diff --git a/blueprints/xsshunter/docker-compose.yml b/blueprints/xsshunter/docker-compose.yml new file mode 100644 index 00000000..93763cf1 --- /dev/null +++ b/blueprints/xsshunter/docker-compose.yml @@ -0,0 +1,87 @@ +#version: '3.8' + +services: + xsshunterexpress-db: + image: postgres:15-alpine + restart: unless-stopped + environment: + POSTGRES_DB: ${POSTGRES_DB:-xsshunterexpress} + POSTGRES_USER: ${POSTGRES_USER:-xsshunterexpress} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-xsshunterexpress} + PGDATA: /var/lib/postgresql/data/pgdata + POSTGRES_HOST_AUTH_METHOD: trust + healthcheck: + test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-xsshunterexpress}"] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + volumes: + - postgres_data:/var/lib/postgresql/data/pgdata + + xsshunterexpress-service: + build: https://github.com/rs-loves-bugs/xsshunter.git + restart: unless-stopped + environment: + # Core Configuration + SESSION_SECRET_KEY: ${SESSION_SECRET_KEY} + HOSTNAME: ${HOSTNAME} + XSS_HOSTNAME: ${XSS_HOSTNAME} + + # Panel Configuration + PANEL_LOGIN: ${PANEL_LOGIN:-true} + PANEL_USERNAME: ${PANEL_USERNAME} + PANEL_PASSWORD: ${PANEL_PASSWORD} + ALLOW_EMPTY_USERPATH: ${ALLOW_EMPTY_USERPATH:-true} + + # OAuth Configuration + OAUTH_LOGIN: ${OAUTH_LOGIN:-false} + CLIENT_ID: ${CLIENT_ID:-} + CLIENT_SECRET: ${CLIENT_SECRET:-} + GMAIL_ACCOUNTS: ${GMAIL_ACCOUNTS:-} + + # Email Configuration + EMAIL_NOTIFICATIONS_ENABLED: ${EMAIL_NOTIFICATIONS_ENABLED:-false} + EMAIL_FROM: ${EMAIL_FROM:-} + SENDGRID_API_KEY: ${SENDGRID_API_KEY:-} + SENDGRID_UNSUBSRIBE_GROUP_ID: ${SENDGRID_UNSUBSRIBE_GROUP_ID:-} + + # Database Configuration + DATABASE_HOST: xsshunterexpress-db + POSTGRES_DB: ${POSTGRES_DB:-xsshunterexpress} + POSTGRES_USER: ${POSTGRES_USER:-xsshunterexpress} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-xsshunterexpress} + + # Application Configuration + NODE_ENV: ${NODE_ENV:-production} + PORT: ${PORT} + CONTROL_PANEL_ENABLED: ${CONTROL_PANEL_ENABLED:-true} + SCREENSHOTS_DIR: /app/payload-fire-images + TRUFFLEHOG_URL: http://${TRUFFLEHOG_HOST:-xsshunterexpress-trufflehog}:${TRUFFLEHOG_PORT:-8000}/trufflehog + + # Optional Services + SENTRY_DSN: ${SENTRY_DSN:-} + SENTRY_ENABLED: ${SENTRY_ENABLED:-false} + USE_CLOUD_STORAGE: ${USE_CLOUD_STORAGE:-false} + BUCKET_NAME: ${BUCKET_NAME:-} + expose: + - ${PORT:-8080} + volumes: + - payload_images:/app/payload-fire-images + depends_on: + xsshunterexpress-db: + condition: service_healthy + + xsshunterexpress-trufflehog: + build: + context: https://github.com/rs-loves-bugs/xsshunter.git + dockerfile: Dockerfile.trufflehog + restart: unless-stopped + expose: + - ${TRUFFLEHOG_PORT:-8000} + +volumes: + postgres_data: + driver: local + payload_images: + driver: local diff --git a/blueprints/xsshunter/template.toml b/blueprints/xsshunter/template.toml new file mode 100644 index 00000000..70bb0a6f --- /dev/null +++ b/blueprints/xsshunter/template.toml @@ -0,0 +1,71 @@ +[variables] +admin_domain = "${domain}" +xss_domain = "${domain}" +session_secret = "${base64:64}" +admin_password = "${password:32}" +db_password = "${password:16}" +postgres_user = "xsshunterexpress" +postgres_db = "xsshunterexpress" + +[config] +[[config.domains]] +serviceName = "xsshunterexpress-service" +port = 8080 +host = "${admin_domain}" + +[[config.domains]] +serviceName = "xsshunterexpress-service" +port = 8080 +host = "xss.${admin_domain}" + +[config.env] +# Core Configuration +SESSION_SECRET_KEY = "${session_secret}" +HOSTNAME = "${admin_domain}" +XSS_HOSTNAME = "xss.${admin_domain}" + +# Panel Configuration +PANEL_LOGIN = "true" +PANEL_USERNAME = "admin@${admin_domain}" +PANEL_PASSWORD = '${admin_password}' # [ use single quote to avoid the problem] just to let you know takecare of the special characters, it will make your password invalid, so make a strong password without special characters +ALLOW_EMPTY_USERPATH = "true" + +# OAuth Configuration (disabled by default) +OAUTH_LOGIN = "false" +CLIENT_ID = "" +CLIENT_SECRET = "" +GMAIL_ACCOUNTS = "" + +# Email Configuration (disabled by default) +EMAIL_NOTIFICATIONS_ENABLED = "false" +EMAIL_FROM = "" +SENDGRID_API_KEY = "" +SENDGRID_UNSUBSRIBE_GROUP_ID = "" + +# Database Configuration +DATABASE_HOST = "xsshunterexpress-db" +POSTGRES_DB = "${postgres_db}" +POSTGRES_USER = "${postgres_user}" +POSTGRES_PASSWORD = "${db_password}" + +# Application Configuration +NODE_ENV = "production" +PORT = "8080" +CONTROL_PANEL_ENABLED = "true" +SCREENSHOTS_DIR = "/app/payload-fire-images" +TRUFFLEHOG_URL = "http://${TRUFFLEHOG_HOST}:${TRUFFLEHOG_PORT}/trufflehog" + +# Port Configuration +APP_PORT = "8080" +TRUFFLEHOG_HOST = "xsshunterexpress-trufflehog" +TRUFFLEHOG_PORT = "8000" + +# Optional Services (disabled by default) +SENTRY_DSN = "" +SENTRY_ENABLED = "false" +USE_CLOUD_STORAGE = "false" +BUCKET_NAME = "" + +[[config.mounts]] +filePath = "./payload-fire-images" +content = "Directory for storing XSS payload screenshots and collected data" diff --git a/blueprints/xsshunter/xsshunter.png b/blueprints/xsshunter/xsshunter.png new file mode 100644 index 00000000..ed14d7d0 Binary files /dev/null and b/blueprints/xsshunter/xsshunter.png differ diff --git a/meta.json b/meta.json index 095d350f..540e970e 100644 --- a/meta.json +++ b/meta.json @@ -5253,6 +5253,23 @@ "cms" ] }, + { + "id": "xsshunter", + "name": "XSSHunter", + "version": "latest", + "description": "XSSHunter is an open-source platform designed to identify and exploit blind Cross-Site Scripting (XSS) vulnerabilities. It provides security researchers, bug bounty hunters, and penetration testers with a comprehensive toolkit for detecting XSS flaws that are otherwise difficult to discover through traditional testing methods.", + "logo": "xsshunter.png", + "links": { + "github": "https://github.com/rs-loves-bugs/xsshunter", + "website": "https://github.com/rs-loves-bugs/xsshunter", + "docs": "https://github.com/rs-loves-bugs/xsshunter#requirements" + }, + "tags": [ + "pentest", + "xsshunter", + "bugbounty" + ] + }, { "id": "yamtrack", "name": "Yamtrack",