Added telegram and teams notifier

saintbarber · Dec 11, 2022 · a676a7b · a676a7b
1 parent a0b02ba
commit a676a7b
Show file tree

Hide file tree

Showing 6 changed files with 145 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -19,6 +19,8 @@ COPY server.js /app/
 COPY probe.js /app/
 COPY constants.js /app/
 COPY notification.js /app/
+COPY telegram_notifier.js /app/
+COPY teams_notifier.js /app/
 COPY database.js /app/
 COPY api.js /app/
 COPY app.js /app/

diff --git a/app.js b/app.js
@@ -16,6 +16,12 @@ const api = require('./api.js');
 const validate = require('express-jsonschema').validate;
 const constants = require('./constants.js');
 
+// Initiate telegram
+const telegram_notifier = require('./telegram_notifier.js');
+// Initiate teams
+const teams_notifier = require('./teams_notifier.js');
+
+
 function set_secure_headers(req, res) {
 	res.set("X-XSS-Protection", "mode=block");
 	res.set("X-Content-Type-Options", "nosniff");
@@ -77,6 +83,12 @@ async function get_app_server() {
     	next();
     });
 
+	// Set Telegram Webhook path with path set in env
+	if(process.env.TELEGRAM_BOT_NOTIFICATIONS_ENABLED === "true"){
+		app.use(telegram_notifier.bot.webhookCallback(process.env.WEBHOOK_PATH));
+		console.log("Setup web hook path");
+	}
+
     // Handler for HTML pages collected by payloads
     const CollectedPagesCallbackSchema = {
     	"type": "object",
@@ -238,6 +250,20 @@ async function get_app_server() {
 			payload_fire_data.screenshot_url = `https://${process.env.HOSTNAME}/screenshots/${payload_fire_data.screenshot_id}.png`;
 			await notification.send_email_notification(payload_fire_data);
 		}
+		// Send Telegram Notifictaion
+		if(process.env.TELEGRAM_BOT_NOTIFICATIONS_ENABLED === "true"){
+			payload_fire_data.screenshot_url = `https://${process.env.HOSTNAME}/screenshots/${payload_fire_data.screenshot_id}.png`;
+			await telegram_notifier.send_telegram_notification(payload_fire_data);
+			// telegram_notifier.bot.telegram.sendMessage(chat.id,'XSS Fired');
+		}
+
+		if(process.env.TEAMS_NOTIFICATIONS_ENABLED === "true"){
+			payload_fire_data.screenshot_url = `https://${process.env.HOSTNAME}/screenshots/${payload_fire_data.screenshot_id}.png`;
+			await teams_notifier.send_teams_notification(payload_fire_data);
+			// telegram_notifier.bot.telegram.sendMessage(chat.id,'XSS Fired');
+		}
+
+
 	});
 
 	app.get('/screenshots/:screenshotFilename', async (req, res) => {

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -41,6 +41,14 @@ services:
       - DATABASE_PASSWORD=xsshunterexpress
       - DATABASE_HOST=postgresdb
       - NODE_ENV=production
+      # Added by sAINT_barber - Telegram Bot notification
+      - TELEGRAM_BOT_NOTIFICATIONS_ENABLED=true
+      - BOT_TOKEN=BOT-TOKEN-HERE
+      - WEBHOOK_PATH=/keep-this-a-secret-eee4882fb4d # Make sure this starts with '/'
+      # Added by sAINT_barber - Teams Notification
+      - TEAMS_NOTIFICATIONS_ENABLED=true
+      - TEAMS_WEBHHOK_URI=https://webhook-uri-goes-here
+
     ports:
       - "80:80"
       - "443:443"

diff --git a/package.json b/package.json
@@ -21,13 +21,15 @@
     "keygrip": "^1.1.0",
     "memorystore": "^1.6.6",
     "moment": "^2.29.1",
+    "ms-teams-webhook": "^1.0.4",
     "multer": "^1.4.2",
     "mustache": "^4.1.0",
     "nodemailer": "^6.5.0",
     "pg": "^8.5.1",
     "safe-compare": "^1.1.4",
     "sequelize": "^6.5.0",
     "serve-favicon": "^2.5.0",
+    "telegraf": "^4.10.0",
     "uuid": "^8.3.2",
     "vue-moment": "^4.1.0"
   }

diff --git a/teams_notifier.js b/teams_notifier.js
@@ -0,0 +1,61 @@
+const { IncomingWebhook } = require('ms-teams-webhook');
+const url = process.env.TEAMS_WEBHHOK_URI
+const webhook = new IncomingWebhook(url);
+
+async function send_teams_notification(xss_payload_fire_data){
+
+    const date = new Date(xss_payload_fire_data.browser_timestamp);
+
+    const card = {
+        "@type": "MessageCard",
+        "@context": "https://schema.org/extensions",
+        "summary": "XSS Payload Fired",
+        "themeColor": "d70048",
+        "title": `XSS Payload Fired - ${xss_payload_fire_data.id}`,
+        "potentialAction":[
+            {
+                "@type": "OpenUri",
+                "name": "View Screenshot",
+                "targets": [
+                    {
+                        "os": "default",
+                        "uri": xss_payload_fire_data.screenshot_url
+                    }
+                ]
+            }
+        ],
+        "sections": [{
+            "text": date.getHours() + ":" + date.getMinutes() + " - "+ date.toDateString(),
+            "facts": [
+                {
+                    "name": "URL",
+                    "value": xss_payload_fire_data.url
+                },
+                {
+                    "name": "IP Address",
+                    "value": xss_payload_fire_data.ip_address
+                },
+                {
+                    "name": "Cookies",
+                    "value": xss_payload_fire_data.cookies ? xss_payload_fire_data.cookies : "null"
+                },
+                {
+                    "name": "Origin",
+                    "value": xss_payload_fire_data.origin ? xss_payload_fire_data.origin : "null"
+                },
+                {
+                    "name": "User-Agent",
+                    "value": xss_payload_fire_data.user_agent ? xss_payload_fire_data.user_agent : "null"
+                },
+                {
+                    "name": "Referer",
+                    "value": xss_payload_fire_data.referer ? xss_payload_fire_data.referer : "null"
+                }
+            ]
+        }]
+    }
+    const message = JSON.stringify(card);
+    webhook.send(message);
+}
+
+module.exports.send_teams_notification = send_teams_notification;
diff --git a/telegram_notifier.js b/telegram_notifier.js
@@ -0,0 +1,46 @@
+const { Telegraf } = require('telegraf');
+const bot = new Telegraf(process.env.BOT_TOKEN);
+
+help_msg = `Welcome to the XSS Hunter Telegram notifier.
+Here is a list of the available commands:
+* /start  - Initializes server chat id to send XSS fires.
+* /frappe - Orders a Frappe
+* /help   - This help page`
+
+start_msg = `XSS Bot has been initialized successfuly
+Any XSS payloads fired will now be sent here, please use the /help command for more info`
+
+if(process.env.TELEGRAM_BOT_NOTIFICATIONS_ENABLED === "true"){
+
+    bot.telegram.setWebhook(process.env.HOSTNAME+process.env.WEBHOOK_PATH);
+    // Start bot 
+    console.log("Setting up bot commands")
+    bot.start((ctx) => {ctx.reply(start_msg); global.chat = ctx.chat;})
+    bot.help((ctx) => ctx.reply(help_msg));
+
+    bot.command('frappe',(ctx) => ctx.reply("Έφτασεεεεν … Ρούφα τζαι έρκετε!"));
+
+    console.log("Bot Launched Successfully");    
+    console.log("Use /start command to initialize Bot");    
+
+}
+
+async function send_telegram_notification(xss_payload_fire_data){
+
+    xss_msg = `
+XSS Fired:
+url: ${xss_payload_fire_data.url}
+ip_address: ${xss_payload_fire_data.ip_address}
+`
+    try{
+        bot.telegram.sendMessage(chat.id, xss_msg );
+        bot.telegram.sendPhoto(chat.id, xss_payload_fire_data.screenshot_url );
+    }
+    catch (e){
+        console.log("XSS Fired, but failed to send telegram message");
+        console.log("Make sure to initiate telegram bot with /start");
+    }
+}
+
+module.exports.bot = bot;
+module.exports.send_telegram_notification = send_telegram_notification;