This weekend I was supposed to be studying for PNPT (it’s a fun course!) but I got sidetracked when I learned about XSS hunter from a bug hunter methodology training video by Jason Haddix. I saw that XSS Hunter’s website is deprecated and you have to self host it. I tried it and got annoyed by how much tasks I had to do to create a server and give it a subdomain using the web interface, so I decided to write a script to automate it.

I created thosting a simple script that just does what I want. It:

  • Allows me to create cloud VMs (using DigitalOcean) and immediately give it a subdomain (using Porkbun)
  • Optionally allows me to immediately configure the VM with a playbook, and I created one for XSS Hunter so I can easily deploy it

That’s basically it! It’s also the first time I worked with Ansible, so it was fun way to learn.

Now I can write: thosting make xss xsshunter and I will automatically create a subdomain called xss which points to a VM configured with XSS Hunter.

Check it out on Github