Skip to content

Configuring the interactsh server

The Interactsh server is required for modules that use out‑of‑band interaction for vulnerability verification (see the “Finding issues” page for more information on modules).

This guide is intended for deploying the Interactsh server on a machine running Debian or Astra Linux. Deployment is optional. If no custom server is provided, the internal one is used.

Important

All commands in this guide are run by a user with the administrator role.

Domain configuration

Adding a DNS record via the DNS administration interface

  1. Navigate to the DNS management section.
  2. Add ns1 and ns2 as hosts. For each corresponding value, enter the server IP address.

Делегирование домена

Note

The terminology on your domain registrar's site may vary from what is described in these instructions.

  1. Log in to your account on the domain registrar's website.
  2. Go to the “DNS Management” tab.
  3. Select “Use custom nameservers”.
  4. Add the ns1.INTERACTSH_DOMAIN и ns2.INTERACTSH_DOMAIN nameservers.

Deployment

  1. If the /etc/systemd/resolved.conf file exists, add the following to it for correct DNS resolution (otherwise, skip this step):

    [Resolve]
    DNSStubListener=no
    

    To apply the changes, restart the systemd-resolved service.

    systemctl restart systemd-resolved
    
  2. Install the Interactsh server from the archive suitable for your OS to the /usr/local/bin/ directory and grant execute permissions.

    chmod +x /usr/local/bin/interactsh-server
    
  3. Add the ability to run the server as a systemd service in the /etc/systemd/system/interactsh.service configuration.

    [Unit]
    After=network.target
    Description=Interactsh server
    
    [Service]
    ExecStart=/usr/bin/local/interactsh-server -domain $DOMAIN -ip $IP -token $TOKEN
    
    [Install]
    WantedBy=multi-user.target
    
  4. Ensure that the ports listed in the table below are open in the firewall settings.

  5. Start the server.

    systemctl enable --now interactsh
    

Allowed ports

The following ports must be open in the firewall settings for the scanner to operate correctly.

Protocol Port Purpose
TCP 53 DNS
80 HTTP
443 HTTPS
25 SMTP
587 SMTPS
465 SMTPS AutoTLS
389 LDAP
445 SMB
21 FTP
990 FTPS
UDP 53 DNS

Logging

Logs can be viewed via the journalctl service.

journalctl -u interactsh