Interactsh cheatsheet

Add stream section to Nginx configuration file /etc/nginx/nginx.conf:

stream {
        # smtp
        server {
                listen 25;
                proxy_pass localhost:10025;
        }

        # dns
        server {
                listen 53;
                proxy_pass localhost:10053;
        }
        server {
                listen 53 udp;
                proxy_pass localhost:10053;
        }

        #ldap
        server {
                listen 389;
                proxy_pass localhost:10389;
        }

        #smtps
        server {
                listen 587;
                proxy_pass localhost:10587;
        }
}

Nginx site configuration, for example: /etc/nginx/sites-available/interactsh:

# http
server {
        listen 80;
        server_name interact.example.com ~^(.*)\.interact.example\.com$;

        location / {
                proxy_pass http://localhost:10080/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }        

}

server {
        listen 443 ssl;
        server_name interact.example.com ~^(.*)\.interact.example\.com$;

        ssl_certificate /path/to/certfile.crt;
        ssl_certificate_key /path/to/keyfile.key;

        location / {
                proxy_pass https://localhost:10443/;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
        }        
      
}

Interactsh configuration file:

# single/multiple configured domain to use for server
domain: [<YOUR-DOMAIN>]

# public ip address to use for interactsh server
ip: <YOUR-VPS-PUBLIC-IP-ADDRESS>

# public ip address to listen on
listen-ip: 127.0.0.1

# enable authentication to server using given token
token: <YOUR-AUTH-TOKEN>

# http header containing origin ip (interactsh behind a reverse proxy)
origin-ip-header: X-Real-Ip

# custom index file for http server
http-index: /var/www/interactsh/index.html

# directory with files to serve with http server
http-directory: /var/www/interactsh/

# disable automatic interactsh-server update check
disable-update-check: true

# port to use for dns service
dns-port: 10053

# port to use for http service
http-port: 10080

# port to use for https service
https-port: 10443

# port to use for smtp service
smtp-port: 10025

# port to use for smtps service
smtps-port: 10587

# port to use for smtps autotls service
smtp-autotls-port: 10465

# port to use for ldap service
ldap-port: 10389

# enable ldap server with full logging (authenticated)
ldap: false

# enable wildcard interaction for interactsh domain (authenticated)
wildcard: false

# start smb agent - impacket and python 3 must be installed (authenticated)
smb: false

# start responder agent - docker must be installed (authenticated)
responder: false

# start ftp agent (authenticated)
ftp: false

# show version of the project
version: false

# display verbose interaction
verbose: true

Connect to private Interactsh server

interactsh-client -t <TOKEN> -s <SERVER-ADDRESS>

Connect to public Interactsh server

interactsh-client

Filters

• -dns-only - display only dns interactions
• -http-only - display only http interactions
• -smtp-only - display only smtp interactions

Options

• -pi - poll interval in seconds, default 5
• -o file - output file to write interaction data
• -json - write output in JSONL
• -v - display verbose interaction data

---

Updates

Disable update checks

interactsh-client -duc

Update client

interactsh-client -up