Recently XSSHunter.com decided to stop signups and soon stopping it’s services. You’ll need to host your own version of XSSHunter. I wrote an article about my fork of XSSHunter Express. Since making that article I wanted to make the process of setting up XSSHunter easier so I made a script for it. I’ll be referencing my repo https://github.com/adamjsturge/easy-xsshunter-express throughout this article.
Note: Discord Integration was recently added and is included in the new setup script. I wrote a more in-depth write up below
First step is to grab the script for Github.
curl -fsSL https://raw.githubusercontent.com/adamjsturge/easy-xsshunter-express/master/easy-xsshunter-express.sh -o easy-xsshunter-express.sh
Once we grab the script, we are going to run it with bash.
sudo bash easy-xsshunter-express.sh
The script is now going to prompt you through the setup. We are going to decide wether we need docker installed or we if we already have it installed.
After that, we have will have to choose between which Github repo we want to pull from. The official repo or my forked repo. The biggest benefit of the forked repo is having access to slack/discord alerts. I programmed it and think it’s incredibly helpful when using this tool.
The basic setup is gonna be the thing that saves you the most time. It will prompt you for environment variables. You can leave options blank to keep the default options. If you skip past any of the variables, you’ll need to go into docker-compose.yml
and make changes. I recommend reading the xsshunter-express README.md if you have to make changes.
To start the application you’ll need to use the commands below. I still recommend reading the original README.md because there are thing you’ll need to know.
# Change into the repo directory
cd xsshunter-express/
# Start up postgres in the background
docker compose up -d postgresdb
# Start up the service
docker compose up xsshunterexpress
On first start up the password will be printed once. Please remember to save it somewhere.
If you get stuck at any point, it’s worth referencing my article about setting this up XSSHunter Alerts and the README.md
Digital Ocean: https://m.do.co/c/a165a29be76c
VPSCheap: https://crm.vpscheap.net/aff.php?aff=27
My Twitter: https://twitter.com/adamjsturge
If you enjoy reading stories like these and want to support me as a writer, consider signing up to become a Medium member. It’s $5 a month, giving you unlimited access to thousands of articles, including my own. If you sign up using my link, I’ll earn a small commission with no extra cost to you.