feat: add XSSHunter blueprint with Docker Compose setup and configura… (#287)

* feat: add XSSHunter blueprint with Docker Compose setup and configuration templates * Change port to expose to work with Traefik * feat: add XSS Hunter blueprint configuration with environment variables and domain settings, don't use special characters * - if you will use special characters so add the password in a single quote to avoid the conflicts * Update blueprints/xsshunter/docker-compose.yml * Update blueprints/xsshunter/docker-compose.yml * Update blueprints/xsshunter/docker-compose.yml * Update blueprints/xsshunter/docker-compose.yml * Update blueprints/xsshunter/docker-compose.yml * Update blueprints/xsshunter/docker-compose.yml * Update blueprints/xsshunter/docker-compose.yml * Update blueprints/xsshunter/docker-compose.yml * Update docker-compose.yml Fix Network defined and version obsolete warning * chore(blueprints/xsshunter): adjust template and compose for Dokploy guidelines * chore: make service ports configurable via environment variables * Update meta.json * Update meta.json --------- Co-authored-by: Khaled Mohamed <khaled@xelkomy.com> Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
2026-06-15 20:25:24 +02:00 · 2025-10-05 07:29:19 +03:00
parent 24c1752aab
commit b81b0fd18d
4 changed files with 175 additions and 0 deletions
--- a/blueprints/xsshunter/docker-compose.yml
+++ b/blueprints/xsshunter/docker-compose.yml
@@ -0,0 +1,87 @@
+#version: '3.8'
+
+services:
+  xsshunterexpress-db:
+    image: postgres:15-alpine
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB:-xsshunterexpress}
+      POSTGRES_USER: ${POSTGRES_USER:-xsshunterexpress}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-xsshunterexpress}
+      PGDATA: /var/lib/postgresql/data/pgdata
+      POSTGRES_HOST_AUTH_METHOD: trust
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-xsshunterexpress}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+    volumes:
+      - postgres_data:/var/lib/postgresql/data/pgdata
+
+  xsshunterexpress-service:
+    build: https://github.com/rs-loves-bugs/xsshunter.git
+    restart: unless-stopped
+    environment:
+      # Core Configuration
+      SESSION_SECRET_KEY: ${SESSION_SECRET_KEY}
+      HOSTNAME: ${HOSTNAME}
+      XSS_HOSTNAME: ${XSS_HOSTNAME}
+      
+      # Panel Configuration
+      PANEL_LOGIN: ${PANEL_LOGIN:-true}
+      PANEL_USERNAME: ${PANEL_USERNAME}
+      PANEL_PASSWORD: ${PANEL_PASSWORD}
+      ALLOW_EMPTY_USERPATH: ${ALLOW_EMPTY_USERPATH:-true}
+      
+      # OAuth Configuration
+      OAUTH_LOGIN: ${OAUTH_LOGIN:-false}
+      CLIENT_ID: ${CLIENT_ID:-}
+      CLIENT_SECRET: ${CLIENT_SECRET:-}
+      GMAIL_ACCOUNTS: ${GMAIL_ACCOUNTS:-}
+      
+      # Email Configuration
+      EMAIL_NOTIFICATIONS_ENABLED: ${EMAIL_NOTIFICATIONS_ENABLED:-false}
+      EMAIL_FROM: ${EMAIL_FROM:-}
+      SENDGRID_API_KEY: ${SENDGRID_API_KEY:-}
+      SENDGRID_UNSUBSRIBE_GROUP_ID: ${SENDGRID_UNSUBSRIBE_GROUP_ID:-}
+      
+      # Database Configuration
+      DATABASE_HOST: xsshunterexpress-db
+      POSTGRES_DB: ${POSTGRES_DB:-xsshunterexpress}
+      POSTGRES_USER: ${POSTGRES_USER:-xsshunterexpress}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-xsshunterexpress}
+      
+      # Application Configuration
+      NODE_ENV: ${NODE_ENV:-production}
+      PORT: ${PORT}
+      CONTROL_PANEL_ENABLED: ${CONTROL_PANEL_ENABLED:-true}
+      SCREENSHOTS_DIR: /app/payload-fire-images
+      TRUFFLEHOG_URL: http://${TRUFFLEHOG_HOST:-xsshunterexpress-trufflehog}:${TRUFFLEHOG_PORT:-8000}/trufflehog
+      
+      # Optional Services
+      SENTRY_DSN: ${SENTRY_DSN:-}
+      SENTRY_ENABLED: ${SENTRY_ENABLED:-false}
+      USE_CLOUD_STORAGE: ${USE_CLOUD_STORAGE:-false}
+      BUCKET_NAME: ${BUCKET_NAME:-}
+    expose:
+      - ${PORT:-8080}
+    volumes:
+      - payload_images:/app/payload-fire-images
+    depends_on:
+      xsshunterexpress-db:
+        condition: service_healthy
+
+  xsshunterexpress-trufflehog:
+    build:
+      context: https://github.com/rs-loves-bugs/xsshunter.git
+      dockerfile: Dockerfile.trufflehog
+    restart: unless-stopped
+    expose:
+      - ${TRUFFLEHOG_PORT:-8000}
+
+volumes:
+  postgres_data:
+    driver: local
+  payload_images:
+    driver: local
--- a/blueprints/xsshunter/template.toml
+++ b/blueprints/xsshunter/template.toml
@@ -0,0 +1,71 @@
+[variables]
+admin_domain = "${domain}"
+xss_domain = "${domain}"
+session_secret = "${base64:64}"
+admin_password = "${password:32}"
+db_password = "${password:16}"
+postgres_user = "xsshunterexpress"
+postgres_db = "xsshunterexpress"
+
+[config]
+[[config.domains]]
+serviceName = "xsshunterexpress-service"
+port = 8080
+host = "${admin_domain}"
+
+[[config.domains]]
+serviceName = "xsshunterexpress-service"
+port = 8080
+host = "xss.${admin_domain}"
+
+[config.env]
+# Core Configuration
+SESSION_SECRET_KEY = "${session_secret}"
+HOSTNAME = "${admin_domain}"
+XSS_HOSTNAME = "xss.${admin_domain}"
+
+# Panel Configuration
+PANEL_LOGIN = "true"
+PANEL_USERNAME = "admin@${admin_domain}"
+PANEL_PASSWORD = '${admin_password}' # [ use single quote to avoid the problem] just to let you know takecare of the special characters, it will make your password invalid, so make a strong password without special characters
+ALLOW_EMPTY_USERPATH = "true"
+
+# OAuth Configuration (disabled by default)
+OAUTH_LOGIN = "false"
+CLIENT_ID = ""
+CLIENT_SECRET = ""
+GMAIL_ACCOUNTS = ""
+
+# Email Configuration (disabled by default)
+EMAIL_NOTIFICATIONS_ENABLED = "false"
+EMAIL_FROM = ""
+SENDGRID_API_KEY = ""
+SENDGRID_UNSUBSRIBE_GROUP_ID = ""
+
+# Database Configuration
+DATABASE_HOST = "xsshunterexpress-db"
+POSTGRES_DB = "${postgres_db}"
+POSTGRES_USER = "${postgres_user}"
+POSTGRES_PASSWORD = "${db_password}"
+
+# Application Configuration
+NODE_ENV = "production"
+PORT = "8080"
+CONTROL_PANEL_ENABLED = "true"
+SCREENSHOTS_DIR = "/app/payload-fire-images"
+TRUFFLEHOG_URL = "http://${TRUFFLEHOG_HOST}:${TRUFFLEHOG_PORT}/trufflehog"
+
+# Port Configuration
+APP_PORT = "8080"
+TRUFFLEHOG_HOST = "xsshunterexpress-trufflehog"
+TRUFFLEHOG_PORT = "8000"
+
+# Optional Services (disabled by default)
+SENTRY_DSN = ""
+SENTRY_ENABLED = "false"
+USE_CLOUD_STORAGE = "false"
+BUCKET_NAME = ""
+
+[[config.mounts]]
+filePath = "./payload-fire-images"
+content = "Directory for storing XSS payload screenshots and collected data"
--- a/blueprints/xsshunter/xsshunter.png
+++ b/blueprints/xsshunter/xsshunter.png
--- a/meta.json
+++ b/meta.json
@@ -5253,6 +5253,23 @@
      "cms"
    ]
  },
+  {
+    "id": "xsshunter",
+    "name": "XSSHunter",
+    "version": "latest",
+    "description": "XSSHunter is an open-source platform designed to identify and exploit blind Cross-Site Scripting (XSS) vulnerabilities. It provides security researchers, bug bounty hunters, and penetration testers with a comprehensive toolkit for detecting XSS flaws that are otherwise difficult to discover through traditional testing methods.",
+    "logo": "xsshunter.png",
+    "links": {
+      "github": "https://github.com/rs-loves-bugs/xsshunter",
+      "website": "https://github.com/rs-loves-bugs/xsshunter",
+      "docs": "https://github.com/rs-loves-bugs/xsshunter#requirements"
+    },
+    "tags": [
+      "pentest",
+      "xsshunter",
+      "bugbounty"
+    ]
+  },
  {
    "id": "yamtrack",
    "name": "Yamtrack",