XSSHunter Slack Alerts

Adam J Sturge
3 min readDec 9, 2022

This is a tutorial of how to setup XSSHunter with Slack Alerts

This is my fork of XSS Hunter https://github.com/adamjsturge/xsshunter-express Below are two other articles that are worth going to! Those both use a new script that I made for the purpose of setting up XSSHunter fast!

This is the only fork that I know of that has Slack integration and I made it myself so I give it my own stamp.

I use both Digital Ocean and VPSCheap feel free to click on my affiliate links or not.

My first recommendation to save yourself headache and time is to point your domain to wherever you are hosting before we start this process. Also have open the default README.md to do along with this. We also made a script that can be read about here

git clone https://github.com/adamjsturge/xsshunter-express.git

We need to make some changes to the default yml that XSS Hunter uses. You can use your favorite terminal code editor

cd xsshunter-express
vi docker-compose.yml

Things we need to change
- HOSTNAME to your domain
- SSL_CONTACT_EMAIL to your email address
- SMTP_EMAIL_NOTIFICATIONS_ENABLED=false

Email notifcations aren’t necessary when you have slack notification
For the SLACK_WEBHOOK go to https://slack.com/help/articles/115005265063-Incoming-webhooks-for-Slack

curl -X POST --data-urlencode "payload={\"channel\": \"#xssalerting\", \"username\": \"webhookbot\", \"text\": \"This is posted to #xssalerting and comes from a bot named webhookbot.\", \"icon_emoji\": \":ghost:\"}" https://hooks.slack.com/services/

This Curl will let you text that your webhook is working

To get a webhook for your channel and make sure your yml one matches
The SLACK_WEBHOOK in the yml needs to start…