CTF-XSS-BOT

CTF-XSS-BOT is a flexible template designed for crafting Cross-Site Scripting (XSS) challenges in Capture The Flag (CTF) competitions. This project provides a foundation for effortlessly setting up an environment to host XSS challenges, while utilizing Puppeteer to simulate web browser behavior.

Features

Customize APP Name: Easily set a custom application name to match your challenge theme.
White List URL By Regex: Define a regex pattern to whitelist specific URLs for challenge interaction.
Rate Limiting: Prevent abuse with built-in rate limiting to control participant interactions.

Usage

Clone this repository:

git clone https://github.com/dimasma0305/CTF-XSS-BOT.git
cd CTF-XSS-BOT

Customize the source code of your challenge at ./src/*.

Configure the parameters in docker-compose.yaml:

...snip...
 environment:
     APPNAME: YourAppName
     APPURL: YourAppURL
     APPURLREGEX: YourAppURLRegex
     APPFLAG: dev{flag}
     APPLIMIT: 2
     APPLIMITTIME: 60
 ...snip...

Deploy the template using Docker Compose:
```
docker-compose up -d
```
Your ./src will be hosted at http://localhost/, and the bot can be accessed at http://localhost/report. Customize your XSS challenges and empower participants to master web security.

About

Craft engaging XSS challenges effortlessly with CTF-XSS-BOT. This template simplifies setting up an environment for Capture The Flag competitions. Simulate admin actions using Puppeteer and control interactions with rate limiting.

MIT License

Languages

Language:EJS 45.0%Language:JavaScript 41.0%Language:HTML 9.2%Language:Dockerfile 4.8%