Documentation

API Usage

Request token

To use the API you will need a personal access token. You can generate a personal access token for each application you use that needs access to the Xposer API.

You must pass the token as a Bearer token in the Authorization header of each request. For example, when using the Guzzle HTTP library:

curl https://xposer.io/api/v1/probe-status \
    -H "Accept: application/json" \
    -H "Authorization: Bearer a-personal-access-token"

Probe request

Executes a probe request. Make a POST request to /api/v1/probe

curl -X POST https://xposer.io/api/v1/probe \
    -H "Accept: application/json" \
    -H "Content-type: application/json" \
    -H "Authorization: Bearer a-personal-access-token" \
    -d "{\"target\": \"https://some.web.site\"}"

Parameters

Parameter Description
target
string
 The url of the website you want to probe
required

Response properties

Property Description
ok
boolean
 Status flag
message
string
 Status message
product
string
 The key of the product the target seems to be running
productName
string
 The name of the product the target seems to be running
target
string
 The target url as requested
probedTarget
string
 The target url as probed - after resolving redirects
version
string
 Detected version. In case multiple versions have been found, this property will list the highest detected version (so we err on the side of caution). All detected versions are listed in the versions property.
versions
array
 Detected versions. Contains multiple versions if an exact version could not be detected.
multipleVersions
boolean
 true if exact version could not be detected, false if exact version is found
cves
array
 Only returned when there are know vulnerabilities for the detected versions 
"cves": {
    "5.2.3": [
        {
            "id":       "CVE-2019-17675",
            "cvss":     6.8,
            "severity": "medium",
            "summary":  "WordPress before 5.2.4 does not properly consider type confusion...",
            "url":      "https://nvd.nist.gov/vuln/detail/CVE-2019-17675"
        },
        {
            "id":       "CVE-2019-17674",
            "cvss":     3.5,
            "severity": "low",
            "summary":  "WordPress before 5.2.4 is vulnerable to stored XSS (cross-site...",
            "url":      "https://nvd.nist.gov/vuln/detail/CVE-2019-17674"
        },
    ]
}
latestVersion
string
 The last known version of this product
latestVersion
array
 Only returned when multiple versions were detected. The last known versions of this product.
probeAvailable
integer
 The number of remaining probes for this month

Example

Request 
{
    "target": "https://some.site.com"
}
Response 
{
    "ok": true,
    "message": "Exact version has been identified",
    "product": "wordpress",
    "productName": "Wordpress",
    "target": "https://some.site.com",
    "probedTarget": "https://some.site.com",
    "version": "5.1.2",
    "latestVersion": "5.2.3",
    "supportedVersions": "no",
    "probeAvailable": 57362
}

Probe status

Shows the number of probes remaining and the total number of successfully executed probes.

Make a GET request to /api/v1/probe-status

curl https://xposer.io/api/v1/probe-status \
    -H "Accept: application/json" \
    -H "Authorization: Bearer a-personal-access-token"

Parameters

None

Response properties

Property Description
ok
boolean
 Status flag
probeAvailable
integer
 The number of remaining probes
probeUsed
integer
 The total number of successfully executed probes

Example

Response 
{
    "ok": true,
    "probeAvailable": 57362
    "probeUsed": 4254
}