Interactsh is an open-source tool for detecting out-of-band (OOB) vulnerabilities that may not be detected with conventional tools or methods. By generating dynamic URLs, which when requested by the target, trigger a callback that can be used to identify a vulnerability. Check out our blog introducing Interactsh and view the repo here.

Features

  • DNS/HTTP(S)/SMTP(S)/LDAP Interaction
  • CLI / Web / Burp / ZAP / Docker client
  • AES encryption with zero logging
  • Automatic ACME based Wildcard TLS w/ Auto Renewal
  • DNS Entries for Cloud Metadata service
  • Dynamic HTTP Response control
  • Self-Hosted Interactsh Server
  • Multiple domain support (self-hosted)
  • NTLM/SMB/FTP/RESPONDER Listener (self-hosted)
  • Wildcard / Protected Interactions (self-hosted)
  • Customizable Index / File hosting (self-hosted)
  • Customizable Payload Length (self-hosted)
  • Custom SSL Certificate (self-hosted)

Support

Questions about using Interactsh? Issues working through installation? Cool story or use case you want to share? Get in touch! Check out the Help section of the docs or reach out to us on Discord.