xsshunter/docker-compose.yml
2023-01-16 20:35:16 -08:00

86 lines
3.3 KiB
YAML

version: "3.9"
services:
# XSS Hunter Express service
xsshunterexpress:
build: .
environment:
# [REQUIRED] The hostname/domain pointed to
# the IP of the server running this service.
# SSL will automatically be set up and
# renewed with LetsEncrypt.
- HOSTNAME=your.host.name
# THis hostname is where your JS is served out of
- XSS_HOSTNAME=your.xss.domain
# [REQUIRED] Email for SSL
- SSL_CONTACT_EMAIL=YourEmail@gmail.com
# Maximum XSS callback payload size
# This includes the webpage screenshot, DOM HTML,
# page text, and other metadata. Note that if the
# payload is above this limit, you won't be notified
# of the XSS firing.
- MAX_PAYLOAD_UPLOAD_SIZE_MB=50
# Whether or not to enable the web control panel
# Set to "false" or remove to disable the web UI.
# Useful for minimizing attack surface.
- CONTROL_PANEL_ENABLED=true
# Whether or not to enable email notifications via
# SMTP for XSS payload fires.
- SMTP_EMAIL_NOTIFICATIONS_ENABLED=true
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=465
- SMTP_USE_TLS=true
- SMTP_USERNAME=YourEmail@gmail.com
- SMTP_PASSWORD=YourEmailPassword
- SMTP_FROM_EMAIL=YourEmail@gmail.com
- SMTP_RECEIVER_EMAIL=YourEmail@gmail.com
# CLIENT ID FOR OAUTH LOGIN
- CLIENT_ID=your_client_id
- CLIENT_SECRET=your_client_secret
# GENERATE A RANDOM LONG STRING FOR THIS
- SESSION_SECRET_KEY=
# THERE IS NO NEED TO MODIFY BELOW THIS LINE
# ------------------------------------------
# FEEL FREE, BUT KNOW WHAT YOU'RE DOING.
# Where XSS screenshots are stored
- SCREENSHOTS_DIR=/app/payload-fire-images
- DATABASE_NAME=xsshunterexpress
- DATABASE_USER=xsshunterexpress
- DATABASE_PASSWORD=xsshunterexpress
- DATABASE_HOST=postgresdb
- NODE_ENV=production
ports:
- "80:80"
- "443:443"
volumes:
# Stores the SSL/TLS certificates and keys
# in the "ssldata" directory.
# Your certificates are automatically renewed
# via LetsEncrypt, no extra work needed!
- ./ssldata:/app/greenlock.d
# Directory where payload fire images are stored.
- ./payload-fire-images:/app/payload-fire-images
# Comment out if you're using an external SQL
# server and have commented out the DB section.
depends_on:
- postgresdb
# Postgres server to store injection data (not including
# screenshots which are stored separately).
# NOTE: If you're using an external SQL server, you can comment
# out this service.
# WARNING: This database gives the "postgres" user admin priveleges
# with a default password of "xsshunterexpress". Do not expose it
# externally. If you do, be sure to change the password.
postgresdb:
image: postgres
restart: always
environment:
# This is a volume mounted into the container
# (see the directory ./postgres-db-data)
# So the database will be persisted across
# container deletion.
PGDATA: /var/lib/postgresql/data/pgdata
POSTGRES_USER: xsshunterexpress
POSTGRES_DB: xsshunterexpress
POSTGRES_PASSWORD: xsshunterexpress
volumes:
- ./postgres-db-data:/var/lib/postgresql/data/pgdata