first release

.gitignore

@@ -0,0 +1,4 @@
+chrome.json
+gochro
+*.exe
+build

.travis.yml

@@ -0,0 +1,6 @@
+language: go
+
+go:
+  - master
+
+script: go build ./...

Dockerfile

@@ -0,0 +1,26 @@
+FROM golang:latest AS build-env
+WORKDIR /src
+ENV GO111MODULE=on
+COPY go.mod /src/
+RUN go mod download
+COPY main.go .
+RUN CGO_ENABLED=0 GOOS=linux go build -a -o gochro -ldflags="-s -w" -gcflags="all=-trimpath=/src" -asmflags="all=-trimpath=/src"
+
+FROM alpine:latest
+
+RUN apk add --no-cache chromium \
+    && rm -rf /var/cache/*
+
+RUN mkdir -p /app \
+    && adduser -D chrome \
+    && chown -R chrome:chrome /app
+
+USER chrome
+WORKDIR /app
+
+ENV CHROME_BIN=/usr/bin/chromium-browser \
+    CHROME_PATH=/usr/lib/chromium/
+
+COPY --from=build-env /src/gochro .
+
+ENTRYPOINT [ "./gochro" ]

Makefile

@@ -0,0 +1,46 @@
+TARGET=./build
+ARCHS=amd64 386
+LDFLAGS="-s -w"
+GCFLAGS="all=-trimpath=$(shell pwd)"
+ASMFLAGS="all=-trimpath=$(shell pwd)"
+PROG=gochro
+
+.DEFAULT_GOAL := all
+
+all: clean windows linux darwin
+
+docker-update:
+	wget https://raw.githubusercontent.com/jessfraz/dotfiles/master/etc/docker/seccomp/chrome.json -O ./chrome.json
+	docker pull golang:latest
+	docker pull alpine:latest
+	docker build --tag ${PROG}:dev .
+
+docker-run: docker-update
+	docker run --rm -p 8000:8000 --security-opt seccomp=chrome.json ${PROG}:dev -host 0.0.0.0:8000
+
+docker-run-daemon: docker-update
+	docker run --rm -d -p 8000:8000 --security-opt seccomp=chrome.json ${PROG}:dev -host 0.0.0.0:8000
+
+windows:
+	@mkdir -p ${TARGET} ; \
+	for GOARCH in ${ARCHS}; do \
+		echo "Building for windows $${GOARCH} ..." ; \
+		GOOS=windows GOARCH=$${GOARCH} go build -ldflags=${LDFLAGS} -gcflags=${GCFLAGS} -asmflags=${ASMFLAGS} -o ${TARGET}/${PROG}-windows-$${GOARCH}.exe ; \
+	done;
+
+linux:
+	@mkdir -p ${TARGET} ; \
+	for GOARCH in ${ARCHS}; do \
+		echo "Building for linux $${GOARCH} ..." ; \
+		GOOS=linux GOARCH=$${GOARCH} go build -ldflags=${LDFLAGS} -gcflags=${GCFLAGS} -asmflags=${ASMFLAGS} -o ${TARGET}/${PROG}-linux-$${GOARCH} ; \
+	done;
+
+darwin:
+	@mkdir -p ${TARGET} ; \
+	for GOARCH in ${ARCHS}; do \
+		echo "Building for darwin $${GOARCH} ..." ; \
+		GOOS=darwin GOARCH=$${GOARCH} go build -ldflags=${LDFLAGS} -gcflags=${GCFLAGS} -asmflags=${ASMFLAGS} -o ${TARGET}/${PROG}-darwin-$${GOARCH} ; \
+	done;
+
+clean:
+	@rm -rf ${TARGET}/*

Readme.md

@@ -0,0 +1,80 @@
+# gochro
+
+goChro is a small docker image with chromium installed and a golang based webserver to interact wit it. It can be used to take screenshots of websites using chromium-headless and convert HTML pages to PDF.
+
+If errors occur the error will be logged to stdout and a non information leaking error message is presented to the user.
+
+This project is currently used on [https://wpscan.io](https://wpscan.io) for taking website screenshots and to generate PDF reports.
+
+## Screenshot
+
+This URL takes a Screenshot of [https://firefart.at](https://firefart.at) with a resolution of 1024x768 and returns an image.
+
+[http://localhost:8080/screenshot?url=https://firefart.at&w=1024&h=768](http://localhost:8080/screenshot?url=https://firefart.at&w=1024&h=768)
+
+## PDF
+
+Send a POST request with the HTML you want to convert in the Post body to the following url.
+
+[http://localhost:8080/html2pdf?w=1024&h=768](http://localhost:8080/html2pdf?w=1024&h=768)
+
+This will return a PDF of the HTML input.
+
+Example:
+
+```text
+POST /html2pdf?w=1024&h=768 HTTP/1.1
+Host: localhost:8000
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 119
+
+<html>
+<head><title>Test Page</title></head>
+<body>
+<h1>This is a test</h1>
+<p>This is a test</p>
+</body>
+</html>
+```
+
+## Run server
+
+To run this image you should use the [seccomp profile](https://github.com/jessfraz/dotfiles/blob/master/etc/docker/seccomp/chrome.json) provided by [Jess Frazelle](https://github.com/jessfraz). The privileges on the host are needed for chromiums internal security sandbox. You can also deactivate the sandbox on chromium (would require changes in `main.go`) but that's a bad idea and puts your server at risk, so please use the seccomp profile instead.
+
+I included all the necessary steps in the included Makefile to build and run everything
+
+### Only build the webserver for non docker use
+
+The following command builds the webserver for non docker use inside the `build` directory
+
+```bash
+make all
+```
+
+### Only build docker image
+
+To only build the docker image run
+
+```bash
+make docker-update
+```
+
+This will download the seccomp profile, all needed base images and builds the `gochro:dev` tagged image.
+
+### Run the image
+
+To run the image in interactive mode (docker output will be connected to current terminal) run
+
+```bash
+make docker-run
+```
+
+This will also build the image before running it. This maps the internal port 8000 to your machine.
+
+### Run the image in deamon mode
+
+To run it in deamon mode use the following command. This will launch everything in the background. Be aware that the webserver is rerun on startup of the machine if you don't shut down the container manually.
+
+```bash
+make docker-run-daemon
+```

go.mod

@@ -0,0 +1,3 @@
+module github.com/FireFart/gochro
+
+go 1.12.1