xsshunter-express – Self-Hosted Blind XSS Payload Capture and Analysis
XSSHunter-Express是一款自托管的Docker化盲XSS追踪平台,支持快速部署和丰富的数据捕捉功能。 2025-8-11 01:0:0 Author: www.darknet.org.uk(查看原文) 阅读量:3 收藏

Blind Cross-Site Scripting (XSS) triggers code in contexts you can’t directly observe. Internal dashboards, ticketing systems, and admin panels, these often unseen environments, can render injected payloads long after their insertion. Tracking those events requires infrastructure that is fast to deploy, secure, and autonomous.

xsshunter-express - Self-Hosted Blind XSS Payload Capture and Analysis.png

xsshunter‑express is a self‑hosted, Docker‑based blind XSS tracking platform. It deploys in under five minutes and provides rich capture context, including screenshots, complete DOM, cookie and header capture, and payload correlation. It builds on darknet.org.uk’s earlier XSS tooling coverage like XSS‑Proxy, XSStrike, and XSSYA, advancing the blind XSS narrative with automation and forensic depth.

Key Features

  • Dockerised—minimal dependencies, rapid deployment
  • Auto-TLS via Let’s Encrypt with automatic renewal
  • Full-page screenshots and DOM capture on payload trigger
  • Captures non-HTTPOnly cookies, referrer, user agent, iframe context
  • Optional headless mode—email-only alerts if UI is disabled
  • Correlation of triggers to injection points
  • Secondary JS execution for chaining attacks post-capture

Installation

Requirements:

  • Server or VPS with ≥ 2 GB RAM
  • Docker and Docker-Compose are installed
  • DNS hostname mapped to server IP
  • Optional SMTP credentials for email alerts

Commands:

git clone https://github.com/mandatoryprogrammer/xsshunter-express.git

cd xsshunter-express

Edit docker-compose.yml to set:

  • HOSTNAME for payloads/UI
  • SSL_CONTACT_EMAIL for TLS
  • SMTP fields for email (if needed)
  • CONTROL_PANEL_ENABLED false to disable UI

docker-compose up -d postgresdb

docker-compose up xsshunterexpress

On start‑up, an admin password appears in the logs. Log in via: https:///admin/

CLI Help Output

Usage: xsshunter-express [options]

Options:

--help Show help [boolean]

--version Show version number [boolean]

--config Path to config file [string]

--no-ui Disable web UI; email only [boolean]

--smtp-host SMTP host for email alerts [string]

--smtp-port SMTP port [number] --smtp-user SMTP username [string]

--smtp-pass SMTP password [string]

--hostname Base hostname for redirects [string]

--ssl-email Lets Encrypt contact email [string]

Attack Scenario

During a pentest on a customer support portal, a tester injects this into the “Issue Description” field. When a support agent later views the ticket, the script fires. xsshunter-express logs a full-page screenshot, the DOM, visitor cookies, headers, and iframe context. The tester gains proof of exploitation, rich forensic insight for chaining deeper attacks.

You can download XSSHunter or read more here: https://github.com/mandatoryprogrammer/xsshunter-express


文章来源: https://www.darknet.org.uk/2025/08/xsshunter-express-self-hosted-blind-xss-payload-capture-and-analysis/
如有侵权请联系:admin#unsafe.sh