2021-05-31 19:06:40 +00:00
|
|
|
version: "3.9"
|
|
|
|
|
services:
|
|
|
|
|
# XSS Hunter Express service
|
|
|
|
|
xsshunterexpress:
|
|
|
|
|
build: .
|
|
|
|
|
environment:
|
|
|
|
|
# [REQUIRED] The hostname/domain pointed to
|
|
|
|
|
# the IP of the server running this service.
|
|
|
|
|
# SSL will automatically be set up and
|
|
|
|
|
# renewed with LetsEncrypt.
|
|
|
|
|
- HOSTNAME=your.host.name
|
2023-01-14 20:21:00 +00:00
|
|
|
# THis hostname is where your JS is served out of
|
|
|
|
|
- XSS_HOSTNAME=your.xss.domain
|
2021-05-31 19:06:40 +00:00
|
|
|
# [REQUIRED] Email for SSL
|
|
|
|
|
- SSL_CONTACT_EMAIL=YourEmail@gmail.com
|
|
|
|
|
# Maximum XSS callback payload size
|
|
|
|
|
# This includes the webpage screenshot, DOM HTML,
|
|
|
|
|
# page text, and other metadata. Note that if the
|
|
|
|
|
# payload is above this limit, you won't be notified
|
|
|
|
|
# of the XSS firing.
|
|
|
|
|
- MAX_PAYLOAD_UPLOAD_SIZE_MB=50
|
|
|
|
|
# Whether or not to enable the web control panel
|
|
|
|
|
# Set to "false" or remove to disable the web UI.
|
|
|
|
|
# Useful for minimizing attack surface.
|
|
|
|
|
- CONTROL_PANEL_ENABLED=true
|
|
|
|
|
# Whether or not to enable email notifications via
|
|
|
|
|
# SMTP for XSS payload fires.
|
|
|
|
|
- SMTP_EMAIL_NOTIFICATIONS_ENABLED=true
|
|
|
|
|
- SMTP_HOST=smtp.gmail.com
|
|
|
|
|
- SMTP_PORT=465
|
|
|
|
|
- SMTP_USE_TLS=true
|
|
|
|
|
- SMTP_USERNAME=YourEmail@gmail.com
|
|
|
|
|
- SMTP_PASSWORD=YourEmailPassword
|
|
|
|
|
- SMTP_FROM_EMAIL=YourEmail@gmail.com
|
|
|
|
|
- SMTP_RECEIVER_EMAIL=YourEmail@gmail.com
|
2023-01-14 18:15:29 +00:00
|
|
|
# CLIENT ID FOR OAUTH LOGIN
|
|
|
|
|
- CLIENT_ID=your_client_id
|
|
|
|
|
- CLIENT_SECRET=your_client_secret
|
2023-01-17 04:35:16 +00:00
|
|
|
# GENERATE A RANDOM LONG STRING FOR THIS
|
|
|
|
|
- SESSION_SECRET_KEY=
|
2021-05-31 19:06:40 +00:00
|
|
|
# THERE IS NO NEED TO MODIFY BELOW THIS LINE
|
|
|
|
|
# ------------------------------------------
|
|
|
|
|
# FEEL FREE, BUT KNOW WHAT YOU'RE DOING.
|
|
|
|
|
# Where XSS screenshots are stored
|
|
|
|
|
- SCREENSHOTS_DIR=/app/payload-fire-images
|
|
|
|
|
- DATABASE_NAME=xsshunterexpress
|
|
|
|
|
- DATABASE_USER=xsshunterexpress
|
|
|
|
|
- DATABASE_PASSWORD=xsshunterexpress
|
|
|
|
|
- DATABASE_HOST=postgresdb
|
|
|
|
|
- NODE_ENV=production
|
2023-01-19 03:38:48 +00:00
|
|
|
- USE_CLOUD_STORAGE=true
|
|
|
|
|
- BUCKET_NAME=YourBucket
|
2021-05-31 19:06:40 +00:00
|
|
|
ports:
|
|
|
|
|
- "80:80"
|
|
|
|
|
- "443:443"
|
|
|
|
|
volumes:
|
|
|
|
|
# Stores the SSL/TLS certificates and keys
|
|
|
|
|
# in the "ssldata" directory.
|
|
|
|
|
# Your certificates are automatically renewed
|
|
|
|
|
# via LetsEncrypt, no extra work needed!
|
|
|
|
|
- ./ssldata:/app/greenlock.d
|
|
|
|
|
# Directory where payload fire images are stored.
|
|
|
|
|
- ./payload-fire-images:/app/payload-fire-images
|
|
|
|
|
# Comment out if you're using an external SQL
|
|
|
|
|
# server and have commented out the DB section.
|
|
|
|
|
depends_on:
|
|
|
|
|
- postgresdb
|
|
|
|
|
# Postgres server to store injection data (not including
|
|
|
|
|
# screenshots which are stored separately).
|
|
|
|
|
# NOTE: If you're using an external SQL server, you can comment
|
|
|
|
|
# out this service.
|
|
|
|
|
# WARNING: This database gives the "postgres" user admin priveleges
|
|
|
|
|
# with a default password of "xsshunterexpress". Do not expose it
|
|
|
|
|
# externally. If you do, be sure to change the password.
|
|
|
|
|
postgresdb:
|
|
|
|
|
image: postgres
|
|
|
|
|
restart: always
|
|
|
|
|
environment:
|
|
|
|
|
# This is a volume mounted into the container
|
|
|
|
|
# (see the directory ./postgres-db-data)
|
|
|
|
|
# So the database will be persisted across
|
|
|
|
|
# container deletion.
|
|
|
|
|
PGDATA: /var/lib/postgresql/data/pgdata
|
|
|
|
|
POSTGRES_USER: xsshunterexpress
|
|
|
|
|
POSTGRES_DB: xsshunterexpress
|
|
|
|
|
POSTGRES_PASSWORD: xsshunterexpress
|
|
|
|
|
volumes:
|
|
|
|
|
- ./postgres-db-data:/var/lib/postgresql/data/pgdata
|
