digininja · digininja · Jan 29, 2025 · Oct 2, 2024 · Oct 2, 2024 · Oct 2, 2024
diff --git a/dvwa/includes/dvwaPage.inc.php b/dvwa/includes/dvwaPage.inc.php
@@ -306,6 +306,7 @@ function dvwaHtmlEcho( $pPage ) {
 		}
 		$menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'open_redirect', 'name' => 'Open HTTP Redirect', 'url' => 'vulnerabilities/open_redirect/' );
 		$menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'encryption', 'name' => 'Cryptography', 'url' => 'vulnerabilities/cryptography/' );
+		$menuBlocks[ 'vulnerabilities' ][] = array( 'id' => 'api', 'name' => 'API', 'url' => 'vulnerabilities/api/' );
 	}
 
 	$menuBlocks[ 'meta' ] = array();

diff --git a/vulnerabilities/api/.gitignore b/vulnerabilities/api/.gitignore
@@ -0,0 +1 @@
+vendor/
diff --git a/vulnerabilities/api/.htaccess b/vulnerabilities/api/.htaccess
@@ -0,0 +1,10 @@
+RewriteEngine On
+# If an existing asset or directory is requested go to it as it is
+RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f [OR]
+RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
+RewriteRule ^ - [L]
+
+# If the requested resource doesn’t exist, use index.html
+#RewriteRule ^ /robin.php
+RewriteRule ^ /vulnerabilities/api/public/index.php
+#RewriteRule ^ /vulnerabilities/api/public/robin.php
diff --git a/vulnerabilities/api/README.md b/vulnerabilities/api/README.md
@@ -0,0 +1,27 @@
+# API Info
+
+## Generating OpenAPI Docs
+
+If you want to be able to modify the code and generate your own OpenAPI document you will need to set a few things up.
+
+First, make sure you have Composer installed. There seem to be backward compatibility issues so I always get the latest version from here:
+
+<https://getcomposer.org/doc/00-intro.md>
+
+Follow the instructions the site gives to get it installed.
+
+Now go into `/vulnerabilities/api` directory and run:
+
+```
+composer.phar install
+```
+
+If you did not install Composer to the system path, make sure you reference its full location.
+
+With this installed, you should now be able to browse to `/vulnerabilities/api/gen_openapi.php` and download a dynamically generated OpenAPI file
+
+## Mark Up
+
+The OpenAPI document is generated using [swagger-php](https://github.com/zircote/swagger-php).
+
+The file is marked up using the newer PHP attributes method, for more information on that, see their [documentation](https://zircote.github.io/swagger-php/guide/attributes.html).
diff --git a/vulnerabilities/api/bootstrap.php b/vulnerabilities/api/bootstrap.php
@@ -0,0 +1,6 @@
+<?php
+require 'vendor/autoload.php';
+
+# use Src\UserController;
+
+# This would set up the database and stuff if needed
diff --git a/vulnerabilities/api/composer.json b/vulnerabilities/api/composer.json
@@ -0,0 +1,10 @@
+{
+    "autoload": {
+        "psr-4": {
+            "Src\\": "src/"
+        }
+    },
+    "require": {
+        "zircote/swagger-php": "^4.10"
+    }
+}