JSON API for ExploitDB Website
Install NodeJS, and a MySQL database.
Clone my repo and the submodule (Exploit database repo). To do so:
git clone --recursive https://github.com/PaulSec/exploitdb-json-api.git
cd exploitdb-json-api
Then, create database and exploits table using the sql file:
mysql -uroot < create.sql
Move or copy files.csv (from Exploitdb project in /tmp/) and change the permissions to the file
mv exploitdb/files.csv /tmp/files.csv
chown mysql:mysql /tmp/files.csv
Import the data in the database:
LOAD DATA INFILE "/tmp/files.csv"
INTO TABLE exploitdb.exploits
FIELDS TERMINATED BY ','
ENCLOSED BY '"'
LINES TERMINATED BY '\n'
IGNORE 1 ROWS;
And finally (pfewww), change credentials to access the db in the model.js
file.
Two commands will do it:
npm install
node server.js
Server should be accessible at:
http://127.0.0.1:8080/exploits
This will retrieve you ALL the exploits (Be careful).
http://127.0.0.1:8080/exploits?author=paul
http://127.0.0.1:8080/exploits?description=Linux
You can search older exploits specifying the before filter (equivalent to a <=).
http://127.0.0.1:8080/exploits?before=2005
Or the after one (equivalent to a >=):
http://127.0.0.1:8080/exploits?after=2005
http://127.0.0.1:8080/exploits?type=dos
Different type are: remote, local, webapps, dos, shellcode.
http://127.0.0.1:8080/exploits?platform=linux
Different platform are: windows, linux, solaris, php, osx, bsd, cgi, hardware, multiple, hp-ux, tru64, sco, novell, irix, unix, aix, win32, ultrix, asp, qnx, plan9, jsp, openbsd, minix, freebsd, android, ios, netbsd_x86, bsd_ppc, bsd_x86, bsdi_x86, freebsd_x86, freebsd_x86-64, generator, lin_amd64, linux_mips, linux_ppc, linux_sparc, lin_x86, lin_x86-64, openbsd_x86, osx_ppc, sco_x86, solaris_sparc, solaris_x86, unixware, win64, arm, cfm, netware, sh4, java, beos, immunix, palm_os, atheos, mips, xml.
http://127.0.0.1:8080/exploits?port=80
Obviously, you can combine them all:
http://127.0.0.1:8080/exploits?author=paul&description=Linux&before=2005&type=dos
http://127.0.0.1:8080/exploits/2/
returns you a JSON response which looks like:
[{"id":2,"file":"platforms/windows/remote/2.c","description":"Microsoft Windows WebDAV - Remote PoC Exploit","_date":"2003-03-24T00:00:00.000Z","author":"RoMaNSoFt","platform":"windows","type":"remote","port":"80"}]
http://127.0.0.1:8080/exploits/2/attachment
retrieves you the attachment (the exploit file) for the exploit using the id 2.
You want to help me creating a Webapp interface? You found a bug? Create an issue or contact me via Twitter @PaulWebSec.
MIT License. Exploit-Database is a project sponsored by Offensive Security.