https://github.com/al-azif/exploit-host-http

Docker based HTTP(S) component of the Exploit Host
https://github.com/al-azif/exploit-host-http

docker nginx server shell

Last synced: 8 days ago
JSON representation

Docker based HTTP(S) component of the Exploit Host

• Host: GitHub
• URL: https://github.com/al-azif/exploit-host-http
• Owner: Al-Azif
• License: mit
• Created: 2020-10-25T03:01:20.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2024-05-12T20:53:32.000Z (6 months ago)
• Last Synced: 2024-05-13T19:31:55.928Z (6 months ago)
• Topics: docker, nginx, server, shell
• Language: Shell
• Homepage: https://hub.docker.com/r/alazif/exploit-host-http
• Size: 44.9 KB
• Stars: 9
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Exploit Host HTTP

Purpose made HTTP Docker file setup for hosting exploits for the web browser for Sony PlayStation devices and the Nintendo Wii/WiiU/Switch. This essentially has to be used with the [Exploit Host DNS](https://github.com/Al-Azif/exploit-host-DNS) component. It's possible to use it "standalone", but will require something to make the browser send the correct `Host` header with it's HTTP(S) requests.

## Features

When used in conjunction with [Exploit Host DNS](https://github.com/Al-Azif/exploit-host-DNS) following features are available:

- Enables internet speed tests

- Enables serving custom system updates

- Hijacks system update feature pages

- Hijacks default browser landing pages (Connection Tests, User's Manuals, and Browser Homepages)

  - Redirect is cached (It is not cached on PS5 as it becomes permanent)

  - Prepackaged with the latest Exploit Host website

  - Can redirect to an external page, to a self hosted site, or to the included Exploit Host website

## Usage

This is setup to work right out of the box with [Exploit Host DNS](https://github.com/Al-Azif/exploit-host-DNS). There are a lot of options for your individual hosting wants/needs; however, I'll only show the basic usage here.

### Command Line

This command will always pull the latest image from Docker Hub, run on the main Docker bridge network, and it will restart if it's not running until you explicitly tell it to stop.

`docker run -d --network bridge -p 80:80/tcp -p 443:443/tcp --restart unless-stopped --pull always alazif/exploit-host-http:latest`

### Composer

This composer file will do the same as the command above.

```yml

---

version: "3.8"

services:

  exploit-host-http:

    image: alazif/exploit-host-http:latest

    network_mode: bridge

    ports:

      - 80:80/tcp

      - 443:443/udp

    pull_policy: always

    restart: unless-stopped

```

Start the compose file by calling `docker compose up -d` from the same location as the composer file.

## Options (Environment Variables)

| Option                          | Default       | Type           | Info     |

|:--------------------------------|:--------------|:---------------|:---------|

| DEBUG                           | `false`       | boolean        | Show debug output for `entrypoint.sh` in the Docker log. |

| REDIRECT_TYPE                   | `http`        | string         | The protocol that is used for the hijacked landing page redirect. Valid values are `http` and `https`. |

| ROOT_DOMAIN                     | `the.gate`    | string         | The root domain that is used for  hijacked landing page redirect. This is **ONLY** the domain itself. |

| ROOT_DOMAIN_PATH                | none          | string         | Additional path to append to root domain for redirect. If needed you can add an alternative port here as well. |

| HIJACK_URL                      | none          | string         | Rather than hosting the hijacked landing page just redirect the request to another domain hosted elsewhere. If this is set, `ROOT_DOMAIN` and `ROOT_DOMAIN_PATH` are ignored. |

| NGINX_ACCESS_LOG                | `false`       | boolean        | Enables the NGINX access log, located at `/var/log/nginx/access.log` |

| NGINX_ERROR_LOG                 | `false`       | boolean        | Enables the NGINX error log, located at `/var/log/nginx/error.log` |

| NGINX_ERROR_LOG_LEVEL           | `warn`        | string         | The error log level for the NGINX error log. Valid values are `debug`, `info`, `notice`, `warn`, `error`, `crit`, `alert`, `emerg`. Ignored if `NGINX_ERROR_LOG` is `false`. |

| TLS                             | `self`        | string         | Valid values are `self`, `letsencrypt`, and `mount`. |

| CF_IP_CORRECTION                | `false`       | boolean        | Automatically correct CloudFlare IP addresses to the real IP address for logging. |

| CF_STRICT                       | `false`       | boolean        | |

| OCSP_STAPLING                   | `false`       | boolean        | |

| SEVER_HASH_BUCKET_SIZE_OVERRIDE | `false`       | boolean        | Overrides the `server_names_hash_bucket_size` option in NGINX to be `64`. Some systems have `32` as the default and that is not enough for our usage. |

## TODO

- [ ] Verify `TLS` options work as expected, I believe certbot for letsencrypt has changed.

- [ ] Make healthcheck.sh

- [ ] Verify `CF_STRICT` still works as expected and hasn't changed.