Documentation

Complete guide to BRS-KB API integration and usage.

Overview

BRS-KB (Bug Reaper Security Knowledge Base) is a comprehensive XSS payload database API designed for security researchers, penetration testers, and developers building security tools.

The API provides:

--- XSS payloads organized by context and severity
--- vulnerability contexts (HTML, JavaScript, frameworks, etc.)
WAF bypass techniques for evasion testing
Defense recommendations for each context
Relevance-based search with scoring

Authentication

All API requests require an API key sent via the X-API-Key header.

X-API-Key: BRS-KB_free_kUOgkmm2lxr2sgIg_hFsmuBsFGB4fVpakvu0pzANStRIpeGs8

Public endpoints (/health, /info, /stats, /contexts, /export/*) work without authentication.

Base URL

https://brs-kb.easypro.tech/api/v1

Legacy endpoints without /v1 prefix are also supported but deprecated.

Contexts

Contexts represent different vulnerability injection points.

List All Contexts

GET /api/v1/contexts

Get Context Details

GET /api/v1/contexts/{id}

Returns detailed information about a specific context including description, risk level, and CVSS score.

{
  "id": "javascript",
  "name": "JavaScript Context",
  "description": "JavaScript code injection context",
  "risk_level": "critical",
  "cvss_score": 9.1
}

Payloads

Retrieve XSS payloads with filtering and pagination.

List Payloads

GET /api/v1/payloads

Parameter	Type	Description
`context`	string	Filter by context ID
`severity`	string	Filter by severity (critical, high, medium, low, info)
`waf_evasion`	boolean	Only WAF bypass payloads
`limit`	integer	Results per page (max: 1000, default: 50)
`offset`	integer	Pagination offset

Example

curl -H "X-API-Key: YOUR_KEY" \
  "https://brs-kb.easypro.tech/api/v1/payloads?context=javascript&severity=critical&limit=10"

Search

Full-text search with relevance scoring.

GET /api/v1/payloads/search?q={query}

Returns payloads matching the query, sorted by relevance score.

Filtering

Combine multiple filters for precise results:

# Critical JavaScript payloads with WAF bypass
GET /api/v1/payloads?context=javascript&severity=critical&waf_evasion=true

# All payloads for React context
GET /api/v1/payloads?context=react&limit=100

Analyze

Analyze payloads for context detection and risk assessment.

Single Analysis

POST /api/v1/analyze
Content-Type: application/json

{"payload": "<script>alert(1)</script>"}

Batch Analysis

POST /api/v1/analyze/batch
Content-Type: application/json

{"payloads": ["<script>alert(1)</script>", "<img onerror=alert(1)>"]}

Batch endpoint accepts up to 100 payloads per request.

Defenses

Get defense recommendations for a specific context.

GET /api/v1/defenses?context={context_id}

Returns recommended security measures, encoding strategies, and CSP directives.

Export

Bulk export for offline use or tool integration.

Export Payloads

GET /api/v1/export/payloads

Export Contexts

GET /api/v1/export/contexts

Error Handling

The API returns standard HTTP status codes:

Code	Description
`200`	Success
`304`	Not Modified (ETag match)
`400`	Bad Request
`401`	Unauthorized (missing/invalid API key)
`404`	Not Found
`500`	Internal Server Error

Response Headers

Every response includes:

Header	Description
`X-Request-ID`	Unique request identifier
`X-API-Version`	API version (v1)
`X-Response-Time`	Processing time in ms
`X-RateLimit-Limit`	Rate limit (unlimited)

Caching

Large responses support ETag caching. Include If-None-Match header with the ETag value to receive 304 Not Modified if data hasn't changed.

# First request
GET /api/v1/contexts
Response: ETag: "abc123..."

# Subsequent request
GET /api/v1/contexts
If-None-Match: "abc123..."
Response: 304 Not Modified

Integration Examples

curl

# Get critical JavaScript payloads
curl -H "X-API-Key: BRS-KB_free_kUOgkmm2lxr2sgIg_hFsmuBsFGB4fVpakvu0pzANStRIpeGs8" \
  "https://brs-kb.easypro.tech/api/v1/payloads?context=javascript&severity=critical&limit=10"

# Search for SVG payloads
curl -H "X-API-Key: BRS-KB_free_kUOgkmm2lxr2sgIg_hFsmuBsFGB4fVpakvu0pzANStRIpeGs8" \
  "https://brs-kb.easypro.tech/api/v1/payloads/search?q=svg"

# Get WAF bypass payloads
curl -H "X-API-Key: BRS-KB_free_kUOgkmm2lxr2sgIg_hFsmuBsFGB4fVpakvu0pzANStRIpeGs8" \
  "https://brs-kb.easypro.tech/api/v1/payloads?waf_evasion=true&limit=50"

Python

import requests

API_KEY = "BRS-KB_free_kUOgkmm2lxr2sgIg_hFsmuBsFGB4fVpakvu0pzANStRIpeGs8"
BASE_URL = "https://brs-kb.easypro.tech/api/v1"

headers = {"X-API-Key": API_KEY}

# Get payloads for a specific context
response = requests.get(
    f"{BASE_URL}/payloads",
    headers=headers,
    params={"context": "html_body", "severity": "critical", "limit": 20}
)
payloads = response.json()

for p in payloads.get("payloads", []):
    print(f"[{p['severity']}] {p['payload'][:50]}...")

JavaScript (fetch)

const API_KEY = 'BRS-KB_free_kUOgkmm2lxr2sgIg_hFsmuBsFGB4fVpakvu0pzANStRIpeGs8';
const BASE_URL = 'https://brs-kb.easypro.tech/api/v1';

async function getPayloads(context, severity = 'critical') {
    const response = await fetch(
        `${BASE_URL}/payloads?context=${context}&severity=${severity}&limit=20`,
        { headers: { 'X-API-Key': API_KEY } }
    );
    return response.json();
}

// Usage
getPayloads('javascript').then(data => {
    data.payloads.forEach(p => console.log(p.payload));
});

Python (with brs-kb package)

# Install: pip install brs-kb
from brs_kb import get_kb_info, get_vulnerability_details

# Get KB stats
info = get_kb_info()
print(f"Payloads: {info['total_payloads']}")
print(f"Contexts: {info['total_contexts']}")

# Get context details
ctx = get_vulnerability_details("javascript")
print(ctx["title"])
print(ctx["description"])

SIEM Integration

BRS-KB provides connectors for enterprise Security Information and Event Management systems. Send vulnerability data to your SIEM for centralized monitoring, alerting, and compliance.

Supported Systems

SIEM	Connector	Protocol
Splunk	HTTP Event Collector	HTTPS
Elasticsearch	REST API	HTTPS
Graylog	GELF	HTTPS

Quick Start

# Splunk integration
from siem_connectors.splunk.brs_kb_splunk_connector import BRSKBSplunkConnector

connector = BRSKBSplunkConnector(
    splunk_url="https://your-splunk.com:8088",
    api_key="YOUR_HEC_TOKEN",
    index="brs_kb_security"
)

# Send vulnerability event
connector.send_vulnerability_event({
    "context": "javascript",
    "severity": "critical",
    "payload": "<script>alert(1)</script>",
    "cvss_score": 9.1
})

Features

Real-time vulnerability event ingestion
Structured data with CVSS scores and metadata
Critical vulnerability alerting
Correlation with existing security events
Compliance audit trails

SIEM Docs