Interactsh is an Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example – Blind SQLi, Blind CMDi, SSRF, etc.
Features
A hosted instance of the service with WEB UI is available at https://interact.projectdiscovery.io.
Note: As hosted version doesn’t store anything locally, restarting server for maintenance / unexpected server crash / updates will result into loss of previous data.
Installing Interactsh Client
Interactsh Client requires go1.15+ to install successfully. Run the following command to get the repo –
GO111MODULE=on go get -v github.com/projectdiscovery/interactsh/cmd/interactsh-client
Usage
interactsh-client -h
This will display help for the tool. Here are all the switches it supports.
Flag | Description | Example |
---|---|---|
n | Number of interactable URLs to generate (default 1) | interactsh-client -n 2 |
persistent | Enables persistent interactsh sessions | interactsh-client persistent |
poll-interval | Number of seconds between each poll request (default 5) | interactsh-client -poll-interval 1 |
url | URL of the interactsh server (default “hxxps://interact.sh”) | interactsh-client -url hxxps://example.com |
json | Show JSON output | interactsh-client -json |
o | Store interaction logs to file | interactsh-client -o logs.txt |
v | Show verbose interaction | interactsh-client -v |
Running Interactsh Client
This will generate single URL that can be used for interaction.
interactsh-client
() / /_ __ / // /_
/ / _ \/ / \/ / ‘/ / / / \
/ / / / / // / / / // / // /(_ ) / / /
/// //_/___// _,/__/__/// /_/ v0.0.1
projectdiscovery.io
[INF] Listing 1 URL for OOB Testing
[INF] c23b2la0kl1krjcrdj10cndmnioyyyyyn.interact.sh
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received DNS interaction (A) from 172.253.226.100 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received DNS interaction (AAAA) from 32.3.34.129 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received HTTP interaction from 43.22.22.50 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received DNS interaction (MX) from 43.3.192.3 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received DNS interaction (TXT) from 74.32.183.135 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received SMTP interaction from 32.85.166.50 at 2021-26-26 12:26
Sending Interaction to Discord,Slack,Telegram with Notify
interactsh-client | notify
Setting up self-hosted instance
https://dcc.godaddy.com/manage/{{domain}}/dns/hosts
> Advanced Features > Host names, add ns1
and ns2
as hostnames with the IP of your server.https://dns.godaddy.com/{{domain}}/nameservers
> Enter my own nameservers (advanced) > Add ns1.{{domain}}
and ns2.{{domain}}
as name servers.GO111MODULE=on go get -v github.com/projectdiscovery/interactsh/cmd/interactsh-server
interactsh-server -domain {{Domain}} -hostmaster admin@{{Domain}} -ip {{Server_IP}}
interactsh-server -domain example.com -hostmaster admin@example.com -ip XX.XX.XX.XX
Server setup should be completed with this, now client can be used to generate your own payloads.
GO111MODULE=on go get -v github.com/projectdiscovery/interactsh/cmd/interactsh-client
interactsh-client -url https://example.com
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…