Initial revision (3.1.4)

Author: jaymoulin

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,57 @@
+<!--
+If you are reporting a new issue, make sure that we do not have any duplicates
+already open. You can ensure this by searching the issue list for this
+repository. If there is a duplicate, please close your issue and add a comment
+to the existing issue instead.
+
+If you suspect your issue is a bug, please edit your issue description to
+include the BUG REPORT INFORMATION shown below. If you fail to provide this
+information within 7 days, we cannot debug your issue and will close it. We
+will, however, reopen it if you later provide the information.
+
+For more information about reporting issues, see
+https://github.com/femtopixel/docker-xsstrike/blob/master/CONTRIBUTING.md
+
+Please not that I am not part of XSStrike or Docker teams. So please check this
+is not related to one or the other product befroe opening an issue.
+
+You do NOT have to include this information if this is a FEATURE REQUEST
+
+If you find this useful, please consider starring the repo and/or donating.
+People showing interest attract more attention ;)
+-->
+
+**Output of `docker inspect femtopixel/xsstrike --format='{{index .Config.Labels.version}}'`:**
+
+```
+(paste your output here)
+```
+
+**Description**
+
+<!--
+Briefly describe the problem you are having in a few paragraphs.
+-->
+
+**Command line I used to start the container**
+
+**Steps to reproduce the issue:**
+1.
+2.
+3.
+
+**Describe the results you received:**
+
+
+**Describe the results you expected:**
+
+
+**Additional information you deem important (e.g. issue happens only occasionally):**
+
+**Provide some logs**
+
+<details>
+<pre>
+(paste logs)
+</pre>
+</details>

.gitignore

@@ -0,0 +1,3 @@
+qemu-*-static
+*.yaml
+.Dockerfile

.travis.yml

@@ -0,0 +1,21 @@
+sudo: required
+dist: xenial
+services:
+    - docker
+
+before_install:
+    - sudo apt update && sudo apt install make -y
+    - git clone https://github.com/estesp/manifest-tool && cd manifest-tool && git checkout v0.9.0 && sudo make && sudo make install && cd .. && rm -Rf manifest-tool
+    - docker run --rm --privileged multiarch/qemu-user-static:register
+    - sudo apt install -y qemu qemu-user-static qemu-user binfmt-support
+
+script:
+    - echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_LOGIN" --password-stdin
+    - travis_wait 100 make build
+
+deploy:
+    provider: script
+    script:
+        - make publish latest
+    on:
+        branch: master

CONTRIBUTING.md

@@ -0,0 +1,24 @@
+How to Contribute
+=================
+
+This project welcomes your contribution. There are several ways to help out:
+
+* Create an [issue](https://github.com/femtopixel/docker-xsstrike/issues/) on GitHub,
+if you have found a bug or have an idea for a feature
+* Write test cases for open bug issues
+* Write patches for open bug/feature issues
+
+Issues
+------
+
+* Submit an [issue](https://github.com/femtopixel/xsstrike/issues/)
+  * Make sure it does not already exist.
+  * Clearly describe the issue including steps to reproduce, when it is a bug.
+  * Make sure you note the version you use.
+
+Additional Resources
+--------------------
+
+* [Existing issues](https://github.com/femtopixel/docker-xsstrike/issues/)
+* [General GitHub documentation](https://help.github.com/)
+* [GitHub pull request documentation](https://help.github.com/send-pull-requests/)

Dockerfile

@@ -0,0 +1,20 @@
+FROM python:alpine as builder
+
+COPY qemu-*-static /usr/bin/
+
+FROM builder
+
+ARG VERSION=3.1.4
+ARG VERSION_LABEL=3.1.4
+LABEL maintainer="Jay MOULIN <jaymoulin@gmail.com> <https://twitter.com/MoulinJay>"
+LABEL version=${VERSION_LABEL}
+#Use alpine to save disk space
+RUN apk add --no-cache git bash &&\
+    git clone https://github.com/s0md3v/XSStrike.git &&\
+    cd ./XSStrike &&\
+    git checkout ${VERSION} &&\
+    pip install -U pip &&\
+    pip install -r requirements.txt &&\
+    apk del --purge git
+WORKDIR /XSStrike/
+ENTRYPOINT ["python","xsstrike.py"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 FemtoPixel
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,21 @@
+VERSION ?= 3.1.4
+CACHE ?= --no-cache=1
+FULLVERSION ?= ${VERSION}
+archs ?= arm32v7 amd64 i386 arm64v8 arm32v6
+
+.PHONY: docker build publish latest
+docker: build publish latest
+build:
+	cp -r /usr/bin/qemu-*-static .
+	$(foreach arch,$(archs), \
+		cat Dockerfile | sed "s/FROM python:alpine/FROM ${arch}\/python:alpine/g" > .Dockerfile; \
+		docker build -t femtopixel/xsstrike:${VERSION}-$(arch) --build-arg VERSION=${VERSION} --build-arg VERSION_LABEL=${VERSION}-$(arch) -f .Dockerfile ${CACHE} .;\
+	)
+publish:
+	docker push femtopixel/xsstrike
+	cat manifest.yml | sed "s/\$$VERSION/${VERSION}/g" > manifest.yaml
+	cat manifest.yaml | sed "s/\$$FULLVERSION/${FULLVERSION}/g" > manifest2.yaml
+	mv manifest2.yaml manifest.yaml
+	manifest-tool push from-spec manifest.yaml
+latest: build
+	FULLVERSION=latest VERSION=${VERSION} make publish

README.md

@@ -0,0 +1,86 @@
+![logo](logo.png "logo")
+
+XSStrike - Docker Image
+==========================
+
+[![latest release](https://img.shields.io/github/release/femtopixel/docker-xsstrike.svg "latest release")](http://github.com/femtopixel/docker-xsstrike/releases)
+[![Docker Pulls](https://img.shields.io/docker/pulls/femtopixel/xsstrike.svg)](https://hub.docker.com/r/femtopixel/xsstrike/)
+[![Docker stars](https://img.shields.io/docker/stars/femtopixel/xsstrike.svg)](https://hub.docker.com/r/femtopixel/xsstrike/)
+[![Bitcoin donation](https://github.com/jaymoulin/jaymoulin.github.io/raw/master/btc.png "Bitcoin donation")](https://m.freewallet.org/id/374ad82e/btc)
+[![Litecoin donation](https://github.com/jaymoulin/jaymoulin.github.io/raw/master/ltc.png "Litecoin donation")](https://m.freewallet.org/id/374ad82e/ltc)
+[![PayPal donation](https://github.com/jaymoulin/jaymoulin.github.io/raw/master/ppl.png "PayPal donation")](https://www.paypal.me/jaymoulin)
+[![Buy me a coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png "Buy me a coffee")](https://www.buymeacoffee.com/3Yu8ajd7W)
+
+
+This image allows you to have [XSStrike](https://github.com/s0md3v/XSStrike) installed easily thanks to Docker.
+
+Usage
+---
+
+```bash
+docker run --rm -ti femtopixel/xsstrike
+```
+
+```
+
+	XSStrike v3.1.4
+
+
+usage: xsstrike.py [-h] [-u target] [--data paramdata] [-e encode] [--fuzzer]
+                   [--update] [--timeout timeout] [--proxy] [--params]
+                   [--crawl] [--json] [--path] [--seeds args_seeds]
+                   [-f args_file] [-l level] [--headers [add_headers]]
+                   [-t threadcount] [-d delay] [--skip] [--skip-dom] [--blind]
+                   [--console-log-level {debug,info,run,good,warning,error,critical,vuln}]
+                   [--file-log-level {debug,info,run,good,warning,error,critical,vuln}]
+                   [--log-file log_file]
+
+optional arguments:
+  -h, --help            show this help message and exit
+  -u target, --url target
+                        url
+  --data paramdata      post data
+  -e encode, --encode encode
+                        encode payloads
+  --fuzzer              fuzzer
+  --update              update
+  --timeout timeout     timeout
+  --proxy               use prox(y|ies)
+  --params              find params
+  --crawl               crawl
+  --json                treat post data as json
+  --path                inject payloads in the path
+  --seeds args_seeds    load crawling seeds from a file
+  -f args_file, --file args_file
+                        load payloads from a file
+  -l level, --level level
+                        level of crawling
+  --headers [add_headers]
+                        add headers
+  -t threadcount, --threads threadcount
+                        number of threads
+  -d delay, --delay delay
+                        delay between requests
+  --skip                don't ask to continue
+  --skip-dom            skip dom checking
+  --blind               inject blind xss payload while crawling
+  --console-log-level {debug,info,run,good,warning,error,critical,vuln}
+                        console logging level
+  --file-log-level {debug,info,run,good,warning,error,critical,vuln}
+                        file logging level
+  --log-file log_file   name of the file to log
+
+```
+
+Just pass the parameters after the command. (eg. `docker run --rm -ti femtopixel/xsstrike -u https://www.example.com`)
+
+Appendixes
+---
+
+### Install Docker
+
+If you don't have Docker installed yet, you can do it easily in one line using this command
+ 
+```
+curl -sSL "https://gist.githubusercontent.com/jaymoulin/e749a189511cd965f45919f2f99e45f3/raw/0e650b38fde684c4ac534b254099d6d5543375f1/ARM%2520(Raspberry%2520PI)%2520Docker%2520Install" | sudo sh && sudo usermod -aG docker $USER
+```

manifest.yml

@@ -0,0 +1,29 @@
+image: femtopixel/xsstrike:$FULLVERSION
+manifests:
+  -
+    image: femtopixel/xsstrike:$VERSION-arm32v6
+    platform:
+      architecture: arm
+      variant: v6
+      os: linux
+  -
+    image: femtopixel/xsstrike:$VERSION-arm64v8
+    platform:
+      architecture: arm64
+      os: linux
+  -
+    image: femtopixel/xsstrike:$VERSION-arm64v8
+    platform:
+      architecture: arm
+      variant: v8
+      os: linux
+  -
+    image: femtopixel/xsstrike:$VERSION-amd64
+    platform:
+      architecture: amd64
+      os: linux
+  -
+    image: femtopixel/xsstrike:$VERSION-i386
+    platform:
+      architecture: 386
+      os: linux