Building Vulnerability Explorer

Building our Vulnerability Explorer

building vulns.firosolutions.com vulnerability explorer

We wanted to make a love child between a blockchain block explorer
and our api. In order to demostrate the true power of our api :)
We have been using Bitcoin for a couple of years now and the true power of
a block explorer in order to view transactions with a fancy interface is also pretty nice.

The result is live and can be viewed at:
https://vulns.firosolutions.com

Using our api

So vulns.firosolutions.com is a frontend that
is running with our api as engine.

View vulnerability

You can simply press any vulnerability and it will display description,
CVE, external links and a lot more!

You can also:

View Platforms

We want it to be more then just search and find so when you press
on a exploit/vulnerability or search for a special platform
you can view more vulnerabilities affecting that platform.

We ofcourse support CMS systems such as wordpress, joomla, drupal and so on
wordpress vulnerability explorer

We had to add cisco :)
cisco vulnerability explorer

You can even view similar platforms:

cisco vulnerability explorer

The list of platforms goes on and on ..

microsoft vulnerability explorer
microsoft vulnerability explorer

View language

We support to view programming languages such as Rust and NodeJS.

View operating system

You can view different operating systems such as:

OpenSUSE:

opensuse vulnerability explorer

Debian:

debian vulnerability explorer

Freebsd

bfreebsd vulnerability explorer

And many more!

Api end points being used:

So this is done with our api using:

https://api.firosolutions.com/cvesearch

We have 2 different cve search endpoints, this api endpoint returns information about the cve you give to it. As an example if i give it a “fluffy” cve let’s say “CVE-2012-5604” then it returns:

{
    "result": {
        "CVE": "CVE-2012-5604",
        "date": "2012-10-24",
        "description": "The ldap_fluff gem for Rub",
        "link": "['http://rhn.redhat.com/errata/RHSA-2013-0544.html', 
        'https://bugzilla.redhat.com/show_bug.cgi?id=882136']"
    }
}


https://api.firosolutions.com/cveloosesearch

This is our second api end point, This searches for a CVE and returns, lets try this with a joomla cve for example:
CVE-2020-8420

{
    "result": [
        {
            "CVE": "CVE-2020-8420",
            "date": "2020-01-28",
            "description": "An issue was discovered in Joomla! before 3.9.15. ...",
            "link": "['https://developer.joomla.org/security-centre/799-20200102-core-csrf-com-templates-less-compiler']"
        },
        {
            "CVE": "CVE-2020-11690",
            "date": "2020-04-10",
            "description": "In JetBrains IntelliJ IDEA before 2020.",
            "link": "['https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020/']"
        },
        {
            "CVE": "CVE-2020-10794",
            "date": "2020-03-20",
            "description": "Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to..."
            "link": 
            "['https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/']"
        },
        {
            "CVE": "CVE-2020-10795",
            "date": "2020-03-20",
            "description": "Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to ...",
            "link": 
            "['https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems/']"
        },
        {
            "CVE": "CVE-2020-7051",
            "date": "2020-01-14",
            "description": "Codologic Codoforum through 4.8.4 ...",
            "link": 
            "['https://codologic.com/forum/index.php?u=/topic/12638/codoforum-4-8-8-released-and-the-future#post-23845', 
            'https://www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg/']"
        },
        {
            "CVE": "CVE-2020-11795",
            "date": "2020-04-15",
            "description": "In JetBrains Space through 2020-04-2",
            "link": 
            "['https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020/']"
        },
        {
            "CVE": "CVE-2020-11796",
            "date": "2020-04-15",
            "description": "In JetBrains Space through 2020-04-2",
            "link": 
            "['https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020/']"
        },
        {
            "CVE": "CVE-2020-12286",
            "date": "2020-04-28",
            "description": "In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.1",
            "link": "['https://github.com/OctopusDeploy/Issues/issues/6331', 
            'https://github.com/OctopusDeploy/Issues/issues/6332', 
            'https://github.com/OctopusDeploy/Issues/issues/6333']"
        }
    ]
}

https://api.firosolutions.com/latestplatform/

https://api.firosolutions.com/getvuln/

Returns information about a vulnerability based on the title it is being used when you press on the title of a vulnerability, so let’s find “Roundcube v 1.4.2 xss”

{
    "result": {
        "category": "Cross-Site Scripting",
        "cve": "no cve found",
        "date": "2020-01-21 14:18:20",
        "description": "# Exploit Title: Roundcube v 1.4.2 xss  - Persistent..."
        
        "link": "['https://cxsecurity.com/issue/WLB-2020010153']",
        "os": "unknown",
        "platform": "not sure about the platform",
        "risk": "medium",
        "title": "Roundcube v 1.4.2 xss"
    }
}

https://vulns.firosolutions.com/view/exploit/Roundcube%20v%201.4.2%20xss/

https://api.firosolutions.com/luckysearch/

Lucky search is what is being used when someone search for something. If we where to search for something like “roundcube” the api would output.

{
    "found": [
        {
            "category": "unset",
            "cve": "unset",
            "description": "Roundcube Webmail before 1.4.4 allows attackers to.." 
            "link": "['https://cxsecurity.com/cveshow/CVE-2020-12640']",
            "os": "unknown",
            "platform": "unset",
            "published_date": "2020-05-04",
            "recommendation": "We recommend that you update your system",
            "risk": "medium",
            "title": "Medium CVE-2020-12640: Roundcube Webmail"
        },
        {
            "category": "Cross-Site Scripting",
            "cve": "unset",
            "description": "An issue was discovered in Roundcube Webmail ...."
            "link": "['https://cxsecurity.com/cveshow/CVE-2020-12625']",
            "os": "unknown",
            "platform": "Webapp",
            "published_date": "2020-05-04",
            "recommendation": "We recommend that you update your system",
            "risk": "medium",
            "title": "Low CVE-2020-12625: Roundcube Webmail"
        },
        {
            "category": "Cross Site Requests Forgery",
            "cve": "unset",
            "description": "An issue was discovered in Roundcube Webmail ...",
            "link": "['https://cxsecurity.com/cveshow/CVE-2020-12626']",
            "os": "unknown",
            "platform": "unset",
            "published_date": "2020-05-04",
            "recommendation": "We recommend that you update your system",
            "risk": "medium",
            "title": "Low CVE-2020-12626: Roundcube Webmail"
        },
        {
            "author": "published on ['https://www.debian.org/security/2020/dsa-4674']",
            "category": "unset",
            "cve": "['CVE-2020-12625', 'CVE-2020-12625',
            'CVE-2020-12626', 'CVE-2020-12626']",
            "description": "<p>It was discovered that roundcube, ...."
            "link": "['https://www.debian.org/security/2020/dsa-4674', 
            'https://security-tracker.debian.org/tracker/source-package/roundcube']",
            "os": "Debian",
            "platform": "roundcube",
            "published_date": "2017-09-27",
            "recommendation": "We recommend that you update your system",
            "risk": "medium",
            "title": "DSA-4674 roundcube"
        },
        {
            "author": "published on cxsecurity.com",
            "category": "Cross-Site Scripting",
            "cve": "unset",
            "description": "# Exploit Title: Roundcube v 1.4.2 xss  - ..."
            "link": "['https://cxsecurity.com/issue/WLB-2020010153']",
            "os": "unknown",
            "platform": "unset",
            "published_date": "2020-01-21",
            "recommendation": "We recommend that you update your system",
            "risk": "medium",
            "title": "Roundcube v 1.4.2 xss"
        },
	....
    ],
    "total": 12
}

https://api.firosolutions.com/latestrust/

If you got the view the language rust on vulns.firosolutions.com
this api function will be used to return the latest
vulnerabilities affecting rust librarires.

You can find a more detailed description of our api with code examples on our github:
https://github.com/FiroSolutions/api.firosolutions.com

Blockchain nodes

That we are heavy in to crypto currency is no lie.
We have happily accepted crypto currency as payment
since the first day we went out of Beta to paid product.
But we go even deeper in this rabbit hole, We offer notifications
to people that run a blockchain node telling them when a new version
has been released and it’s time to update.
It’s pretty simple just sign in to https://watchers.firosolutions.com
select templates and pick the blockchain node of choice.
We also have templates for creating profiles for other software such as
drupal, wordpress and so on.

https://vulns.firosolutions.com/blockchain

We support for viewing vulnerabilities for several blockchains such as:

Ethereum

ethereum vulnerability explorer

Bitcoin

vulns.firosolutions.com vulnerability explorer bitcoin
bitcoin vulns.firosolutions.com vulnerability explorer

Monero

monero vulnerability explorer

We are also continuously updating vulns.firosolutions.com so bookmark it to stay
up to date!

https://vulns.firosolutions.com