POC for detecting the Log4Shell (Log4J RCE) vulnerability

Overview

Interactsh

An OOB interaction gathering server and client library

FeaturesUsageInteractsh ClientInteractsh ServerInteractsh IntegrationJoin Discord


Interactsh is an Open-Source Solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example - Blind SQLi, Blind CMDi, SSRF, etc.

Features

  • DNS/HTTP/HTTPS/SMTP Interaction support
  • NTLM/SMB Listener support (self-hosted)
  • Wildcard Interaction support (self-hosted)
  • CLI / Web / Burp / ZAP / Docker client support
  • AES encryption with zero logging
  • SELF Hosted Interactsh server support
  • Automatic ACME based Wildcard TLS w/ Auto Renewal
  • DNS Entries for Cloud Metadata service

Interactsh Client

Interactsh CLI Client

Interactsh Cli client requires go1.17+ to install successfully. Run the following command to get the repo -

go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest

Running Interactsh CLI Client

This will generate a unique payload that can be used for OOB testing with minimal interaction information in the ouput.

interactsh-client

    _       __                       __       __  
   (_)___  / /____  _________ ______/ /______/ /_ 
  / / __ \/ __/ _ \/ ___/ __ '/ ___/ __/ ___/ __ \
 / / / / / /_/  __/ /  / /_/ / /__/ /_(__  ) / / /
/_/_/ /_/\__/\___/_/   \__,_/\___/\__/____/_/ /_/ v0.0.5

        projectdiscovery.io

[INF] Listing 1 payload for OOB Testing
[INF] c23b2la0kl1krjcrdj10cndmnioyyyyyn.interact.sh

[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received DNS interaction (A) from 172.253.226.100 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received DNS interaction (AAAA) from 32.3.34.129 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received HTTP interaction from 43.22.22.50 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received DNS interaction (MX) from 43.3.192.3 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received DNS interaction (TXT) from 74.32.183.135 at 2021-26-26 12:26
[c23b2la0kl1krjcrdj10cndmnioyyyyyn] Received SMTP interaction from 32.85.166.50 at 2021-26-26 12:26

Running the Interactsh client in verbose mode (v) to see the whole request and response, along with an output file to analyze afterwards.

interactsh-client -v -o interactsh-logs.txt

    _       __                       __       __  
   (_)___  / /____  _________ ______/ /______/ /_ 
  / / __ \/ __/ _ \/ ___/ __ '/ ___/ __/ ___/ __ \
 / / / / / /_/  __/ /  / /_/ / /__/ /_(__  ) / / /
/_/_/ /_/\__/\___/_/   \__,_/\___/\__/____/_/ /_/ v0.0.5

    projectdiscovery.io

[INF] Listing 1 payload for OOB Testing
[INF] c58bduhe008dovpvhvugcfemp9yyyyyyn.interact.sh

[c58bduhe008dovpvhvugcfemp9yyyyyyn] Received HTTP interaction from 103.22.142.211 at 2021-09-26 18:08:07
------------
HTTP Request
------------

GET /favicon.ico HTTP/2.0
Host: c58bduhe008dovpvhvugcfemp9yyyyyyn.interact.sh
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-IN,en;q=0.9
Cookie: _ga=GA1.2.440163205.1619796009; _iub_cs-77854424=%7B%22timestamp%22%3A%222021-04-30T15%3A23%3A23.192Z%22%2C%22version%22%3A%221.30.2%22%2C%22consent%22%3Atrue%2C%22id%22%3A77854424%7D
Referer: https://c58bduhe008dovpvhvugcfemp9yyyyyyn.interact.sh/
Sec-Ch-Ua: "Google Chrome";v="93", " Not;A Brand";v="99", "Chromium";v="93"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "macOS"
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36



-------------
HTTP Response
-------------

HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=utf-8
Server: interact.sh

<html><head></head><body>nyyyyyy9pmefcguvhvpvod800ehudb85c</body></html>

Using the server flag, Interactsh client can be configured to connect with a self-hosted interactsh server.

interactsh-client -server hackwithautomation.com

Using the token flag, Interactsh client can connect to a self-hosted interactsh server that is protected with authentication.

interactsh-client -server hackwithautomation.com -token XXX

If you are away from your terminal, you may use notify to send a real-time interaction notification to any supported platform.

interactsh-client | notify

image

Usage

interactsh-client -h

This will display help for the tool. Here are all the switches it supports.

Flag Description Example
n Interactsh payload count to generate (default 1) interactsh-client -n 2
poll-interval Interaction poll interval in seconds (default 5) interactsh-client -poll-interval 1
server Interactsh server to use interactsh-client -server https://domain.com
dns-only Display only DNS interaction in CLI output interactsh-client -dns-only
http-only Display only HTTP interaction in CLI output interactsh-client -http-only
smtp-only Display only SMTP interaction in CLI output interactsh-client -smtp-only
json Write output in JSONL(ines) format interactsh-client -json
token Authentication token to connect interactsh server interactsh-client -token XXX
persist Enables persistent interactsh sessions interactsh-client -persist
o Output file to write interaction interactsh-client -o logs.txt
v Show verbose interaction interactsh-client -v

Interactsh Web Client

Interactsh-web is a free and open-source web client that displays Interactsh interactions in a well-managed dashboard in your browser. It uses the browser's local storage to store and display all incoming interactions. By default, the web client is configured to use - interachsh.com, a cloud-hosted interactsh server, and supports other self-hosted public/authencaited interactsh servers as well.

A hosted instance of interactsh-web client is available at https://app.interactsh.com

interactsh-web

Interactsh Docker Client

A Docker image is also provided with interactsh client that is ready to run and can be used in the following way:

docker run projectdiscovery/interactsh-client:latest
docker run projectdiscovery/interactsh-client:latest

    _       __                       __       __  
   (_)___  / /____  _________ ______/ /______/ /_ 
  / / __ \/ __/ _ \/ ___/ __ '/ ___/ __/ ___/ __ \
 / / / / / /_/  __/ /  / /_/ / /__/ /_(__  ) / / /
/_/_/ /_/\__/\___/_/   \__,_/\___/\__/____/_/ /_/ v0.0.5

        projectdiscovery.io

[INF] Listing 1 payload for OOB Testing
[INF] c59e3crp82ke7bcnedq0cfjqdpeyyyyyn.interact.sh

Burp Suite Extension

interactsh-collaborator is Burp Suite extension developed and maintained by @wdahlenb

  • Download latest JAR file from releases page.
  • Open Burp Suite → Extender → Add → Java → Select JAR file → Next
  • New tab named Interactsh will be appeared upon successful installation.
  • See the interactsh-collaborator project for more info.

burp

OWASP ZAP Add-On

Interactsh can be used with OWASP ZAP via the OAST add-on for ZAP. With ZAP's scripting capabilities, you can create powerful out-of-band scan rules that leverage Interactsh's features. A standalone script template has been provided as an example (it is added automatically when you install the add-on).

  • Install the OAST add-on from the ZAP Marketplace.
  • Go to Tools → Options → OAST and select Interactsh.
  • Configure the options for the client and click on "New Payload" to generate a new payload.
  • OOB interactions will appear in the OAST Tab and you can click on any of them to view the full request and response.
  • See the OAST add-on documentation for more info.

zap


Interactsh Server

Interactsh server runs multiple services and captures all the incoming requests. To host an instance of interactsh-server, you are required to have the follow requirements:

  1. Domain name with custom host names and nameservers.
  2. Basic VPS running 24/7 in the background.

We are using GoDaddy for domain name and DigitalOcean droplet for the server, a basic $5 droplet should be sufficient to run self-hosted Interactsh server. If you are not using GoDaddy, follow your registrar's process for creating / updating DNS entries.

Configuring Interactsh domain

  • Navigate to https://dcc.godaddy.com/manage/{{domain}}/dns
  • Advanced Features → Host names → Add → Submit ns1, ns2 with VPS IP as value
gdd-hostname
  • Navigate to https://dns.godaddy.com/{{domain}}/nameservers
  • I'll use my own nameservers → Submit ns1.{{domain}}, ns2.{{domain}}
gdd-ns

Configuring Interactsh server

Install interactsh-server on your remote VPS

go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-server@latest

Considering domain name setup is completed, run the below command to run interactsh server

interactsh-server -domain domain.com

Alternatively, you can utilize ready to run docker image of interactsh-server on your remote machine with

docker run projectdiscovery/interactsh-server:latest -domain domain.com

Following is an example of a successful installation and operation of a self-hosted server:

interactsh-server

A number of needed flags are configured automatically to run interactsh server with default settings. For example, the hostmaster flag with a valid email address such as [email protected] and the ip and listen-ip flags with the public IP address of the VPS.

A hosted instance of interactsh-server which is used as default with interactsh-client is available at https://interact.sh

Usage

interactsh-server -h

This will display help for the tool. Here are all the switches it supports.

Flag Description Example
auth Enable authentication to server using random generated token interactsh-server -auth
token Enable authentication to server using given token interactsh-server -token MY_TOKEN
domain Domain to use for interactsh server interactsh-server -domain domain.com
eviction Number of days to persist interactions for (default 30) interactsh-server -eviction 30
hostmaster Hostmaster email to use for interactsh server interactsh-server -hostmaster [email protected]
ip Public IP Address to use for interactsh server interactsh-server -ip XX.XX.XX.XX
listen-ip Public IP Address to listen on interactsh-server -listen-ip XX.XX.XX.XX
root-tld Enable wildcard/global interaction for *.domain.com interactsh-server -root-tld
origin-url Origin URL to send in ACAO Header interactsh-server -origin-url https://domain.com
responder Start a responder agent - docker must be installed interactsh-server -responder
smb Start a smb agent - impacket and python 3 must be installed interactsh-server -smb
debug Run interactsh in debug mode interactsh-server -debug

There are more useful capabilities supported by Interactsh server that are not enabled by default and are intended to be used only by self-hosted servers. These feature are not available with hosted server at https://interact.sh

root-tld flag enables wildcard (*.domain.com) interaction support with your self-hosted server and includes implicit authentication protection via the auth flag if the token flag is omitted.

interactsh-server -domain domain.com -root-tld

2021/09/28 12:18:24 Client Token: 4c17895a460123ea439abbad64e0e02c2c7be660464d75299f76e1a972ac4e56
2021/09/28 12:18:24 TLS certificates are not expiring, continue!
2021/09/28 12:18:24 Listening on DNS, SMTP and HTTP ports

Interactsh Integration

Nuclei - OOB Scan

Nuclei vulnerability scanner can also utilize Interactsh for automated payload generation and detection of Out of band based security vulnerabilities.

See Nuclei + Interactsh Integration blog and guide document for more info.

Cloud Metadata

Interactsh server supports DNS records for cloud metadata services, which is useful for testing SSRF-related vulnerabilities.

Currently supported metadata services:

Example:

aws.{interactsh-server} points to 169.254.169.254

aws.interact.sh points to 169.254.169.254

alibaba.{interactsh-server} points to 100.100.100.200

alibaba.interact.sh points to 100.100.100.200


Acknowledgement

Interactsh is inspired from Burp Collaborator.

License

Interactsh is distributed under MIT License and made with 🖤 by the projectdiscovery team.

Comments
  • Errors in TXT propagation during SSL certificate update/installation

    Errors in TXT propagation during SSL certificate update/installation

    The certificate update randomly fails due to delays/issues in the TXT record propagation containing the challenge:

    # ./interactsh-server -domain abcd.efg -ip xxx.xxx.xxx.xxx -listen-ip xxx.xxx.xxx.xxx
    2021/12/15 14:24:28 Creating new order for domains: [*.abcd.efg abcd.efg]
    2021/12/15 14:24:28 Order created: https://acme-v02.api.letsencrypt.org/acme/order/123456789/123456789
    2021/12/15 14:24:28 Fetching authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/123456789
    2021/12/15 14:24:28 Fetched authorization: abcd.efg
    2021/12/15 14:28:28 Updating challenge for authorization abcd.efg: https://acme-v02.api.letsencrypt.org/acme/chall-v3/123456789/123456789
    2021/12/15 14:28:59 An error occurred while applying for an certificate, error: could not generate new certs: error updating authorization abcd.efg challenge: acme: error code 400 "urn:ietf:params:acme:error:dns": During secondary validation: DNS problem: query timed out looking up TXT for _abcd.efg
    2021/12/15 14:28:59 Could not generate certs for auto TLS, https will be disabled
    2021/12/15 14:28:59 Listening on DNS, SMTP and HTTP ports
    
    
    $ dig abcd.efg txt # from another box
    
    ; <<>> DiG 9.16.1-Ubuntu <<>> hackwithautomation.com txt
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15605
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 65494
    ;; QUESTION SECTION:
    ;abcd.efg.		IN	TXT
    
    ;; ANSWER SECTION:
    abcd.efg.	0	IN	TXT	""
    
    ;; Query time: 8 msec
    ;; SERVER: 127.0.0.53#53(127.0.0.53)
    ;; WHEN: Wed Dec 15 13:32:01 UTC 2021
    ;; MSG SIZE  rcvd: 107
    
    Priority: High Status: Completed Type: Bug 
    opened by Mzack9999 15
  • Can't connect to my custom interactsh server

    Can't connect to my custom interactsh server

    Hi, Following the instructions I set up my own Interactsh server, however after starting it, I can't connect to it with the interactsh client.

    Server running : interactsh

    Attempt to connect with the client : interact2

    curl

    And I think my DNS configuration is good because if I run a custom DNS that I wrote in Ruby, it responds well to queries dns

    Regards

    Type: Bug 
    opened by JoshuaMart 11
  • Connection Refused connecting to private server

    Connection Refused connecting to private server

    Version: 0.0.7 Go version: 1.17.5 linux/amd64 Hello guys, the issue I'm having is trying to connect the client to my server. I execute the command: interactsh-client -server https://example.com

    The server returns:

    [FTL] Could not create client: could not make register request: POST https://example.com/register giving up after 6 attempts: Post "https://example.com/register": dial tcp server_ip
    :443: connect: connection refused
    

    I also tried http://example.com with the same response. And I also tried the web client with custom server pointing to example.com with no success.

    My server is running on an Oracle VM. My domain in registered on Namecheap. I configured it with custom nameservers (ns1 and ns2 both pointing to server_ip, which is the VM's IP). I am running BIND9 on it to act as nameserver. If I enable nginx on my VM I can access it using http://example.com. If I run nslookup ubuntu.com example.com from my Windows PC I get the correct response. I start my server with this command: interactsh-server -domain example.com

    The response I get leads me to believe it is running correctly:

    2021/12/26 21:06:20 Creating new order for domains: [*.example.com example.com]
    2021/12/26 21:06:21 Order created: https://acme-v02.api.letsencrypt.org/acme/orde                                                                                       r/337280xxx/5038xxxxxxx
    2021/12/26 21:06:21 Fetching authorization: https://acme-v02.api.letsencrypt.org/                                                                                       acme/authz-v3/6226815xxxx
    2021/12/26 21:06:21 Fetched authorization: example.com
    2021/12/26 21:06:31 Updating challenge for authorization example.com: https://acme-v02.api.letsencrypt.org/acme/chall-v3/6226815xxxx/Wnqorg
    2021/12/26 21:06:33 Listening on DNS, SMTP and HTTP ports
    

    I tried shutting down my firewall to see if it was interfering in some way with the command sudo iptables -F. I also made sure ports 53, 80 and 443 were open for TCP packets on the VM configuration.

    Even so, I am getting connection refused.

    Type: Question 
    opened by bluesm866 9
  • Not able to run Interachsh -server on Digital Ocean Droplet.

    Not able to run Interachsh -server on Digital Ocean Droplet.

    Hi team,

    I have created a DO Debain Droplet and installed a Floating IP added the configuration as said under the self hosted instance guide. Can anyone please help?

    Screenshot_2021-08-13_10-41-25

    opened by Shri1610 9
  • Adding ldap support

    Adding ldap support

    Example of ldap interaction:

    $ ldapsearch -LLL -H ldap://127.0.0.1:10389 -d 5 -o ldif-wrap=no -b "OU=testgroup,OU=Group,dc=example,dc=com" -D "test" -w "test" '(CN=testgroup)' cn
    

    interactsh-server:

    $ sudo go run . -ldap -debug -listen-ip 127.0.0.1 -ip 127.0.0.1
    2021/12/13 12:25:48 Client Token: xxxx
    2021/12/13 12:25:49 Listening on ports: DNS, SMTP, HTTP, LDAP
    [DBG] LDAP Interaction: 
    {"protocol":"ldap","unique-id":"","full-id":"","raw-request":"Listening on 127.0.0.1:10389\n","remote-address":"","timestamp":"2021-12-13T12:25:49.528108+01:00"}
    [DBG] Registered correlationID xxx for key
    [DBG] LDAP Interaction: 
    {"protocol":"ldap","unique-id":"","full-id":"","raw-request":"Connection client [1] from 127.0.0.1:60991 accepted","remote-address":"","timestamp":"2021-12-13T12:26:02.724619+01:00"}
    [DBG] LDAP Interaction: 
    {"protocol":"ldap","unique-id":"","full-id":"","raw-request":"\u003c\u003c\u003c 1 - BindRequest - hex=\u0026{303c0201016037020103042b7569643d7365617263682d757365722c6f753d50656f706c652c64633d6578616d706c652c64633d636f6d80057465737461}","remote-address":"","timestamp":"2021-12-13T12:26:02.725405+01:00"}
    [DBG] LDAP Interaction: 
    {"protocol":"ldap","unique-id":"","full-id":"","raw-request":"\u003e\u003e\u003e 1 - LDAPResult - hex=302f020101302a0a0135040004234f7065726174696f6e206e6f7420696d706c656d656e74656420627920736572766572","remote-address":"","timestamp":"2021-12-13T12:26:02.725526+01:00"}
    
    Status: Completed Type: Enhancement 
    opened by Mzack9999 9
  • Not able to run the interactsh-server

    Not able to run the interactsh-server

    When I run the command interactsh-server -domain mydomain.com -hostmaster [email protected] -ip [VPS IP]. The following output is given without any errors:

    2021/05/01 08:45:17 Creating new order for domains: [*.mydomain.com mydomain.com]
    2021/05/01 08:45:17 Order created: https://acme-v02.api.letsencrypt.org/acme/order/121967319/9409571122
    2021/05/01 08:45:17 Fetching authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12762297545
    2021/05/01 08:45:17 Fetched authorization: mydomain.com
    2021/05/01 08:45:27 Updating challenge for authorization mydomain.com: https://acme-v02.api.letsencrypt.org/acme/chall-v3/12762297545/FkqiUg
    

    But the server is not giving A records when queried. I already had a letsencrypt cert but even after I deleted the cert nothing changed the same output is given

    opened by HritikHS 7
  • Not able to run the interactsh-server

    Not able to run the interactsh-server

    We are trying to setup interactsh-server. But we are hitting this below error. We have already tried to setup this on ubuntu. Since Debian is recommended, we were trying there. But there also we are hitting the same issue.

    -03:/tmp/root# ./interactsh-server -d interactshserver.prancer.cloud
    
        _       __                       __       __
       (_)___  / /____  _________ ______/ /______/ /_
      / / __ \/ __/ _ \/ ___/ __ '/ ___/ __/ ___/ __ \
     / / / / / /_/  __/ /  / /_/ / /__/ /_(__  ) / / /
    /_/_/ /_/\__/\___/_/   \__,_/\___/\__/____/_/ /_/ 1.0.6
    
                    projectdiscovery.io
    
    [INF] Public IP: 137.135.78.15
    [INF] Outbound IP: 10.0.0.4
    [INF] Requesting SSL Certificate for:  [*.interactshserver.prancer.cloud, interactshserver.prancer.cloud]
    [ERR] An error occurred while applying for a certificate, error: [*.interactshserver.prancer.cloud] Obtain: [*.interactshserver.prancer.cloud] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/658683696/112438748756) (ca=https://acme-v02.api.letsencrypt.org/directory)
    [ERR] Could not generate certs for auto TLS, https will be disabled
    [INF] Listening with the following services:
    [LDAP] Listening on TCP 10.0.0.4:389
    [HTTPS] Listening on TCP 10.0.0.4:443
    [DNS] Listening on TCP 10.0.0.4:53
    [SMTPS] Listening on TCP 10.0.0.4:587
    [DNS] Listening on UDP 10.0.0.4:53
    [HTTP] Listening on TCP 10.0.0.4:80
    [SMTP] Listening on TCP 10.0.0.4:25
    [ERR] Could not serve http on tls: open : no such file or directory
    
    Priority: Medium Status: Completed Type: Bug Investigation 
    opened by raghumannn 6
  • Improve default socket listening behaviour

    Improve default socket listening behaviour

    This commit fixes three issues:

    • Previously if a "listen IP" wasn't specified the public IP looked up from a "what is my IP" API was used. In many cases cloud VMs do not have their "public" IP bound to an interface (such as Amazon EC2), causing startup to fail:

      $ ./interactsh-server -domain example.com
      [FTL] Could not listen for udp DNS on 203.0.113.42:53 (listen udp 203.0.113.42:53: bind: cannot assign requested address)
      

      This has been changed to bind to an appropriate wildcard address, which should work in almost all cases.

    • The default wildcard listen address has been changed to :<port number>, which will cause the socket to pick a suitable wildcard address depending on whether the machine is dual stack or IPv4-only. This further supports upcoming work to add IPv6 support.

    • IPv6 literals may now be passed to "-listen-ip" without needing to wrap them in [].

    opened by fincham 6
  • Nuclei spams AAAA requests to the Interact server

    Nuclei spams AAAA requests to the Interact server

    Hi, I'm using Nuclei, interact and notify to spot OOB requests, however the webhook is spamming me with this

    image

    Could a IP filter argument be added so they're not passed through into STDOUT?

    Type: Question 
    opened by 0x0luke 6
  • [Feature] Burp suite extension for interactsh client

    [Feature] Burp suite extension for interactsh client

    Maybe it is not very necessary, but if it would be something interesting, a client for burpsuite (community), it is necessary to take into account that it would be an extra maintenance, no wonder they reject the idea. but still I comment

    Status: Completed Type: Enhancement 
    opened by vay3t 6
  • Allow use of base domain (or custom sub-domain) for self-hosted servers

    Allow use of base domain (or custom sub-domain) for self-hosted servers

    Hello and thank you for this awesome tool, it will surely come in handy during our testing.

    The current behavior of interactsh is to create a randomized subdomain like c282n3l3djgbti5v595gcnenzdoyyyyyn.domain.tld, which is fine and all, however, we have a pretty nice 4 x 2 domain and we feel that smaller payloads are the best, so could you allow the use of the base domain and/or customized sub-domains for self-hosted servers in addition to the randomized subdomains?

    Edited to ask for customized sub-domains option as well. 👍🏻

    Status: Completed Type: Enhancement 
    opened by geeknik 6
  • chore(deps): bump goreleaser/goreleaser-action from 3 to 4

    chore(deps): bump goreleaser/goreleaser-action from 3 to 4

    Bumps goreleaser/goreleaser-action from 3 to 4.

    Release notes

    Sourced from goreleaser/goreleaser-action's releases.

    v4.0.0

    What's Changed

    Full Changelog: https://github.com/goreleaser/goreleaser-action/compare/v3...v4.0.0

    v3.2.0

    What's Changed

    • chore: remove workaround for setOutput by @​crazy-max (#374)
    • chore(deps): bump @​actions/core from 1.9.1 to 1.10.0 (#372)
    • chore(deps): bump yargs from 17.5.1 to 17.6.0 (#373)

    Full Changelog: https://github.com/goreleaser/goreleaser-action/compare/v3.1.0...v3.2.0

    v3.1.0

    What's Changed

    • fix: dist resolution from config file by @​crazy-max (#369)
    • ci: fix workflow by @​crazy-max (#357)
    • docs: bump actions to latest major by @​crazy-max (#356)
    • chore(deps): bump crazy-max/ghaction-import-gpg from 4 to 5 (#360)
    • chore(deps): bump ghaction-import-gpg to v5 (#359)
    • chore(deps): bump @​actions/core from 1.6.0 to 1.8.2 (#358)
    • chore(deps): bump @​actions/core from 1.8.2 to 1.9.1 (#367)

    Full Changelog: https://github.com/goreleaser/goreleaser-action/compare/v3.0.0...v3.1.0

    Commits
    • 8f67e59 chore: regenerate
    • 78df308 chore(deps): bump minimatch from 3.0.4 to 3.1.2 (#383)
    • 66134d9 Merge remote-tracking branch 'origin/master' into flarco/master
    • 3c08cfd chore(deps): bump yargs from 17.6.0 to 17.6.2
    • 5dc579b docs: add example when using workdir along with upload-artifact (#366)
    • 3b7d1ba feat!: remove auto-snapshot on dirty tag (#382)
    • 23e0ed5 fix: do not override GORELEASER_CURRENT_TAG (#370)
    • 1315dab update build
    • b60ea88 improve install
    • 4d25ab4 Update goreleaser.ts
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Type: Maintenance 
    opened by dependabot[bot] 0
  • Support for infinite eviction on self-hosted interactsh-server

    Support for infinite eviction on self-hosted interactsh-server

    Please describe your feature request:

    README.md for interactsh-server says:

    -e, -eviction int       number of days to persist interaction data in memory (default 30)
    

    There should be a way to specify an infinite eviction (i.e. disable the purging of sessions and interaction data)

    Describe the use case of this feature:

    Someone with a self-hosted interactsh-server may want to do very long-running polling of a session. For example:

    • Day 0 - create an interactsh session and do a very long poll against it using interactsh-client, e.g. piped to notify
    • Day 1 - use the session to generate canary hostnames. Use those hostnames e.g. in a blind time-delayed SSRF or blind XSS scenario
    • Day 100 - have the hostname be accessed by a victim, receive notification of this event

    With the default eviction of 30 days, my understanding is that the long-running interactsh-client started on day 0 will silently stop receiving events after 30 days. The interactsh-client will stay connected and will keep polling, will not get any errors, but will not receive events.

    Alternative solution:

    A user of interactsh-server can do -e 999999 to get an essentially infinite eviction time :) but this is not very clean

    Risks

    There might be an accidental or malicious DoS risk to an interactsh-server that is configured to never evict sessions

    See also

    Discussion re: this issue at https://discord.com/channels/695645237418131507/837760016822829147/1050207078393856020

    Type: Enhancement 
    opened by justinsteven 1
  • please support multiple public ip ipAddress #417 2022-12-07

    please support multiple public ip ipAddress #417 2022-12-07

    support multiple public ip ipAddress #417 Now, based on the development of interactsh, it already supports the analysis of multiple Internet ip

    $ dig A www.sina.com.cn
    
    ;; ANSWER SECTION:
    www.sina.com.cn.	28	IN	CNAME	spool.grid.sinaedge.com.
    spool.grid.sinaedge.com. 45	IN	CNAME	ww1.sinaimg.cn.w.alikunlun.com.
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	36.170.92.241
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	36.170.19.242
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	183.223.15.219
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	183.223.15.223
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	183.223.15.221
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	183.223.15.218
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	183.223.15.222
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	183.223.15.225
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	36.170.19.238
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	36.170.19.244
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	36.170.19.243
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	36.170.19.240
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	36.170.19.241
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	36.170.92.236
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	36.170.92.240
    ww1.sinaimg.cn.w.alikunlun.com.	28 IN	A	36.170.92.237
    
    opened by hktalent 0
  • No SMTP interaction received if local part of email contains @ symbol

    No SMTP interaction received if local part of email contains @ symbol

    SMTP server does not record interaction if email contains @ symbol in local part of email, e.g., "foo@bar"@example.com.

    Interactsh version: 1.0.7

    Current Behavior:

    After sending email to "a@b"@ce3pf0s9952p8p7a93ggm3pm3um4hxpe3.oast.pro

    {"protocol":"dns","unique-id":"ce3pf0s9952p8p7a93ggm3pm3um4hxpe3",
    "full-id":"ce3pf0s9952p8p7a93ggm3pm3um4hxpe3","q-type":"MX",...}
    

    Expected Behavior:

    Expect to also receive SMTP interaction.

    Steps To Reproduce:

    Example: steps to reproduce the behavior:

    1. Run 'interactsh ...'
    2. Send email to "a@b"@[interactsh-domain]
    3. Observe DNS interaction but no SMTP interaction
    Status: Completed Type: Bug 
    opened by hjalti 0
  • panic: certificate worker: runtime error: invalid memory address or nil pointer dereference

    panic: certificate worker: runtime error: invalid memory address or nil pointer dereference

    Interactsh version:

    main / dev

    Current Behavior:

    2022/11/24 09:10:38 panic: certificate worker: runtime error: invalid memory address or nil pointer dereference
    goroutine 121 [running]:
    github.com/caddyserver/certmagic.(*jobManager).worker.func1()
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/async.go:58 +0x65
    panic({0xb05b20, 0x159a890})
            /snap/go/9991/src/runtime/panic.go:838 +0x207
    github.com/caddyserver/certmagic.(*Config).renewCert.func2({0x11add98, 0xc0006942d0})
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/config.go:821 +0xc14
    github.com/caddyserver/certmagic.doWithRetry({0x11add28, 0xc0001a4048}, 0x0, 0xc0008d3b60)
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/async.go:106 +0x1cb
    github.com/caddyserver/certmagic.(*Config).renewCert(0xc0001ce370, {0x11add28, 0xc0001a4048}, {0xc0000361e2, 0xb}, 0x0, 0x0)
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/config.go:860 +0x58b
    github.com/caddyserver/certmagic.(*Config).RenewCertAsync(...)
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/config.go:690
    github.com/caddyserver/certmagic.(*Config).manageOne.func2()
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/config.go:394 +0x20c
    github.com/caddyserver/certmagic.(*jobManager).worker(0x159dba0)
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/async.go:73 +0x112
    created by github.com/caddyserver/certmagic.(*jobManager).Submit
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/async.go:50 +0x28a
    2022/11/24 09:10:40 panic: certificate worker: runtime error: invalid memory address or nil pointer dereference
    goroutine 82 [running]:
    github.com/caddyserver/certmagic.(*jobManager).worker.func1()
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/async.go:58 +0x65
    panic({0xb05b20, 0x159a890})
            /snap/go/9991/src/runtime/panic.go:838 +0x207
    github.com/caddyserver/certmagic.(*Config).renewCert.func2({0x11add98, 0xc000598630})
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/config.go:821 +0xc14
    github.com/caddyserver/certmagic.doWithRetry({0x11add28, 0xc0001a4048}, 0x0, 0xc00082bb60)
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/async.go:106 +0x1cb
    github.com/caddyserver/certmagic.(*Config).renewCert(0xc0001ce370, {0x11add28, 0xc0001a4048}, {0xc0000361e0, 0xd}, 0x0, 0x0)
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/config.go:860 +0x58b
    github.com/caddyserver/certmagic.(*Config).RenewCertAsync(...)
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/config.go:690
    github.com/caddyserver/certmagic.(*Config).manageOne.func2()
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/config.go:394 +0x20c
    github.com/caddyserver/certmagic.(*jobManager).worker(0x159dba0)
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/async.go:73 +0x112
    created by github.com/caddyserver/certmagic.(*jobManager).Submit
            /root/go/pkg/mod/github.com/caddyserver/[email protected]/async.go:50 +0x28a
    2022/11/24 09:10:42 [ERROR] Keeping lock file fresh: open /root/.local/share/certmagic/locks/issue_cert_wildcard_.interact.sh.lock: too many open files - terminating lock maintenance (lockfile: /root/.local/share/certmagic/locks/issue_cert_wildcard_.interact.sh.lock)
    2022/11/24 09:10:42 [ERROR] Keeping lock file fresh: open /root/.local/share/certmagic/locks/issue_cert_interact.sh.lock: too many open files - terminating lock maintenance (lockfile: /root/.local/share/certmagic/locks/issue_cert_interact.sh.lock)
    

    Expected Behavior:

    no panic

    Priority: Medium Status: Abandoned Type: Bug 
    opened by ehsandeep 1
Releases(v1.0.7)
Owner
ProjectDiscovery
Security Through Intelligent Automation
ProjectDiscovery
Log4j rce test environment and poc

log4jpwn log4j rce test environment See: https://www.lunasec.io/docs/blog/log4j-zero-day/ Experiments to trigger in various software products mentione

Leon Jacobs 307 Dec 24, 2022
An automated header extensive scanner for detecting log4j RCE CVE-2021-44228

log4j An automated header extensive scanner for detecting log4j RCE CVE-2021-44228 Usage $ python3 log4j.py -l urls.txt --dns-log REPLACE_THIS.dnslog.

null 2 Dec 16, 2021
open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability

CVE-2021-44228-log4jVulnScanner-metasploit open detection and scanning tool for discovering and fuzzing for Log4J RCE CVE-2021-44228 vulnerability pre

Taroballz 7 Nov 9, 2022
Log4j exploit catcher, detect Log4Shell exploits and try to get payloads.

log4j_catcher Log4j exploit catcher, detect Log4Shell exploits and try to get payloads. This is a basic python server that listen on a port and logs i

EntropyQueen 17 Dec 20, 2021
A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

log4j-poc An LDAP RCE exploit for CVE-2021-44228 Log4Shell Description This demo Tomcat 8 server has a vulnerable app deployed on it and is also vulne

null 60 Dec 10, 2022
Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Log4Shell RCE Exploit fully independent exploit does not require any 3rd party binaries. The exploit spraying the payload to all possible logged HTTP

null 258 Jan 2, 2023
A small Minecraft server to help players detect vulnerability to the Log4Shell exploit 🐚

log4check A small Minecraft server to help players detect vulnerability to the Log4Shell exploit ?? Tested to work between Minecraft versions 1.12.2 a

Evan J. Markowitz 4 Dec 23, 2021
A honeypot for the Log4Shell vulnerability (CVE-2021-44228)

Log4Pot A honeypot for the Log4Shell vulnerability (CVE-2021-44228). License: GPLv3.0 Features Listen on various ports for Log4Shell exploitation. Det

Thomas Patzke 79 Dec 27, 2022
An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.

Log4JHunt An automated, reliable scanner for the Log4Shell CVE-2021-44228 vulnerability. Video demo: Usage Here the help usage: $ python3 log4jhunt.py

RedHunt Labs 39 Nov 21, 2022
A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

CVE-2021-44228 – Log4j RCE Unauthenticated About This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228). This vulnerability

Pedro Havay 20 Nov 11, 2022
BurpSuite Extension: Log4j RCE Scanner

BurpSuite Extension: Log4j RCE Scanner

null 1 Dec 16, 2021
A scanner and a proof of sample exploit for log4j RCE CVE-2021-44228

1.Create a Sample Vulnerable Application . 2.Start a netcat listner . 3.Run the exploit . 5.Use jdk1.8.0_20 for better results . Exploit-db - https://

Isuru Umayanga 7 Aug 6, 2022
ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

ProxyShell Install git clone https://github.com/ktecv2000/ProxyShell cd ProxyShell virtualenv -p $(which python3) venv source venv/bin/activate pip3 i

Poming huang 312 Dec 9, 2022
POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL Pre-Auth RCE Injection Vulneralibity.

CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V

antx 9 Aug 31, 2022
PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM <= 8.0.1

CVE-2021-45897 PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM <= 8.0.1 This vulnerability was repor

Manuel Zametter 17 Nov 9, 2022
Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228

log4j-honeypot-flask Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228 This can be

Binary Defense 144 Nov 19, 2022
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Víctor García 187 Jan 3, 2023
Script checks provided domains for log4j vulnerability

log4j Script checks provided domains for log4j vulnerability. A token is created with canarytokens.org and passed as header at request for a single do

Matthias Nehls 2 Dec 12, 2021
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Wade 1 Dec 15, 2021