ACK-J · February 13, 2025 14:36
diff --git a/install_xss_canary_callback_server.sh b/install_xss_canary_callback_server.sh
 #!/bin/bash
 # Automated setup script for XSS Canary Callback server

 # Define color variables
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m' # No Color

 # Print header banner without [+] in the logo
 echo -e "${BLUE}"
 echo "=============================================="
 echo "       XSS Canary Callback Server Setup      "
 echo "=============================================="
 echo -e "${NC}"

 # Ensure script is run as root
 if [[ $EUID -ne 0 ]]; then
  echo -e "${RED}[!] This script must be run as root. Try: sudo $0${NC}"
  exit 1
 fi

 # Check for proper arguments: <callback_domain> <email>
 if [ "$#" -ne 2 ]; then
  echo -e "${YELLOW}[+] Usage: $0 <callback_domain> <email>${NC}"
  exit 1
 fi

 # Prompt user to confirm running on a dedicated server
 read -p "Are you running this script on a dedicated server? (y/n): " response
 if [[ "$response" != "y" && "$response" != "Y" ]]; then
  echo -e "${RED}[!] Please run this script on a dedicated server. Exiting...${NC}"
  exit 1
 fi

 CALLBACK_DOMAIN="$1"
 EMAIL="$2"

 echo -e "${GREEN}[+] Creating /var/www if it doesn't exist...${NC}"
 mkdir -p /var/www

 echo -e "${GREEN}[+] Updating package lists and installing dependencies...${NC}"
 apt-get update && apt-get install -y certbot git authbind openssl python3-pip python3-venv

 # Define repository path
 REPO_DIR="/var/www/XSS-Canary-Callback"

 # Clone the repository if it doesn't already exist
 if [ ! -d "$REPO_DIR" ]; then
  echo -e "${GREEN}[+] Cloning the repository...${NC}"
  cd /var/www || exit
  git clone https://github.com/ACK-J/XSS-Canary-Callback.git
  chown -R www-data:www-data XSS-Canary-Callback
 else
  echo -e "${YELLOW}[+] Repository already exists at ${REPO_DIR}; skipping clone.${NC}"
 fi

 # Create the virtual environment inside the repository directory
 VENV_DIR="${REPO_DIR}/venv"
 echo -e "${GREEN}[+] Setting up Python virtual environment in ${VENV_DIR}...${NC}"
 if [ ! -d "$VENV_DIR" ]; then
    python3 -m venv "$VENV_DIR"
 fi

 echo -e "${GREEN}[+] Activating virtual environment and installing Python dependencies...${NC}"
 source "$VENV_DIR/bin/activate"
 pip install --upgrade pip
 pip install -r "$REPO_DIR/requirements.txt"
 deactivate

 echo -e "${GREEN}[+] Obtaining SSL certificate for ${CALLBACK_DOMAIN}...${NC}"
 # Post-hook: adjust ownership and permissions on certificate archive files and live symlinks,
 # and ensure directories are traversable.
 certbot certonly --standalone --agree-tos --non-interactive --no-eff-email \
  --email "$EMAIL" --preferred-challenges http -d "$CALLBACK_DOMAIN" \
  --post-hook="chown -R root:www-data /etc/letsencrypt/ && chmod -R 750 /etc/letsencrypt/"

 echo -e "${GREEN}[+] Generating secure dashboard password...${NC}"
 DASHBOARD_PASSWORD=$(openssl rand -base64 32)
 # Make the dashboard password output more prominent
 echo -e "${YELLOW}"
 echo "=============================================="
 echo "   DASHBOARD PASSWORD: ${DASHBOARD_PASSWORD}"
 echo "=============================================="
 echo -e "${NC}"
 echo -e "${YELLOW}[+] Make sure to store this password in a password manager!${NC}"

 # Granting any user access to bind to ports 80 and 443
 echo -e "${GREEN}[+] Configuring authbind for ports 80 and 443...${NC}"
 touch /etc/authbind/byport/80
 touch /etc/authbind/byport/443
 chown root:www-data /etc/authbind/byport/80
 chown root:www-data /etc/authbind/byport/443
 chmod 770 /etc/authbind/byport/80
 chmod 770 /etc/authbind/byport/443

 GUNICORN="${VENV_DIR}/bin/gunicorn"

 echo -e "${GREEN}[+] Creating systemd service file...${NC}"
 cat > /etc/systemd/system/xsscanary.service <<EOF
 [Unit]
 Description=XSS Canary Gunicorn Service
 After=network.target

 [Service]
 User=www-data
 Group=www-data
 WorkingDirectory=${REPO_DIR}
 Environment="DASHBOARD_PASSWORD=${DASHBOARD_PASSWORD}"
 ExecStart=authbind --deep ${GUNICORN} --bind 0.0.0.0:443 \\
  --certfile=/etc/letsencrypt/live/${CALLBACK_DOMAIN}/fullchain.pem \\
  --keyfile=/etc/letsencrypt/live/${CALLBACK_DOMAIN}/privkey.pem \\
  --workers 4 \\
  app:app
 Restart=always

 [Install]
 WantedBy=multi-user.target
 EOF

 echo -e "${GREEN}[+] Reloading systemd daemon...${NC}"
 systemctl daemon-reload

 echo -e "${GREEN}[+] Enabling and starting xsscanary service...${NC}"
 systemctl stop xsscanary.service
 systemctl enable xsscanary.service
 systemctl start xsscanary.service

 echo
 echo -e "${BLUE}[+] Setup complete. To check the service status, run:${NC}"
 echo -e "${BLUE}[+]   sudo systemctl status xsscanary.service${NC}"
 echo -e "${BLUE}[+]   sudo journalctl -u xsscanary.service -xe${NC}"
 echo
 echo -e "${GREEN}[+] You should now be able to access https://${CALLBACK_DOMAIN}/ in your browser.${NC}"
	#!/bin/bash
	# Automated setup script for XSS Canary Callback server

	# Define color variables
	RED='\033[0;31m'
	GREEN='\033[0;32m'
	YELLOW='\033[1;33m'
	BLUE='\033[0;34m'
	NC='\033[0m' # No Color

	# Print header banner without [+] in the logo
	echo -e "${BLUE}"
	echo "=============================================="
	echo " XSS Canary Callback Server Setup "
	echo "=============================================="
	echo -e "${NC}"

	# Ensure script is run as root
	if [[ $EUID -ne 0 ]]; then
	echo -e "${RED}[!] This script must be run as root. Try: sudo $0${NC}"
	exit 1
	fi

	# Check for proper arguments: <callback_domain> <email>
	if [ "$#" -ne 2 ]; then
	echo -e "${YELLOW}[+] Usage: $0 <callback_domain> <email>${NC}"
	exit 1
	fi

	# Prompt user to confirm running on a dedicated server
	read -p "Are you running this script on a dedicated server? (y/n): " response
	if [[ "$response" != "y" && "$response" != "Y" ]]; then
	echo -e "${RED}[!] Please run this script on a dedicated server. Exiting...${NC}"
	exit 1
	fi

	CALLBACK_DOMAIN="$1"
	EMAIL="$2"

	echo -e "${GREEN}[+] Creating /var/www if it doesn't exist...${NC}"
	mkdir -p /var/www

	echo -e "${GREEN}[+] Updating package lists and installing dependencies...${NC}"
	apt-get update && apt-get install -y certbot git authbind openssl python3-pip python3-venv

	# Define repository path
	REPO_DIR="/var/www/XSS-Canary-Callback"

	# Clone the repository if it doesn't already exist
	if [ ! -d "$REPO_DIR" ]; then
	echo -e "${GREEN}[+] Cloning the repository...${NC}"
	cd /var/www \|\| exit
	git clone https://github.com/ACK-J/XSS-Canary-Callback.git
	chown -R www-data:www-data XSS-Canary-Callback
	else
	echo -e "${YELLOW}[+] Repository already exists at ${REPO_DIR}; skipping clone.${NC}"
	fi

	# Create the virtual environment inside the repository directory
	VENV_DIR="${REPO_DIR}/venv"
	echo -e "${GREEN}[+] Setting up Python virtual environment in ${VENV_DIR}...${NC}"
	if [ ! -d "$VENV_DIR" ]; then
	python3 -m venv "$VENV_DIR"
	fi

	echo -e "${GREEN}[+] Activating virtual environment and installing Python dependencies...${NC}"
	source "$VENV_DIR/bin/activate"
	pip install --upgrade pip
	pip install -r "$REPO_DIR/requirements.txt"
	deactivate

	echo -e "${GREEN}[+] Obtaining SSL certificate for ${CALLBACK_DOMAIN}...${NC}"
	# Post-hook: adjust ownership and permissions on certificate archive files and live symlinks,
	# and ensure directories are traversable.
	certbot certonly --standalone --agree-tos --non-interactive --no-eff-email \
	--email "$EMAIL" --preferred-challenges http -d "$CALLBACK_DOMAIN" \
	--post-hook="chown -R root:www-data /etc/letsencrypt/ && chmod -R 750 /etc/letsencrypt/"

	echo -e "${GREEN}[+] Generating secure dashboard password...${NC}"
	DASHBOARD_PASSWORD=$(openssl rand -base64 32)
	# Make the dashboard password output more prominent
	echo -e "${YELLOW}"
	echo "=============================================="
	echo " DASHBOARD PASSWORD: ${DASHBOARD_PASSWORD}"
	echo "=============================================="
	echo -e "${NC}"
	echo -e "${YELLOW}[+] Make sure to store this password in a password manager!${NC}"

	# Granting any user access to bind to ports 80 and 443
	echo -e "${GREEN}[+] Configuring authbind for ports 80 and 443...${NC}"
	touch /etc/authbind/byport/80
	touch /etc/authbind/byport/443
	chown root:www-data /etc/authbind/byport/80
	chown root:www-data /etc/authbind/byport/443
	chmod 770 /etc/authbind/byport/80
	chmod 770 /etc/authbind/byport/443

	GUNICORN="${VENV_DIR}/bin/gunicorn"

	echo -e "${GREEN}[+] Creating systemd service file...${NC}"
	cat > /etc/systemd/system/xsscanary.service <<EOF
	[Unit]
	Description=XSS Canary Gunicorn Service
	After=network.target

	[Service]
	User=www-data
	Group=www-data
	WorkingDirectory=${REPO_DIR}
	Environment="DASHBOARD_PASSWORD=${DASHBOARD_PASSWORD}"
	ExecStart=authbind --deep ${GUNICORN} --bind 0.0.0.0:443 \\
	--certfile=/etc/letsencrypt/live/${CALLBACK_DOMAIN}/fullchain.pem \\
	--keyfile=/etc/letsencrypt/live/${CALLBACK_DOMAIN}/privkey.pem \\
	--workers 4 \\
	app:app
	Restart=always

	[Install]
	WantedBy=multi-user.target
	EOF

	echo -e "${GREEN}[+] Reloading systemd daemon...${NC}"
	systemctl daemon-reload

	echo -e "${GREEN}[+] Enabling and starting xsscanary service...${NC}"
	systemctl stop xsscanary.service
	systemctl enable xsscanary.service
	systemctl start xsscanary.service

	echo
	echo -e "${BLUE}[+] Setup complete. To check the service status, run:${NC}"
	echo -e "${BLUE}[+] sudo systemctl status xsscanary.service${NC}"
	echo -e "${BLUE}[+] sudo journalctl -u xsscanary.service -xe${NC}"
	echo
	echo -e "${GREEN}[+] You should now be able to access https://${CALLBACK_DOMAIN}/ in your browser.${NC}"