Documentation

API Usage

Request token

To use the API you will need a personal access token. You can generate a personal access token for each application you use that needs access to the Xposer API.

You must pass the token as a Bearer token in the Authorization header of each request. For example, when using the Guzzle HTTP library:

curl https://xposer.io/api/v1/probe-status \
    -H "Accept: application/json" \
    -H "Authorization: Bearer a-personal-access-token"

Probe request

Executes a probe request. Make a POST request to /api/v1/probe

curl -X POST https://xposer.io/api/v1/probe \
    -H "Accept: application/json" \
    -H "Content-type: application/json" \
    -H "Authorization: Bearer a-personal-access-token" \
    -d "{\"target\": \"https://some.web.site\"}"

Parameters

Parameter Description
target
string
The url of the website you want to probe
required
uncached
boolean
Run a fresh probe
optional

Response properties

Property Description
ok
boolean
Status flag
message
string
Status message
product
string
The key of the product the target seems to be running
productName
string
The name of the product the target seems to be running
target
string
The target url as requested
probedTarget
string
The target url as probed - after resolving redirects
version
string
Detected version. This may be a list if several versions are possible. In that case, all possible versions are listed in the versions property.
versions
array
Detected versions. If the exact version could not be determined, an array of possible versions is returned.
cves
array
Only returned when there are know vulnerabilities for the detected versions
"cves": {
    "5.2.3": [
        {
            "id":       "CVE-2019-17675",
            "cvss":     6.8,
            "severity": "medium",
            "summary":  "WordPress before 5.2.4 does not properly consider type confusion...",
            "url":      "https://nvd.nist.gov/vuln/detail/CVE-2019-17675"
        },
        {
            "id":       "CVE-2019-17674",
            "cvss":     3.5,
            "severity": "low",
            "summary":  "WordPress before 5.2.4 is vulnerable to stored XSS (cross-site...",
            "url":      "https://nvd.nist.gov/vuln/detail/CVE-2019-17674"
        },
    ]
}
stableVersion
string
The last known stable version of this product
supportedVersion
bool
Is the version found still supported by the product?
supportedVersions
array
Only returned when multiple versions were detected. Is the version found still supported by the product? An array with one entry per possible version.
"supportedVersions": {
    "8.7.4": true,
    "8.7.5": true
}
probeAvailable
integer
The number of remaining probes for this month
cached
bool
true if the response was served from the cache

Example

Request
{
    "target": "https://some.site.com"
}
Response
{
    "ok": true,
    "message": "Exact version has been identified",
    "product": "wordpress",
    "productName": "Wordpress",
    "target": "https://some.site.com",
    "probedTarget": "https://some.site.com",
    "version": "5.1.2",
    "stableVersion": "5.2.3",
    "supportedVersions": "no",
    "probeAvailable": 57362,
    "cached": false
}

Probe status

Shows the number of probes remaining and the total number of successfully executed probes.

Make a GET request to /api/v1/probe-status

curl https://xposer.io/api/v1/probe-status \
    -H "Accept: application/json" \
    -H "Authorization: Bearer a-personal-access-token"

Parameters

None

Response properties

Property Description
ok
boolean
Status flag
probeAvailable
integer
The number of remaining probes
probeUsed
integer
The total number of successfully executed probes

Example

Response
{
    "ok": true,
    "probeAvailable": 57362
    "probeUsed": 4254
}