Documentation

API Usage

Request token

To use the API you will need a personal access token. You can generate a personal access token for each application you use that needs access to the Xposer API.

You must pass the token as a Bearer token in the Authorization header of each request. For example, when using the Guzzle HTTP library:

curl https://xposer.io/api/v1/probe-status \
    -H "Accept: application/json" \
    -H "Authorization: Bearer a-personal-access-token"

Probe request

Executes a probe request. Make a POST request to /api/v1/probe

curl -X POST https://xposer.io/api/v1/probe \
    -H "Accept: application/json" \
    -H "Content-type: application/json" \
    -H "Authorization: Bearer a-personal-access-token" \
    -d "{\"target\": \"https://some.web.site\"}"

Parameters

Parameter Description
target
string
The url of the website you want to probe
required

Response properties

Property Description
ok
boolean
Status flag
message
string
Status message
product
string
The key of the product the target seems to be running
productName
string
The name of the product the target seems to be running
target
string
The target url as requested
probedTarget
string
The target url as probed - after resolving redirects
version
string
Detected version. In case multiple versions have been found, this property will list the highest detected version (so we err on the side of caution). All detected versions are listed in the versions property.
versions
array
Detected versions. Contains multiple versions if an exact version could not be detected.
multipleVersions
boolean
true if exact version could not be detected, false if exact version is found
cves
array
Only returned when there are know vulnerabilities for the detected versions
"cves": {
    "5.2.3": [
        {
            "id":       "CVE-2019-17675",
            "cvss":     6.8,
            "severity": "medium",
            "summary":  "WordPress before 5.2.4 does not properly consider type confusion...",
            "url":      "https://nvd.nist.gov/vuln/detail/CVE-2019-17675"
        },
        {
            "id":       "CVE-2019-17674",
            "cvss":     3.5,
            "severity": "low",
            "summary":  "WordPress before 5.2.4 is vulnerable to stored XSS (cross-site...",
            "url":      "https://nvd.nist.gov/vuln/detail/CVE-2019-17674"
        },
    ]
}
latestVersion
string
The last known version of this product
latestVersion
array
Only returned when multiple versions were detected. The last known versions of this product.
probeAvailable
integer
The number of remaining probes for this month

Example

Request
{
    "target": "https://some.site.com"
}
Response
{
    "ok": true,
    "message": "Exact version has been identified",
    "product": "wordpress",
    "productName": "Wordpress",
    "target": "https://some.site.com",
    "probedTarget": "https://some.site.com",
    "version": "5.1.2",
    "latestVersion": "5.2.3",
    "supportedVersions": "no",
    "probeAvailable": 57362
}

Probe status

Shows the number of probes remaining and the total number of successfully executed probes.

Make a GET request to /api/v1/probe-status

curl https://xposer.io/api/v1/probe-status \
    -H "Accept: application/json" \
    -H "Authorization: Bearer a-personal-access-token"

Parameters

None

Response properties

Property Description
ok
boolean
Status flag
probeAvailable
integer
The number of remaining probes
probeUsed
integer
The total number of successfully executed probes

Example

Response
{
    "ok": true,
    "probeAvailable": 57362
    "probeUsed": 4254
}