API Reference
API Documentation
Appendix
Exploits REST API Documentation
The base URL for all of these methods is:https://exploits.shodan.io/api
Shodan Exploits Methods
GET/search
Search for Exploits
Search across a variety of data sources for exploits and use facets to get summary information.
Request URL
https://exploits.shodan.io/api/search?query={query}&key={YOUR_API_KEY}
Parameters
- query: [String] Search query used to search the database of known exploits. Possible search filters are:
- author
- The author of the exploit/ vulnerability.
- bid
- The Bugtraq ID for the exploit.
- code
- The actual code of the exploit.
- cve
- The Common Vulnerability and Exposures ID for the exploit.
- date
- When the exploit was released.
- description
- The description of the exploit, how it works and where it applies.
- msb
- The Microsoft Security Bulletin ID for the exploit.
- osvdb
- The Open Source Vulnerability Database ID for the exploit.
- platform
- The operating system that the exploit targets.
- port
- The port number for the affected service if the exploit is remote.
- title
- The title or short description for the exploit if available.
- type
- The category of exploit, possible values are:
- dos
- exploit
- local
- remote
- shellcode
- webapps
- facets (optional): [String] A comma-separated list of properties to get summary information on. The following facets are currently supported:
- author
- platform
- port
- source
- type
- page (optional): [Integer] The page number to page through results 100 at a time.
Sample Response
{
"matches": [
{
"source": "CVE",
"_id": "2011-2064",
"description": "Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Gateway - Second Generation (CSG2) allows remote attackers to cause a denial of service (device reload) via crafted ICMP packets, aka Bug ID CSCtl79577.",
"osvdb": [
73657
],
"bid": [
48581
],
"cve": "CVE-2011-2064",
"msb": []
},
{
"source": "CVE",
"_id": "2011-0349",
"description": "Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth17178, a different vulnerability than CVE-2011-0350.",
"osvdb": [
70721
],
"bid": [
46026
],
"cve": "CVE-2011-0349",
"msb": []
},
{
"source": "CVE",
"_id": "2011-0350",
"description": "Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to cause a denial of service (device hang or reload) via crafted TCP packets, aka Bug ID CSCth41891, a different vulnerability than CVE-2011-0349.",
"osvdb": [
70722
],
"bid": [
46028
],
"cve": "CVE-2011-0350",
"msb": []
},
{
"source": "CVE",
"_id": "2011-0348",
"description": "Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass intended access restrictions and intended billing restrictions by sending HTTP traffic to a restricted destination after sending HTTP traffic to an unrestricted destination, aka Bug ID CSCtk35917.",
"osvdb": [
70720
],
"bid": [
46022
],
"cve": "CVE-2011-0348",
"msb": []
}
],
"facets": {
"type": [
{
"count": 1,
"value": "remote"
}
]
},
"total": 4
}
GET/count
Search for Exploits without Results
This method behaves identical to the "/search" method with the difference that it doesn't return any results.
Request URL
https://exploits.shodan.io/api/count?query={query}&key={YOUR_API_KEY}
Parameters
- query: [String] Search query used to search the database of known exploits.
- author
- The author of the exploit/ vulnerability.
- bid
- The Bugtraq ID for the exploit.
- code
- The actual code of the exploit.
- cve
- The Common Vulnerability and Exposures ID for the exploit.
- date
- When the exploit was released.
- description
- The description of the exploit, how it works and where it applies.
- msb
- The Microsoft Security Bulletin ID for the exploit.
- osvdb
- The Open Source Vulnerability Database ID for the exploit.
- platform
- The operating system that the exploit targets.
- port
- The port number for the affected service if the exploit is remote.
- title
- The title or short description for the exploit if available.
- type
- The category of exploit, possible values are:
- dos
- exploit
- local
- remote
- shellcode
- webapps
- facets (optional): [String] A comma-separated list of properties to get summary information on. The following facets are currently supported:
- author
- platform
- port
- source
- type
Sample Response
{
"matches": [],
"facets": {
"platform": [
{
"count": 420,
"value": "php"
},
{
"count": 104,
"value": "multiple"
},
{
"count": 76,
"value": "windows"
},
{
"count": 62,
"value": "linux"
},
{
"count": 11,
"value": "cgi"
}
],
"type": [
{
"count": 465,
"value": "webapps"
},
{
"count": 178,
"value": "remote"
},
{
"count": 50,
"value": "dos"
},
{
"count": 36,
"value": "local"
},
{
"count": 19,
"value": "exploit"
}
]
},
"total": 1385
}