What is XSS Hunter?
XSS Hunter allows you to find all kinds of cross-site scripting (XSS) vulnerabilities on the web, including Blind XSS that are often overlooked (basically I can’t see it, I have to insert the payload to miss others. access and trigger XSS to know). The service works by saving dedicated XSS payloads, using JS to capture screenshots, cookies, etc., and then sending them to XSS Hunter’s server. From there we can see who triggered the XSS, which screen triggered the XSS, … (and also proved to pass through the CSP). Well, another convenience is that every time XSS Hunter receives the data, it will email you, and from there you can check immediately.
Install XSS Hunter Express
Although you can still use XSS Hunter now, but as announced, it will be shutdown next year, you need to have your own server or someone else to host XSS Hunter for you to use.
Self-hosting will make it possible for us to host everything ourselves, you have control over that server. Additionally, this ensures that only you can see your results. You can get notifications faster, emails don’t go to spam folder anymore. Or you can add a webhook code to post data to chat channels like slack, discord, … to receive notifications even faster.
Currently XSS Hunter Express is open source on Github
https://github.com/mandatoryprogrammer/xsshunter-express (slightly few stars, anyone can star for the author to improve the code, add more new features)
DNS settings
To use XSS Hunter Express we need to have a domain name, you can register several free domains on https://dot.tk , https://freenom.com . Here I use Cloudflare to configure DNS
Configure DNS according to the config as shown above, use Type A to point DNS to the server you will host XSS Hunter Express. The name you can leave or not, if you leave it, it will be the subdomain (as shown on the image on the domain it will become xss.example.com ), without the name it will become the root domain.
Configuring XSS Hunter Express
Once the DNS is installed, we will SSH to our VPS, clone the repo https://github.com/mandatoryprogrammer/xsshunter-express and continue configuring.
1 2 3 | <span class="token function">git</span> clone --depth <span class="token number">1</span> https://github.com/mandatoryprogrammer/xsshunter-express <span class="token builtin class-name">cd</span> xsshunter-express |
Well with one more requirement, we use docker to deploy, so you need to install docker and docker-compose to be able to deploy.
After executing the above command, we will have a directory structure like this, edit the docker-compose.yml file to configure XSS Hunter. You can use your favorite editor, here I use vim
Here are a few values that we need to change
- HOSTNAME: edit this value according to the domain you just registered in the DNS setting step
- SSL_CONTACT_EMAIL: XSSHunter will use LetsEncrypt to generate an SSL certificate to use. Enter the email address that will be used for this SSL certificate.
The SMTP part will be used to send email notifications if the victim activates XSS
- SMTP_USERNAME: Enter your gmail here
- SMTP_PASSWORD: Password of gmail
- SMTP_FROM_EMAIL: Your Email
- SMTP_RECEIVER_EMAIL: The email you want to send
The value of the Database you can change or not.
Run away!
After the configuration is successful, we just need to do a very simple thing, type the command below and it’s done
1 2 | docker-compose up |
Your job now is to wait, wait for docker to do its job. Pull the images back and automatically setup and install letsencrypt and everything (very convenient).
Setup is complete, if it displays on the screen like this, you have successfully installed it, and if there is a bug, please comment below this article, I know, I will support
And please save the password to access the admin control panel, otherwise you will be tired of looking for people
Try accessing your domain
It will display a warning like this, a few lines of notice that I am using XSS Hunter for the purpose of testing xss + playing bug bounty hunter for the vendor to know
To access the admin control panel, go to https://xss.example.com/admin/ and enter the password you just got in the terminal displayed. We will get a system that looks like this
There are some XSS Hunter payloads available for you, you can try it on any website that has XSS and try it out
Which page triggers XSS, XSS Hunter will take a screenshot of the trigger + the necessary information sent to the system. You can take pictures and report them to bug bounty programs
There are a few more features waiting for you to discover
Through this, I have guided you to deploy XSS Hunter Express in case xsshunter.com teo (but should also use my system for it to be safe and stable). If there are any errors, you can comment below the article. See you