EN
ENNA

Interactsh

MIT

๐Ÿ•ธ Web Scanning ยท Go

Interactsh is an open-source tool from ProjectDiscovery for detecting out-of-band (OOB) interactions - the callbacks that prove blind vulnerabilities like SSRF, blind XSS, blind SQLi, and log4shell are exploitable. It provides unique callback URLs for DNS, HTTP, SMTP, FTP, and LDAP protocols, and records any interactions that hit those URLs. When testing for blind vulnerabilities, you inject an Interactsh URL as a payload and wait for the target to make a callback, proving the vulnerability exists even when there's no direct response. Interactsh can be self-hosted for privacy or used via the public server at interact.sh. It integrates directly with Nuclei, httpx, and other ProjectDiscovery tools, and provides a web dashboard, CLI client, and API for monitoring interactions in real-time.

4.3kstars
451forks
14issues
Updated 8d ago
View on GitHubOfficial WebsiteDocumentation

Installation

Go

$ go install github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest

brew (macOS)

$ brew install interactsh

Docker

$ docker pull projectdiscovery/interactsh && docker run projectdiscovery/interactsh-server

Use Cases

  • Detecting blind SSRF by injecting callback URLs and monitoring for DNS/HTTP hits
  • Confirming log4shell and JNDI injection vulnerabilities via LDAP callbacks
  • Proving blind XSS execution through out-of-band HTTP interactions
  • Integrating with Nuclei templates for automated OOB vulnerability detection
  • Self-hosting a private interaction server for sensitive penetration tests

Tags

oobblind-vulncallbackssrfdnsprojectdiscoveryappsecbugbountygolanghacktoberfesthttpldapoastsecuritysmtp

Details

Category
๐Ÿ•ธ Web Scanning
Language
Go
License
MIT
Platforms
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Links

GitHub Repository

github.com/projectdiscovery/interactsh

Official Website

app.interactsh.com

Documentation

docs.projectdiscovery.io/tools/interactsh/overview

Releases

github.com/projectdiscovery/interactsh/releases

Issues

github.com/projectdiscovery/interactsh/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Alternatives & Comparisons

httpx

Go

Fast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.

Compare Interactsh vs httpx

Nuclei

Go

Fast vulnerability scanner driven by YAML templates. Thousands of community-contributed detection templates.

Compare Interactsh vs Nuclei

More in Web Scanning

httpx

Go

Fast multi-purpose HTTP toolkit. Probes for running HTTP servers with retries and fallbacks.

http-probetech-detectionprojectdiscovery

Nikto

Perl

Classic web server scanner. Tests for dangerous files, outdated server software, and version-specific problems.

web-serverclassiccgi-scan

Gobuster

Go

Directory/file, DNS, and vhost busting tool. Brute-forces URIs, DNS subdomains, virtual host names, and S3 buckets.

directory-brutedns-brutevhost

Feroxbuster

Rust

Fast, recursive content discovery tool written in Rust. Like gobuster on steroids with auto-recursion.

directory-bruterecursiverust

Burp Suite Community

Java

Web vulnerability scanner and proxy. Intercept, modify, and replay HTTP/S traffic for web app testing.

proxyweb-appinterceptor

ffuf

Go

Fast web fuzzer written in Go. Fuzz anything - URLs, headers, POST data - with blazing speed.

fuzzingdirectory-brutefast