exploitdb-json-api

JSON API for ExploitDB Website

Requirements

Install NodeJS, and a MySQL database.

How to install it?

Clone my repo and the submodule (Exploit database repo). To do so:

git clone --recursive https://github.com/PaulSec/exploitdb-json-api.git
cd exploitdb-json-api

Then, create database and exploits table using the sql file:

mysql -uroot < create.sql

Move or copy files.csv (from Exploitdb project in /tmp/) and change the permissions to the file

mv exploitdb/files.csv /tmp/files.csv
chown mysql:mysql /tmp/files.csv

Import the data in the database:

LOAD DATA INFILE "/tmp/files.csv"
INTO TABLE exploitdb.exploits
FIELDS TERMINATED BY ','
ENCLOSED BY '"'
LINES TERMINATED BY '\n'
IGNORE 1 ROWS;

And finally (pfewww), change credentials to access the db in the model.js file.

Launch it

Two commands will do it:

npm install
node server.js

Use it

Server should be accessible at:

http://127.0.0.1:8080/exploits

This will retrieve you ALL the exploits (Be careful).

Filtering

Filter by Author:

http://127.0.0.1:8080/exploits?author=paul

Filter by Description:

http://127.0.0.1:8080/exploits?description=Linux

Filter by Date:

You can search older exploits specifying the before filter (equivalent to a <=).

http://127.0.0.1:8080/exploits?before=2005

Or the after one (equivalent to a >=):

http://127.0.0.1:8080/exploits?after=2005

Filter by Type:

http://127.0.0.1:8080/exploits?type=dos

Different type are: remote, local, webapps, dos, shellcode.

Filter by Platform:

http://127.0.0.1:8080/exploits?platform=linux

Different platform are: windows, linux, solaris, php, osx, bsd, cgi, hardware, multiple, hp-ux, tru64, sco, novell, irix, unix, aix, win32, ultrix, asp, qnx, plan9, jsp, openbsd, minix, freebsd, android, ios, netbsd_x86, bsd_ppc, bsd_x86, bsdi_x86, freebsd_x86, freebsd_x86-64, generator, lin_amd64, linux_mips, linux_ppc, linux_sparc, lin_x86, lin_x86-64, openbsd_x86, osx_ppc, sco_x86, solaris_sparc, solaris_x86, unixware, win64, arm, cfm, netware, sh4, java, beos, immunix, palm_os, atheos, mips, xml.

Filter by Port:

http://127.0.0.1:8080/exploits?port=80

Combining filters

Obviously, you can combine them all:

http://127.0.0.1:8080/exploits?author=paul&description=Linux&before=2005&type=dos

Getting information about a specific exploit

http://127.0.0.1:8080/exploits/2/

returns you a JSON response which looks like:

[{"id":2,"file":"platforms/windows/remote/2.c","description":"Microsoft Windows WebDAV - Remote PoC Exploit","_date":"2003-03-24T00:00:00.000Z","author":"RoMaNSoFt","platform":"windows","type":"remote","port":"80"}]

Retrieving a specific PoC

http://127.0.0.1:8080/exploits/2/attachment

retrieves you the attachment (the exploit file) for the exploit using the id 2.

Contributing

You want to help me creating a Webapp interface? You found a bug? Create an issue or contact me via Twitter @PaulWebSec.

License

MIT License. Exploit-Database is a project sponsored by Offensive Security.