Building our Vulnerability Explorer
We wanted to make a love child between a blockchain block explorer
and our api. In order to demostrate the true power of our api :)
We have been using Bitcoin for a couple of years now and the true power of
a block explorer in order to view transactions with a fancy interface is also pretty nice.
The result is live and can be viewed at:
https://vulns.firosolutions.com
Using our api
So vulns.firosolutions.com is a frontend that
is running with our api as engine.
View vulnerability
You can simply press any vulnerability and it will display description,
CVE, external links and a lot more!
You can also:
View Platforms
We want it to be more then just search and find so when you press
on a exploit/vulnerability or search for a special platform
you can view more vulnerabilities affecting that platform.
We ofcourse support CMS systems such as wordpress, joomla, drupal and so on
You can even view similar platforms:
The list of platforms goes on and on ..
View language
We support to view programming languages such as Rust and NodeJS.
View operating system
You can view different operating systems such as:
OpenSUSE:
Debian:
Freebsd
And many more!
Api end points being used:
So this is done with our api using:
https://api.firosolutions.com/cvesearch
We have 2 different cve search endpoints, this api endpoint returns information about the cve you give to it. As an example if i give it a “fluffy” cve let’s say “CVE-2012-5604” then it returns:
{
"result": {
"CVE": "CVE-2012-5604",
"date": "2012-10-24",
"description": "The ldap_fluff gem for Rub",
"link": "['http://rhn.redhat.com/errata/RHSA-2013-0544.html',
'https://bugzilla.redhat.com/show_bug.cgi?id=882136']"
}
}
https://api.firosolutions.com/cveloosesearch
This is our second api end point, This searches for a CVE and
returns, lets try this with a joomla cve for example:
CVE-2020-8420
{
"result": [
{
"CVE": "CVE-2020-8420",
"date": "2020-01-28",
"description": "An issue was discovered in Joomla! before 3.9.15. ...",
"link": "['https://developer.joomla.org/security-centre/799-20200102-core-csrf-com-templates-less-compiler']"
},
{
"CVE": "CVE-2020-11690",
"date": "2020-04-10",
"description": "In JetBrains IntelliJ IDEA before 2020.",
"link": "['https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020/']"
},
{
"CVE": "CVE-2020-10794",
"date": "2020-03-20",
"description": "Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to..."
"link":
"['https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/']"
},
{
"CVE": "CVE-2020-10795",
"date": "2020-03-20",
"description": "Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to ...",
"link":
"['https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/']"
},
{
"CVE": "CVE-2020-7051",
"date": "2020-01-14",
"description": "Codologic Codoforum through 4.8.4 ...",
"link":
"['https://codologic.com/forum/index.php?u=/topic/12638/codoforum-4-8-8-released-and-the-future#post-23845',
'https://www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg/']"
},
{
"CVE": "CVE-2020-11795",
"date": "2020-04-15",
"description": "In JetBrains Space through 2020-04-2",
"link":
"['https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020/']"
},
{
"CVE": "CVE-2020-11796",
"date": "2020-04-15",
"description": "In JetBrains Space through 2020-04-2",
"link":
"['https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020/']"
},
{
"CVE": "CVE-2020-12286",
"date": "2020-04-28",
"description": "In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.1",
"link": "['https://github.com/OctopusDeploy/Issues/issues/6331',
'https://github.com/OctopusDeploy/Issues/issues/6332',
'https://github.com/OctopusDeploy/Issues/issues/6333']"
}
]
}
https://api.firosolutions.com/latestplatform/
https://api.firosolutions.com/getvuln/
Returns information about a vulnerability based on the title it is being used when you press on the title of a vulnerability, so let’s find “Roundcube v 1.4.2 xss”
{
"result": {
"category": "Cross-Site Scripting",
"cve": "no cve found",
"date": "2020-01-21 14:18:20",
"description": "# Exploit Title: Roundcube v 1.4.2 xss - Persistent..."
"link": "['https://cxsecurity.com/issue/WLB-2020010153']",
"os": "unknown",
"platform": "not sure about the platform",
"risk": "medium",
"title": "Roundcube v 1.4.2 xss"
}
}
https://vulns.firosolutions.com/view/exploit/Roundcube%20v%201.4.2%20xss/
https://api.firosolutions.com/luckysearch/
Lucky search is what is being used when someone search for something. If we where to search for something like “roundcube” the api would output.
{
"found": [
{
"category": "unset",
"cve": "unset",
"description": "Roundcube Webmail before 1.4.4 allows attackers to.."
"link": "['https://cxsecurity.com/cveshow/CVE-2020-12640']",
"os": "unknown",
"platform": "unset",
"published_date": "2020-05-04",
"recommendation": "We recommend that you update your system",
"risk": "medium",
"title": "Medium CVE-2020-12640: Roundcube Webmail"
},
{
"category": "Cross-Site Scripting",
"cve": "unset",
"description": "An issue was discovered in Roundcube Webmail ...."
"link": "['https://cxsecurity.com/cveshow/CVE-2020-12625']",
"os": "unknown",
"platform": "Webapp",
"published_date": "2020-05-04",
"recommendation": "We recommend that you update your system",
"risk": "medium",
"title": "Low CVE-2020-12625: Roundcube Webmail"
},
{
"category": "Cross Site Requests Forgery",
"cve": "unset",
"description": "An issue was discovered in Roundcube Webmail ...",
"link": "['https://cxsecurity.com/cveshow/CVE-2020-12626']",
"os": "unknown",
"platform": "unset",
"published_date": "2020-05-04",
"recommendation": "We recommend that you update your system",
"risk": "medium",
"title": "Low CVE-2020-12626: Roundcube Webmail"
},
{
"author": "published on ['https://www.debian.org/security/2020/dsa-4674']",
"category": "unset",
"cve": "['CVE-2020-12625', 'CVE-2020-12625',
'CVE-2020-12626', 'CVE-2020-12626']",
"description": "<p>It was discovered that roundcube, ...."
"link": "['https://www.debian.org/security/2020/dsa-4674',
'https://security-tracker.debian.org/tracker/source-package/roundcube']",
"os": "Debian",
"platform": "roundcube",
"published_date": "2017-09-27",
"recommendation": "We recommend that you update your system",
"risk": "medium",
"title": "DSA-4674 roundcube"
},
{
"author": "published on cxsecurity.com",
"category": "Cross-Site Scripting",
"cve": "unset",
"description": "# Exploit Title: Roundcube v 1.4.2 xss - ..."
"link": "['https://cxsecurity.com/issue/WLB-2020010153']",
"os": "unknown",
"platform": "unset",
"published_date": "2020-01-21",
"recommendation": "We recommend that you update your system",
"risk": "medium",
"title": "Roundcube v 1.4.2 xss"
},
....
],
"total": 12
}
https://api.firosolutions.com/latestrust/
If you got the view the language rust on vulns.firosolutions.com
this api function will be used to return the latest
vulnerabilities affecting rust librarires.
You can find a more detailed description of our api with code examples on our github:
https://github.com/FiroSolutions/api.firosolutions.com
Blockchain nodes
That we are heavy in to crypto currency is no lie.
We have happily accepted crypto currency as payment
since the first day we went out of Beta to paid product.
But we go even deeper in this rabbit hole, We offer notifications
to people that run a blockchain node telling them when a new version
has been released and it’s time to update.
It’s pretty simple just sign in to https://watchers.firosolutions.com
select templates and pick the blockchain node of choice.
We also have templates for creating profiles for other software such as
drupal, wordpress and so on.
https://vulns.firosolutions.com/blockchain
We support for viewing vulnerabilities for several blockchains such as:
Ethereum
Bitcoin
Monero
We are also continuously updating vulns.firosolutions.com so bookmark it to stay
up to date!