XSSHunter Slack Alerts
--
This is a tutorial of how to setup XSSHunter with Slack Alerts
This is my fork of XSS Hunter https://github.com/adamjsturge/xsshunter-express Below are two other articles that are worth going to! Those both use a new script that I made for the purpose of setting up XSSHunter fast!
This is the only fork that I know of that has Slack integration and I made it myself so I give it my own stamp.
I use both Digital Ocean and VPSCheap feel free to click on my affiliate links or not.
My first recommendation to save yourself headache and time is to point your domain to wherever you are hosting before we start this process. Also have open the default README.md to do along with this. We also made a script that can be read about here
git clone https://github.com/adamjsturge/xsshunter-express.git
We need to make some changes to the default yml that XSS Hunter uses. You can use your favorite terminal code editor
cd xsshunter-express
vi docker-compose.yml
Things we need to change
- HOSTNAME to your domain
- SSL_CONTACT_EMAIL to your email address
- SMTP_EMAIL_NOTIFICATIONS_ENABLED=false
Email notifcations aren’t necessary when you have slack notification
For the SLACK_WEBHOOK go to https://slack.com/help/articles/115005265063-Incoming-webhooks-for-Slack
curl -X POST --data-urlencode "payload={\"channel\": \"#xssalerting\", \"username\": \"webhookbot\", \"text\": \"This is posted to #xssalerting and comes from a bot named webhookbot.\", \"icon_emoji\": \":ghost:\"}" https://hooks.slack.com/services/
This Curl will let you text that your webhook is working
To get a webhook for your channel and make sure your yml one matches
The SLACK_WEBHOOK in the yml needs to start…