exploitdb-API/API.php at master · asrocha/exploitdb-API · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<?php

/**
 * @file API.php
  This file is the API to Search Exploits
 * it sync the files with the database
 * @author: Adilson Santos da Rocha
 * @copyright: Nstalker - Redesegura 2016
 * @licence: GPLv3
 * @date  {{$date}}
 * */
error_reporting(1);


include_once "exploitdb.class.php";

function byCVE($cve) {

    $exploitdb = new exploitdb();
    return $exploitdb->byCVE($cve);
}

function byOSVDB($osvdb) {
    $exploitdb = new exploitdb();
    return $exploitdb->byOSVDB($osvdb);
}

function byTitle($title) {
    $exploitdb = new exploitdb();
    return $exploitdb->byTitle($title);
}

function statistcs(){
    $exploitdb = new exploitdb();
    return $exploitdb->CountExploit();

}

function Route() {
    try {


        $method = $_SERVER['REQUEST_METHOD'];

        if ($method == "GET") {
            //used in case of query-strig like http://example.com/api.php?cve=2016-1234

            if (isset($_SERVER['QUERY_STRING'])) {

                if ((isset($_GET['cve'])) || (isset($_GET['CVE'])) || (isset($_GET['byCVE'])) || (isset($_GET['bycve']))) {

                    //by CVE extracting CVE
                    $CVE = (isset($_GET['CVE'])) ? $_GET['CVE'] : $CVE;
                    $CVE = (isset($_GET['cve'])) ? $_GET['cve'] : $CVE;
                    $CVE = (isset($_GET['byCVE'])) ? $_GET['byCVE'] : $CVE;
                    $CVE = (isset($_GET['bycve'])) ? $_GET['bycve'] : $CVE;

                    $resp = byCVE($CVE);
                } else if ((isset($_GET['osvdb'])) || (isset($_GET['OSVDB'])) || (isset($_GET['byOSVDB'])) || (isset($_GET['byosvdb']))) {

                    //by OSVDB extracting  OSVDB
                    $OSVDB = (isset($_GET['osvdb'])) ? $_GET['osvdb'] : $OSVDB;
                    $OSVDB = (isset($_GET['OSVDB'])) ? $_GET['OSVDB'] : $OSVDB;
                    $OSVDB = (isset($_GET['byOSVDB'])) ? $_GET['byOSVDB'] : $OSVDB;
                    $OSVDB = (isset($_GET['byosvdb'])) ? $_GET['byosvdb'] : $OSVDB;


                    $resp = byOSVDB($OSVDB);
                } else if ((isset($_GET['exploit']))) {

                    //by title aka exploit
                    $title = $_GET['exploit'];


                    $resp = byTitle($title);
                } else if ((isset($_GET['statistcs']))) {

                    $resp = statistcs();

                } else {
                    $resp = json_encode(array('ERROR' => '500', 'Code' => 'Sory, try another Thing '));
                }
            }//end of query string proccessement
            else {

                /**
                 * used in case of rewite_mod like http://example.com/api/cve/2016-1234
                 *
                 */
                $request = explode('/', trim($_SERVER['REQUEST_URI'], '/'));
                // it is used to  use only the lasts 2 slashed part of URL
                // then your URL can be http://example.com/api/db-exploit/cve/2016-1234
                $method_index = (sizeof($request) - 2);
                $value = (sizeof($request) - 1);


                if (($request[$method_index] == 'cve') || ($request[$method_index] == 'CVE') || ($request[$method_index] == 'bycve') || ($request[$method_index] == 'byCVE')) {

                    $resp = byCVE($request[$value]);
                }
                if (($request[$method_index] == 'osvdb') || ($request[$method_index] == 'OSVDB') || ($request[$method_index] == 'byosvdb') || ($request[$method_index] == 'byOSVDB')) {

                    $resp = byOSVDB($request[$value]);
                }
                if (($request[$method_index] == 'exploit') || ($request[$method_index] == 'title')) {

                    $resp = byTitle($request[$value]);
                }
                if (($request[$method_index] == 'statistcs') ||($request[$value] == 'statistcs') ) {


                    $resp = statistcs();
                }
            }
        }// end of GET processement
        //precessing method POST
        else if ($method == "POST") {

            //
            if ($_POST['method'] == 'cve') {
                $resp = byCVE($_POST['data']);
            } else if ($_POST['method'] == 'osvdb') {
                $resp = byOSVDB($_POST['data']);
            } else if ($_POST['method'] == 'exploit') {
                $resp = byTitle($_POST['data']);
            } else {


                $resp = json_encode(array('ERROR' => '500', 'Code' => 'Sory, try another Method '));
            }
        }
        header('Content-Type: application/json; charset=utf-8');
        echo ($resp);
    } catch (Exception $e) {
        echo json_encode($e);
    }
}

Route();