A web application for data exfiltration in secure internet enabled environments.
- 🌐 Cloudflare Tunnel: Optional integration for secure remote access that may bypass web proxies
- 🐳 Docker Ready: Single container deployment with cloudflared included
- 🗂️ File Management: Upload, download, move, organize files and folders
- 📋 Clipboard Support: Paste text and images directly from clipboard
- 🔍 Search & Sort: Search files by name, sort by name/date/size/type
- 📦 Bulk Operations: Download multiple files as ZIP, bulk move and delete
- 🎨 Dark/Light Theme: Toggle between themes with persistent preference
Host slipstream locally and have it only accessible via your local network or add a Cloudflared key to serve it remotely.
- Requires Node.js: Version 14 or higher
# Clone the repository
git clone https://github.com/MrTurvey/slipstream.git
cd slipstream
# Install dependencies
npm install
#Configure environment (edit .env file)
Set AUTH_PASS=secure_password
Set SESSION_SECRET=secure_string
DISABLE_AUTH=true #when using something better than Basic Auth e.g cloudflare access
CLOUDFLARE_TUNNEL_TOKEN= #see below section on how to get a key
# Linux/macOS start script
chmod +x start.sh
./start.sh
# Windows start script
start.bat# Security Configuration
AUTH_USER=admin # Username (default: admin)
AUTH_PASS=changeme123 # Password (CHANGE REQUIRED)
DISABLE_AUTH=false # Set to 'true' to disable basic auth if you're using something better
SESSION_SECRET=generate_random # Session encryption key
# File Upload Configuration
MAX_FILE_SIZE=104857600 # Max file size in bytes (100MB)
# Server Configuration
PORT=3000 # Server port
NODE_ENV=production # Environment mode
# Cloudflare Tunnel (optional)
CLOUDFLARE_TUNNEL_TOKEN= # Your Cloudflare tunnel token, see below section on how to get a key
# HTTPS Configuration (optional)
HTTPS=false # Enable HTTPS
SSL_KEY= # Path to SSL private key
SSL_CERT= # Path to SSL certificateImportant: Docker environment variables take precedence over .env file values.
Host slipstream via Docker and have it accessible via your Docker network or add a Cloudflared key to serve it remotely.
- Requires Docker: for building and hosting
# Clone
git clone https://github.com/MrTurvey/slipstream.git
cd slipstream
# Build container
docker build -t slipstream .
# Run with environment variables
docker run -d \
-p 3000:3000 \
-e AUTH_PASS=your_secure_password \
-e SESSION_SECRET=your_random_secret \
-v $(pwd)/uploads:/app/uploads \
--name slipstream \
slipstream# Run with Cloudflare Tunnel token
docker run -d \
-p 3000:3000 \
-e AUTH_PASS=your_secure_password \
-e SESSION_SECRET=your_random_secret \
-e CLOUDFLARE_TUNNEL_TOKEN=your_tunnel_token \
-v $(pwd)/uploads:/app/uploads \
--name slipstream \
slipstream docker run -d \
-p 3000:3000 \
-e AUTH_USER=myuser \
-e AUTH_PASS=secure_password \
-e DISABLE_AUTH=false \
-e SESSION_SECRET=random_secret \
-e MAX_FILE_SIZE=209715200 \
-e CLOUDFLARE_TUNNEL_TOKEN=your_token \
-v $(pwd)/uploads:/app/uploads \
--name slipstream \
slipstream
A cloudflared binary is required to be downloaded and renamed to cloudflared.exe or cloudflared, platform dependant.
Binaries are included in the repo, but they may be outdated.
You will also need a Cloudflare account and to setup Cloudflared (This is free)
-
Setup Cloudflare Account & Team:
- Go to https://one.dash.cloudflare.com and setup a team name
- Navigate to Networks > Tunnels > Create a Tunnel
- Select Cloudflared
- Enter a tunnel name (e.g slipstream), click Save tunnel
-
Get Tunnel Token:
- Copy the tunnel token (starts with "eyJhIjo....")
- DO NOT run the installation command - Slipstream handles this automatically
-
Configure Public Hostname:
- Set public hostname (requires a domain active in your Cloudflare account)
- Service Type: HTTP
- URL: localhost:3000 (or your configured PORT)
- Save the tunnel configuration
-
Access Methods:
- Local: http://localhost:3000
- Via Cloudflared Tunnel: https://example.com (as configured in Cloudflare)
- Via Cloudflared Team URL <team_name>.cloudflareaccess.com (requires CF app launcher setup)
- When
CLOUDFLARE_TUNNEL_TOKENis set in .env, the start scripts Cloudflared automatically:- Check if
cloudflaredis installed and accessible - Start the tunnel in background pointing to your local server
- Continue starting the main application
- Check if
- No manual tunnel management needed - it's fully integrated
# Windows - Download cloudflared-windows-amd64.exe from:
https://github.com/cloudflare/cloudflared/releases
Rename cloudflared.exe and add to your PATH or add to the project directory
# Linux/macOS - Download cloudflared-linux-386 from:
https://github.com/cloudflare/cloudflared/releases
Rename cloudflared and add to your PATH or add to the project directory
Make sure to make it executable: chmod +x cloudflared- "AUTH_PASS not set": Edit .env file and set AUTH_PASS to a secure password
- "Session secret required": Set SESSION_SECRET in .env to a random string
- Upload fails: Check file size restrictions in .env (MAX_FILE_SIZE)
- Permission denied: Ensure upload directory has correct permissions
- Paste not working: Check browser clipboard permissions
- App not loading fully via cloudflare URL: Go to your CF domain settings and disable/lower caching rules
# Native deployment
./start.sh # Logs shown in terminal
# Docker deployment
docker logs slipstreamWith Cloudflared
- Local: http://localhost:3000
- Via Cloudflared Tunnel: https://example.com (as configured in Cloudflare)
- Via Cloudflared Team URL <team_name>.cloudflareaccess.com (requires CF app launcher setup)
Without Cloudflared
- Local: http://localhost:3000
- Local Network http://Local_IP:3000