Identify WordPress, Drupal, Joomla, TYPO3, and more
  • Version Information: Get exact version numbers, not just product detection
  • Vulnerability Reports: See security vulnerabilities for detected versions
  • No Page Reload: Get results instantly without leaving the current page

How to Use

  1. Install the extension for your preferred browser
  2. Create an access token: Visit your personal access tokens page and generate a new token for the extension
  3. Set the access token: Open the extension settings and enter your personal access token
  4. Navigate to any website you want to analyze
  5. Click the Xposer extension icon in your browser toolbar
  6. Click the "Expose" button to start the analysis
  7. View the detailed results including product, version, and security information

Note: You'll need a Xposer.io account and available probes to use the extensions. The extensions use the same API and probe limits as the web interface.

Probe History: All successful probes will become visible in the probes interface, where you can review your scan history and results.

API Usage

Request token

To use the API you will need a personal access token. You can generate a personal access token for each application you use that needs access to the Xposer API.

You must pass the token as a Bearer token in the Authorization header of each request. For example, when using the Guzzle HTTP library:

curl https://xposer.io/api/v1/probe-status \
    -H "Accept: application/json" \
    -H "Authorization: Bearer a-personal-access-token"

Probe request

Executes a probe request. Make a POST request to /api/v1/probe

curl -X POST https://xposer.io/api/v1/probe \
    -H "Accept: application/json" \
    -H "Content-type: application/json" \
    -H "Authorization: Bearer a-personal-access-token" \
    -d "{\"target\": \"https://some.web.site\"}"

Parameters

Parameter Description
target
string
The url of the website you want to probe
required

Response properties

Property Description
ok
boolean
Status flag
message
string
Status message
product
string
The key of the product the target seems to be running
productName
string
The name of the product the target seems to be running
target
string
The target url as requested
probedTarget
string
The target url as probed - after resolving redirects
version
string
Detected version. In case multiple versions have been found, this property will list the highest detected version (so we err on the side of caution). All detected versions are listed in the versions property.
versions
array
Detected versions. Contains multiple versions if an exact version could not be detected.
multipleVersions
boolean
true if exact version could not be detected, false if exact version is found
cves
array
Only returned when there are know vulnerabilities for the detected versions
"cves": {
    "5.2.3": [
        {
            "id":       "CVE-2019-17675",
            "cvss":     6.8,
            "severity": "medium",
            "summary":  "WordPress before 5.2.4 does not properly consider type confusion...",
            "url":      "https://nvd.nist.gov/vuln/detail/CVE-2019-17675"
        },
        {
            "id":       "CVE-2019-17674",
            "cvss":     3.5,
            "severity": "low",
            "summary":  "WordPress before 5.2.4 is vulnerable to stored XSS (cross-site...",
            "url":      "https://nvd.nist.gov/vuln/detail/CVE-2019-17674"
        },
    ]
}
latestVersion
string
The last known version of this product
latestVersion
array
Only returned when multiple versions were detected. The last known versions of this product.
probeAvailable
integer
The number of remaining probes for this month

Example

Request
{
    "target": "https://some.site.com"
}
Response
{
    "ok": true,
    "message": "Exact version has been identified",
    "product": "wordpress",
    "productName": "Wordpress",
    "target": "https://some.site.com",
    "probedTarget": "https://some.site.com",
    "version": "5.1.2",
    "latestVersion": "5.2.3",
    "supportedVersions": "no",
    "probeAvailable": 57362
}

Probe status

Shows the number of probes remaining and the total number of successfully executed probes.

Make a GET request to /api/v1/probe-status

curl https://xposer.io/api/v1/probe-status \
    -H "Accept: application/json" \
    -H "Authorization: Bearer a-personal-access-token"

Parameters

None

Response properties

Property Description
ok
boolean
Status flag
probeAvailable
integer
The number of remaining probes
probeUsed
integer
The total number of successfully executed probes

Example

Response
{
    "ok": true,
    "probeAvailable": 57362
    "probeUsed": 4254
}