Interactsh is an Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example – Blind SQLi, Blind CMDi, SSRF, etc.
Features
A hosted instance of the service with WEB UI is available at https://interact.projectdiscovery.io.
Note: As hosted version doesn’t store anything locally, restarting server for maintenance / unexpected server crash / updates will result into loss of previous data.
Installing Interactsh Client
Interactsh Client requires go1.15+ to install successfully. Run the following command to get the repo –
GO111MODULE=on go get -v github.com/projectdiscovery/interactsh/cmd/interactsh-client
Usage
interactsh-client -h
This will display help for the tool. Here are all the switches it supports.
Flag | Description | Example |
---|---|---|
n | Number of interactable URLs to generate (default 1) | interactsh-client -n 2 |
persistent | Enables persistent interactsh sessions | interactsh-client persistent |
poll-interval | Number of seconds between each poll request (default 5) | interactsh-client -poll-interval 1 |
url | URL of the interactsh server (default “hxxps://interact.sh”) | interactsh-client -url hxxps://example.com |
json | Show JSON output | interactsh-client -json |
o | Store interaction logs to file | interactsh-client -o logs.txt |
v | Show verbose interaction | interactsh-client -v |
Running Interactsh Client
This will generate single URL that can be used for interaction.
interactsh-client
() / /_ __ / // /_
/ / _ \/ / \/ / ‘/ / / / \
/ / / / / // / / / // / // /(_ ) / / /
/// //_/___// _,/__/__/// /_/ v0.0.1
projectdiscovery.io
[INF] Listing 1 URL for OOB Testing
[INF] c23b2la0kl1krjcrdj10cndmnioyyyyyn.interact.sh
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received DNS interaction (A) from 172.253.226.100 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received DNS interaction (AAAA) from 32.3.34.129 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received HTTP interaction from 43.22.22.50 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received DNS interaction (MX) from 43.3.192.3 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received DNS interaction (TXT) from 74.32.183.135 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received SMTP interaction from 32.85.166.50 at 2021-26-26 12:26
Sending Interaction to Discord,Slack,Telegram with Notify
interactsh-client | notify
Setting up self-hosted instance
https://dcc.godaddy.com/manage/{{domain}}/dns/hosts
> Advanced Features > Host names, add ns1
and ns2
as hostnames with the IP of your server.https://dns.godaddy.com/{{domain}}/nameservers
> Enter my own nameservers (advanced) > Add ns1.{{domain}}
and ns2.{{domain}}
as name servers.GO111MODULE=on go get -v github.com/projectdiscovery/interactsh/cmd/interactsh-server
interactsh-server -domain {{Domain}} -hostmaster admin@{{Domain}} -ip {{Server_IP}}
interactsh-server -domain example.com -hostmaster admin@example.com -ip XX.XX.XX.XX
Server setup should be completed with this, now client can be used to generate your own payloads.
GO111MODULE=on go get -v github.com/projectdiscovery/interactsh/cmd/interactsh-client
interactsh-client -url https://example.com
This repository contains tools created by yogSahare0 while learning Python 3 for ethical hacking and penetration testing.…
"NetSecChallenger" provides a suite of automated tools designed for security professionals and network administrators to…
The essential tool for cybersecurity enthusiasts! This guide provides a detailed walkthrough on how to…
Meet "Poodone," the ultimate Python script designed for cybersecurity enthusiasts and professionals alike. Packed with…
The Linux version is no longer supported! The last Linux version is 6.0 that you…
Jin is a hacking command-line tools designed to make your scan port, gathering urls, check…