Documentation
Web Extensions
Our browser extensions make it easy to probe websites directly from your browser while viewing them. Simply install the extension for your browser and click the Xposer icon to analyze any website you're currently visiting.
Features
- Instant Analysis: Probe any website you're viewing with a single click
- Technology Detection: Identify WordPress, Drupal, Joomla, TYPO3, and more
- Version Information: Get exact version numbers, not just product detection
- Vulnerability Reports: See security vulnerabilities for detected versions
- No Page Reload: Get results instantly without leaving the current page
How to Use
- Install the extension for your preferred browser
- Create an access token: Visit your personal access tokens page and generate a new token for the extension
- Set the access token: Open the extension settings and enter your personal access token
- Navigate to any website you want to analyze
- Click the Xposer extension icon in your browser toolbar
- Click the "Expose" button to start the analysis
- View the detailed results including product, version, and security information
Note: You'll need a Xposer.io account and available probes to use the extensions. The extensions use the same API and probe limits as the web interface.
Probe History: All successful probes will become visible in the probes interface, where you can review your scan history and results.
API Usage
Request token
To use the API you will need a personal access token. You can
generate a personal access token for each application you use that needs access to the Xposer
API.
You must pass the token as a Bearer
token in the Authorization
header
of each request. For example, when using the Guzzle HTTP library:
curl https://xposer.io/api/v1/probe-status \
-H "Accept: application/json" \
-H "Authorization: Bearer a-personal-access-token"
Probe request
Executes a probe request. Make a POST request to /api/v1/probe
curl -X POST https://xposer.io/api/v1/probe \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-H "Authorization: Bearer a-personal-access-token" \
-d "{\"target\": \"https://some.web.site\"}"
Parameters
Parameter |
Description |
target
string
|
The url of the website you want to probe
required
|
Response properties
Property |
Description |
ok
boolean
|
Status flag |
message
string
|
Status message |
product
string
|
The key of the product the target seems to be running |
productName
string
|
The name of the product the target seems to be running |
target
string
|
The target url as requested |
probedTarget
string
|
The target url as probed - after resolving redirects |
version
string
|
Detected version. In case multiple versions have been found, this property will list the highest detected version (so we err on the side of caution). All detected versions are listed in the versions property. |
versions
array
|
Detected versions. Contains multiple versions if an exact version could not be detected. |
multipleVersions
boolean
|
true if exact version could not be detected, false if exact version is found |
cves
array
|
Only returned when there are know vulnerabilities for the detected versions
"cves": {
"5.2.3": [
{
"id": "CVE-2019-17675",
"cvss": 6.8,
"severity": "medium",
"summary": "WordPress before 5.2.4 does not properly consider type confusion...",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17675"
},
{
"id": "CVE-2019-17674",
"cvss": 3.5,
"severity": "low",
"summary": "WordPress before 5.2.4 is vulnerable to stored XSS (cross-site...",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17674"
},
]
}
|
latestVersion
string
|
The last known version of this product |
latestVersion
array
|
Only returned when multiple versions were detected. The last known versions of this product. |
probeAvailable
integer
|
The number of remaining probes for this month |
Example
Request
{
"target": "https://some.site.com"
}
Response
{
"ok": true,
"message": "Exact version has been identified",
"product": "wordpress",
"productName": "Wordpress",
"target": "https://some.site.com",
"probedTarget": "https://some.site.com",
"version": "5.1.2",
"latestVersion": "5.2.3",
"supportedVersions": "no",
"probeAvailable": 57362
}
Probe status
Shows the number of probes remaining and the total number of successfully executed probes.
Make a GET request to /api/v1/probe-status
curl https://xposer.io/api/v1/probe-status \
-H "Accept: application/json" \
-H "Authorization: Bearer a-personal-access-token"
Parameters
None
Response properties
Property |
Description |
ok
boolean
|
Status flag |
probeAvailable
integer
|
The number of remaining probes |
probeUsed
integer
|
The total number of successfully executed probes |
Example
Response
{
"ok": true,
"probeAvailable": 57362
"probeUsed": 4254
}