Interactsh

Interactsh manages detecting and analyzing out-of-band (OOB) interactions, a common issue in web application security testing and vulnerability assessment. This tool is designed to capture and log interactions that occur outside the normal request-response cycle of a web application, such as DNS lookups, HTTP requests, and other network communications.

Technically, Interactsh operates by providing a configurable server that can be used to monitor these OOB interactions. The architecture involves setting up a server with a unique domain name, which can be either cloud-hosted or self-hosted. Clients can then be configured to send interaction data to this server. The interactions are logged and can be visualized using the Interactsh-web dashboard, which stores and displays the data in the browser's local storage.

Key operational considerations include configuring DNS entries for the interactsh domain and optionally setting up authentication tokens for protected servers. Self-hosted instances can be customized using environment variables such as REACT_APP_HOST, REACT_APP_TOKEN, and correlation ID lengths, allowing for flexible deployment scenarios. However, there are limitations, such as the need for proper DNS configuration and potential performance impacts if not scaled correctly.

From a technical standpoint, Interactsh uses Go for its backend and supports deployment via Docker, making it easy to set up and run both locally and in production environments. The web client is built using React and can be customized and extended as needed. This approach ensures that the tool is highly adaptable to various testing and security assessment scenarios.