diff --git a/README.md b/README.md new file mode 100644 index 0000000..6396363 --- /dev/null +++ b/README.md @@ -0,0 +1,46 @@ +# CTF-XSS-BOT + +![Alt text](./assets/bothome.png) + +CTF-XSS-BOT is a flexible template designed for crafting Cross-Site Scripting +(XSS) challenges in Capture The Flag (CTF) competitions. This project provides a +foundation for effortlessly setting up an environment to host XSS challenges, +while utilizing Puppeteer to simulate web browser behavior. + +## Features + +- **Customize APP Name:** Easily set a custom application name to match your challenge theme. +- **White List URL By Regex:** Define a regex pattern to whitelist specific URLs for challenge interaction. +- **Rate Limiting:** Prevent abuse with built-in rate limiting to control participant interactions. + +## Usage + +1. Clone this repository: + ```sh + git clone https://github.com/dimasma0305/CTF-XSS-BOT.git + cd CTF-XSS-BOT + ``` + +2. Customize the source code of your challenge at `./src/*`. + +3. Configure the parameters in `docker-compose.yaml`: + ```yaml + ...snip... + environment: + APPNAME: YourAppName + APPURL: YourAppURL + APPURLREGEX: YourAppURLRegex + APPFLAG: dev{flag} + APPLIMIT: 2 + APPLIMITTIME: 60 + ...snip... + ``` + +4. Deploy the template using Docker Compose: + ```sh + docker-compose up -d + ``` + ![Deploy with Docker](./assets/deploy-wdocker.png) + +5. Your `./src` will be hosted at http://localhost/, and the bot can be accessed + at http://localhost/report. Customize your XSS challenges and empower participants to master web security. diff --git a/assets/bothome.png b/assets/bothome.png new file mode 100644 index 0000000..9da5483 Binary files /dev/null and b/assets/bothome.png differ diff --git a/assets/deploy-wdocker.png b/assets/deploy-wdocker.png new file mode 100644 index 0000000..7826bbc Binary files /dev/null and b/assets/deploy-wdocker.png differ diff --git a/src/index.html b/src/index.html index 2c6c72c..2e7a5a6 100644 --- a/src/index.html +++ b/src/index.html @@ -10,6 +10,7 @@ +