I have enabled Slack notifications in my standalone XSS Hunter installation that I’ve finally debugged out of complete uselessness earlier today.

Thanks to @igorblum who has, besides pushing me to try out XSS Hunter in the first place, pointed my attention to the lack of timeliness of notifications in XSS Hunter’s default notifications delivery method: emails sent via MailGun. In addition to abovementioned delays, MailGun has established the procedure of “Business Verification” of all accounts and domains you register. Which is in fact quite convenient, but requires service desk manual interaction anyway.

Igor’s initial idea was to push notifications to Telegram channel, which is quite cool. However, after reading his instructions on accomplishing this task, I felt that it’s a little bit too much for me for the rest of the day. So I made a quick and dirty hack: created a bot in my ‘personal’ Slack team and made it push notifications to #general channel.

Now, every time an XSS is fired in XSS Hunter, I get something like this:


You can do it to using this short cheat sheet I’ve published on GitHub.

Update: I have added the option of sending direct messages instead of posting to a channel. This gives you cleaner channels and a nice bot logo in messages. Enjoy!

Stay safe.