{"id":23721066,"url":"https://github.com/nhas/gohunt","last_synced_at":"2025-09-03T21:31:27.304Z","repository":{"id":261663810,"uuid":"883892510","full_name":"NHAS/gohunt","owner":"NHAS","description":"Hunt for Blind XSS, A revival of XSSHunter written in Golang, GoHunt brings all your favorite XSSHunter functionality. Plus quality of life improvements!","archived":false,"fork":false,"pushed_at":"2024-11-10T04:38:47.000Z","size":17044,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-24T22:44:14.099Z","etag":null,"topics":["blind-xss","golang","hacking","pentesting","web","xss","xsshunter"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NHAS.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-05T18:58:45.000Z","updated_at":"2024-11-10T04:38:50.000Z","dependencies_parsed_at":"2024-11-07T19:39:53.095Z","dependency_job_id":null,"html_url":"https://github.com/NHAS/gohunt","commit_stats":null,"previous_names":["nhas/gohunt"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NHAS%2Fgohunt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NHAS%2Fgohunt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NHAS%2Fgohunt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NHAS%2Fgohunt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NHAS","download_url":"https://codeload.github.com/NHAS/gohunt/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231918505,"owners_count":18445748,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blind-xss","golang","hacking","pentesting","web","xss","xsshunter"],"created_at":"2024-12-30T22:16:53.264Z","updated_at":"2024-12-30T22:16:54.033Z","avatar_url":"https://github.com/NHAS.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GoHunt\n\nA revival of [XSSHunter](https://github.com/mandatoryprogrammer/xsshunter), `GoHunt` brings all your favorite `XSSHunter` functionality. Plus quality of life improvements!\n\n![image](https://github.com/user-attachments/assets/310053ad-0d92-42bc-ae72-fa439e567373)\n\n![image](https://github.com/user-attachments/assets/3dd8a917-b313-4c34-929d-4df67c648c31)\n\n![image](https://github.com/user-attachments/assets/d2a48ad0-cf17-48a6-a58b-055432efcb8c)\n\n![image](https://github.com/user-attachments/assets/14bd78dd-9938-43ef-919a-0c1b87e5241c)\n\n\nMain changes:\n- Single golang binary or docker deployment\n- Additional notification methods \n- Bulk deletion/editing \n- Single Sign on\n\n\n## Requirements\n* A domain name\n* Docker/Podman\n* Ability to set DNS records\n\n## Setup\n\nSet a wildcard DNS record to your GoHunt instance\n```sh\nexample.com A \u003cYOUR INSTANCE IP\u003e\n*.example.com CNAME example.com\n```\n\nCreate an `.env` file, you can use the `.env.dev` as a template.\n```sh\nDOMAIN=localhost:8081\nGOHUNT_USERNAME=test\nDB_PASSWORD=averystrongpassword\n#GOHUNT_PASSWORD=yourstrongpasswordhere (optional)\n```\n\nRemember to set your `DOMAIN`!\n\nStart the `docker-compose.yaml`:\n```sh\ndocker compose -f docker-compose.yaml up -d\n```\n\nThats it!\n\n## Summary of Functionality\n*Upon signing up you will create a subdomain such as `yoursubdomain.example.com` which identifies your XSS vulnerabilities and hosts your payload. You then use this subdomain in your XSS testing, using injection attempts such as `\"\u003e\u003cscript src=//yoursubdomain.example.com\u003e\u003c/script\u003e`. GoHunt will automatically serve up XSS probes and collect the resulting information when they fire.*\n\n## Features\n* **Single Sign-on** GoHunt supports OIDC for logging in to your service\n* **User Management** Admin users can update and edit user records\n* **Managed XSS payload fires**: Manage all of your XSS payloads in your GoHunt account's control panel, including bulk deleting\n* **Powerful XSS Probes**: The following information is collected everytime a probe fires on a vulnerable page:\n    * The vulnerable page's URI \n    * Origin of Execution \n    * The Victim's IP Address \n    * The Page Referer \n    * The Victim's User Agent \n    * All Non-HTTP-Only Cookies \n    * The Page's Full HTML DOM \n    * Full Screenshot of the Affected Page \n    * Responsible HTTP Request (If an GoHunt compatible tool is used) \n* **Full Page Screenshots**: GoHunt probes utilize the HTML5 canvas API to generate a full screenshot of the vulnerable page which an XSS payload has fired on. With this feature you can peak into internal administrative panels, support desks, logging systems, and other internal web apps. This allows for more powerful reports that show the full impact of the vulnerability to your client or bug bounty program.\n* **XSS Payloads Fire Notifications**: XSS payload fires also send out **webhooks** or **email** notifications, your choice!\n* **Automatic Payload Generation**: GoHunt automatically generates XSS payloads for you to use in your web application security testing.\n* **Correlated Injections**: Perhaps the most powerful feature of GoHunt is the ability to correlated injection attempts with XSS payload fires. By using an [GoHunt/XSSHunter compatible testing tool](https://github.com/mandatoryprogrammer/xsshunter_client) you can know immediately what caused a specific payload to fire (even weeks after the injection attempt was made!).\n* **Option PGP Encryption for Payload Emails**: Extra paranoid? Client-side PGP encryption is available which will encrypt all injection data in the victim's browser before sending it off to the GoHunt service.\n* **Page Grabbing**: Upon your XSS payload firing you can specify a list of relative paths for the payload to automatically retrieve and store. This is useful in finding other vulnerabilities such as bad `crossdomain.xml` policies on internal systems which normally couldn't be accessed.\n* **Secondary Payload Loading**: Got a secondary payload that you want to load after GoHunt has done it's thing? GoHunt offers you the option to specify a secondary JavaScript payload to run after it's completed it's collection.\n* **Confidential Mode**: Dont want to send any details with your notifications? To be safe, this option only means you get notification and no details to your **slack**, **discord**, or email inbox\n\n## Advanced\n\n### Using alternative reverse proxies\n\nGoHunt requires the `X-Forwarded-Proto` and `X-Forwarded-For` headers if running behind a reverse proxy. \nCaddy, by default sends these headers. \nTo parse `X-Forwarded-For` GoHunt also needs to be configured with how many proxies are in-front of your instance, so please set `number_proxies` in the yaml config, or the `NumberProxies` environment variable\n\n## Environment variables\n\nHere is the list of environment variables that gohunt takes. \nPlease read the `Using config file` section for each environment variable purpose, or use `./gohunt -h`\n\n```\nDomain\nListenAddress\nNumberProxies\nFeatures_Signup_Enabled\nFeatures_Oidc_Enabled\nFeatures_Oidc_PublicURL\nFeatures_Oidc_IssuerURL\nFeatures_Oidc_ClientID\nFeatures_Oidc_ClientSecret\nFeatures_Oidc_AdminGroupClaimName\nFeatures_Oidc_AdminGroup\nNotification_SMTP_Enabled\nNotification_SMTP_Host\nNotification_SMTP_Port\nNotification_SMTP_Username\nNotification_SMTP_Password\nNotification_SMTP_FromEmail\nNotification_Webhooks_Enabled\nNotification_Webhooks_SafeDomains\nNotification_Confidential\nDatabase_Host\nDatabase_Port\nDatabase_User\nDatabase_DBname\nDatabase_SSLmode\nDatabase_Password\n```\n\n## Using config file\n\nIf you want to use a yaml config file instead of passing everything via `ENV` variables, use the `config.yaml.example` as a template, and add the following to your docker compose in the `gohunt` section:\n\n```yaml\nvolumes:\n    - ./config.yaml:/config/config.yaml:ro\n```\n\nThe following is all the configuration options and their purpose:\n```yaml\ndomain:         (string) Your gohunt instance domain (add port if not default 443/80)\nlisten_address: (string) The ip:port combination start the golang http server on\nnumber_proxies: (int)    Used to parse X-Forwarded-For\nfeatures: \n  signup:\n      enabled: (bool) Enable or disable account creation\n  oidc:\n   enabled:                (bool)   Enable or disable OIDC SSO integration\n   public_url:             (string) URL of Gohunt instance (option can be determined from domain)\n   issuer_url:             (string) Identity provider URL\n   client_id:              (string) OIDC Client ID\n   client_secret:          (string) OIDC Client Secret\n   admin_group_claim_name: (string) Claim with user groups in it (optional)\n   admin_group_name:       (string) Group that indicates user should be administrator of instance (optional)\n\n  notification:\n    confidential:   (bool) Whether to add xss vulnerablity details to notification\n    smtp:\n      enabled:      (bool)   Enable or disable sending notifications via SMTP\n      host:         (string) Host domain/ip\n      port:         (int)    Port\n      username:     (string) Mailing username\n      password:     (string) Mailing password\n      from:         (string) The sending email address\n    webhooks:\n      enabled:      (bool) Enable or disable sending notifications via webhooks\n      safe_domains: (string array) List of domains that are safe to send to, defaults to [discord.com, slack.com]\n\n  database:\n     host:     (string) Host domain/ip\n     port:     (string) Port\n     user:     (string) Database user\n     password: (string) Database user password\n     dbname:   (string) Which database to use\n     sslmode:  (string) postgres sslmode\n```\n\n## Development\n\n```sh\ndocker compose -f docker-compose.dev.yaml down --remove-orphans\ndocker compose -f docker-compose.dev.yaml --env-file .env.dev up --build --force-recreate\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnhas%2Fgohunt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnhas%2Fgohunt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnhas%2Fgohunt/lists"}