Added first version of the API

PaulSec · PaulSec · commit fb96fabcc09f · 2015-01-11T21:51:37.000Z
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+node_modules/*
+exploitdb/*
diff --git a/create.sql b/create.sql
@@ -0,0 +1,14 @@
+CREATE DATABASE IF NOT EXISTS exploitdb;
+
+# id,file,description,date,author,platform,type,port
+CREATE TABLE IF NOT EXISTS exploitdb.exploits (
+  id INT NOT NULL AUTO_INCREMENT,
+  file VARCHAR(255) NOT NULL,
+  description VARCHAR(255) NOT NULL,
+  _date DATE NOT NULL,
+  author VARCHAR(255) NOT NULL,
+  platform VARCHAR(255) NOT NULL,
+  type VARCHAR(255) NOT NULL,
+  port INT NOT NULL,
+  PRIMARY KEY (id)
+);
diff --git a/model.js b/model.js
@@ -0,0 +1,44 @@
+var mysql      = require('mysql');
+var connection = mysql.createConnection({
+    host     : 'localhost',
+    user     : 'root', // change line to fit your requirements
+    password : '', // change line to fit your requirements
+    database : 'exploitdb'    
+});
+
+connection.connect(function(err) {
+    if (err) {
+        console.error('error connecting: ' + err.stack);
+        return;
+    }
+    console.log('connected as id ' + connection.threadId);
+});
+
+exports.getExploits = function(id, options, callback) {
+    var sql = 'SELECT * from exploits';
+    var tmp = '';
+    for (var key in options) {
+        if (key == 'before' || key == 'after') {
+            tmp += ' AND _date';
+            if (key == 'before') {
+                tmp += ' <= ';
+            } else {
+                tmp += ' >= ';
+            }
+            tmp += connection.escape(options[key]);
+        } else {
+            tmp += " AND " + key + " LIKE " + connection.escape('%' +options[key] + '%');
+        }
+    }
+    if (id != undefined) {
+         sql += ' WHERE id = ' + connection.escape(id) + tmp;
+    } else {
+        // replace the first occurence of 'AND' with a 'WHERE'
+        sql += tmp.replace('AND', 'WHERE');
+    }
+    
+    connection.query(sql, function(err, results) {
+        if (err) throw err;
+        callback(results);
+    });
+}
diff --git a/package.json b/package.json
@@ -0,0 +1,25 @@
+{
+  "name": "exploitdb-json-api",
+  "version": "0.0.1",
+  "description": "ExploitDB JSON API",
+  "main": "server.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "start": "node server.js"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/PaulSec/exploitdb-json-api.git"
+  },
+  "author": "PaulSec",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/PaulSec/exploitdb-json-api/issues"
+  },
+  "homepage": "https://github.com/PaulSec/exploitdb-json-api",
+  "dependencies": {
+    "express": "^4.10.7",
+    "mysql": "^2.5.4",
+    "mime": "^1.2.11"
+  }
+}
diff --git a/server.js b/server.js
@@ -0,0 +1,88 @@
+var express    = require('express');        // call express
+var app        = express();                 // define our app using express
+var fs         = require('fs');
+var model      = require('./model.js');
+var path       = require('path');
+var mime       = require('mime');
+
+var port = process.env.PORT || 8080;        // set our port
+
+var router = express.Router();              // get an instance of the express Router
+
+// router.get('/', function(req, res) {
+//    res.send("test");
+// });
+
+function parseParameters(req, callback) {
+    options = {}
+    if (req.query.author != undefined) {
+        options['author'] = req.query.author;
+    }
+    if (req.query.platform != undefined) {
+        options['platform'] = req.query.platform;
+    }
+    if (req.query.port != undefined) {
+        options['port'] = req.query.port;
+    }
+    if (req.query.description != undefined) {
+        options['description'] = req.query.description;
+    }
+    if (req.query.type != undefined) {
+        options['type'] = req.query.type;
+    }
+    if (req.query.before != undefined) {
+        options['before'] = req.query.before;
+    }
+    if (req.query.after != undefined) {
+        options['after'] = req.query.after;
+    }
+    callback(options);
+}
+
+// retrieves all exploit
+router.get('/exploits', function (req, res) {
+    res.setHeader('Content-Type', 'application/json');
+
+    parseParameters(req, function (options) {
+        model.getExploits(undefined, options, function (results){
+            res.status((results.length > 0) ? 200 : 404).end(JSON.stringify(results));
+        });
+    });
+});
+
+// retrieves a specific exploit
+router.get('/exploits/:id', function (req, res) {
+    res.setHeader('Content-Type', 'application/json');
+    model.getExploits(req.params.id, undefined, function (results){
+        res.status((results.length > 0) ? 200 : 404).end(JSON.stringify(results));
+    });
+});
+
+// retrieves the attachment of an exploit
+router.get('/exploits/:id/attachment', function (req, res) {
+    model.getExploits(req.params.id, undefined, function (results){
+        if (results[0] && results[0]['file']) {
+            var file = __dirname + '/exploitdb/' + results[0]['file'];
+
+            var filename = path.basename(file);
+            var mimetype = mime.lookup(file);
+
+            res.setHeader('Content-disposition', 'attachment; filename=' + filename);
+            res.setHeader('Content-type', mimetype);
+
+            var filestream = fs.createReadStream(file);
+            filestream.pipe(res);
+        } else {
+            res.status(404).end();
+        }
+    });
+});
+
+// manages 404
+router.get('*', function(req, res){
+    res.redirect('/exploits');
+});
+
+app.use('/', router);
+app.listen(port);
+console.log("Open browser at: http://127.0.0.1:" + port);
