Recently XSSHunter.com decided to stop signups and soon stopping it’s services. You’ll need to host your own version of XSSHunter. I wrote an article about my fork of XSSHunter Express. Since making that article I wanted to make the process of setting up XSSHunter easier so I made a script for it. I’ll be referencing adam’s repo https://github.com/adamjsturge/easy-xsshunter-express throughout this article.

Installation

First step is to grab the script for Github.

curl -fsSL https://raw.githubusercontent.com/adamjsturge/easy-xsshunter-express/master/easy-xsshunter-express.sh -o easy-xsshunter-express.sh

Once we grab the script, we are going to run it with bash.

sudo bash easy-xsshunter-express.sh

The script is now going to prompt you through the setup. We are going to decide wether we need docker installed or we if we already have it installed.

After that, we have will have to choose between which Github repo we want to pull from. The official repo or adam’s forked repo. The biggest benefit of the forked repo is having access to slack alerts. I programmed it and think it’s incredibly helpful when using this tool.

The basic setup is gonna be the thing that saves you the most time. It will prompt you for environment variables. You can leave options blank to keep the default options. If you skip past any of the variables, you’ll need to go into docker-compose.yml and make changes. I recommend reading the xsshunter-express README.md if you have to make changes.

To start the application you’ll need to use the commands below. I still recommend reading the original README.md because there are thing you’ll need to know.

# Change into the repo directory
cd xsshunter-express/
# Start up postgres in the background
docker compose up -d postgresdb
# Start up the service
docker compose up xsshunterexpress

On first start up the password will be printed once. Please remember to save it somewhere.