Merge pull request #546 from projectdiscovery/dev

interactsh v1.1.3

.github/docker/client/Dockerfile

@@ -1,13 +1,13 @@
 # Base
-FROM golang:1.20.2-alpine AS builder
+FROM golang:1.20.3-alpine AS builder
 RUN apk add --no-cache git build-base gcc musl-dev
 WORKDIR /app
 COPY . /app
 RUN go mod download
 RUN go build ./cmd/interactsh-client
 
 # Release
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 RUN apk -U upgrade --no-cache \
  && apk add --no-cache bind-tools ca-certificates
 COPY --from=builder /app/interactsh-client /usr/local/bin/

.github/docker/server/Dockerfile

@@ -1,5 +1,5 @@
 # Base
-FROM golang:1.20.2-alpine AS builder
+FROM golang:1.20.3-alpine AS builder
 RUN apk add --no-cache git build-base gcc musl-dev
 WORKDIR /app
 COPY . /app
@@ -8,7 +8,7 @@ RUN go build ./cmd/interactsh-server
 
 
 # Release
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 RUN apk -U upgrade --no-cache \
  && apk add --no-cache bind-tools ca-certificates python3 libffi curl \
  && apk add --no-cache --virtual .build-deps python3-dev py3-pip py3-wheel libffi-dev build-base \

.github/workflows/deploy.yml

@@ -16,7 +16,7 @@ jobs:
  - uses: actions/checkout@v3
 
  - name: Setup Python
- uses: actions/setup-python@v2
+ uses: actions/setup-python@v4
  with:
  python-version: 3.9
 
@@ -36,8 +36,8 @@ jobs:
 
  - name: run playbook
  env:
- GRAFANA_CLOUD: ${{ secrets.GRAFANA_CLOUD }}
  ANSIBLE_FORCE_COLOR: '1'
  run: |
+ ansible all -m ping
  ansible-playbook deploy.yaml --tags deploy --extra-vars "container_tag=${{ inputs.tags }}"
  working-directory: ./deploy

README.md

@@ -332,6 +332,8 @@ CONFIG:
  -hd, -http-directory string directory with files to serve with http server
  -ds, -disk disk based storage
  -dsp, -disk-path string disk storage path
+ -csh, -server-header string custom value of Server header in response
+ -dv, -disable-version disable publishing interactsh version in response header
 
 UPDATE:
  -up, -update update interactsh-server to latest version
@@ -466,8 +468,8 @@ interactsh-server -d oast.pro,oast.me
 
 While running interactsh server on **Cloud VM**'s like Amazon EC2, Goolge Cloud Platform (GCP), it is required to update the security rules to allow **"all traffic"** for inbound connections.
 
-</table>
 </td>
+</table>
 
 There are more useful capabilities supported by `interactsh-server` that are not enabled by default and are intended to be used only by **self-hosted** servers.
 

cmd/interactsh-client/main.go

@@ -94,7 +94,7 @@ func main() {
  }
 
  if !cliOptions.DisableUpdateCheck {
- latestVersion, err := updateutils.GetVersionCheckCallback("interactsh-client")()
+ latestVersion, err := updateutils.GetToolVersionCallback("interactsh-client", options.Version)()
  if err != nil {
  if cliOptions.Verbose {
  gologger.Error().Msgf("interactsh version check failed: %v", err.Error())

cmd/interactsh-server/main.go

@@ -68,6 +68,8 @@ func main() {
  flagSet.StringVarP(&cliOptions.HTTPDirectory, "http-directory", "hd", "", "directory with files to serve with http server"),
  flagSet.BoolVarP(&cliOptions.DiskStorage, "disk", "ds", false, "disk based storage"),
  flagSet.StringVarP(&cliOptions.DiskStoragePath, "disk-path", "dsp", "", "disk storage path"),
+ flagSet.StringVarP(&cliOptions.HeaderServer, "server-header", "csh", "", "custom value of Server header in response"),
+ flagSet.BoolVarP(&cliOptions.NoVersionHeader, "disable-version", "dv", false, "disable publishing interactsh version in response header"),
  )
 
  flagSet.CreateGroup("update", "Update",
@@ -118,7 +120,7 @@ func main() {
  }
 
  if !cliOptions.DisableUpdateCheck {
- latestVersion, err := updateutils.GetVersionCheckCallback("interactsh-client")()
+ latestVersion, err := updateutils.GetToolVersionCallback("interactsh-server", options.Version)()
  if err != nil {
  if cliOptions.Verbose {
  gologger.Error().Msgf("interactsh version check failed: %v", err.Error())

deploy/README.md

@@ -13,19 +13,24 @@ installation_distros.html) on your local machine
 - It will do the following things
  - Install required system packages
  - Install docker
- - Copy the promtail config file to the remote server
- - Start the promtail container
  - Start the interactsh container 
 
 ### Deploy
-- export GRAFANA_CLOUD endpoint for promtail to send logs to
 - Open deploy.yaml and change the parameters in the `vars` section to match your environment/requirments.
 - Run `ansible-playbook deploy.yaml` to deploy the application.
 - You can also run `ansible-playbook deploy.yaml --extra-vars "container_tag=v1.1.2"` to pass the variables from the command line.
+ eg:
+ ```bash
+ ansible-playbook deploy.yaml --extra-vars "container_tag=v1.1.2"
+ ```
 
-eg:
-```bash
-export GRAFANA_CLOUD="https://logs-prod-us-central1.grafana.net"
-ansible-playbook deploy.yaml --extra-vars "container_tag=v1.1.2"
-```
-
+### Add Grafana agent
+- To add grafana agent to collect node metrics and logs on you project
+ Open grafan_agent.yaml update the variables as per your project and run following command
+ ```
+ export GRAFANA_CLOUD=****
+ export PROM_URL=****
+ export PROM_PASS==****
+ export PROM_USERNAME==****
+ ansible-playbook grafana_agent.yaml
+ ```

deploy/agent.yaml.j2

@@ -0,0 +1,55 @@
+metrics:
+ wal_directory: /tmp/agent
+ global:
+ scrape_interval: 30s
+ external_labels: 
+ env: "{{ env_name }}"
+ remote_write:
+ - url: {{ prometheus_cloud_url }}
+ basic_auth:
+ password: {{ prometheus_cloud_password | trim }} 
+ username: {{ prometheus_cloud_username }}
+
+logs:
+ positions_directory: /tmp/positions/
+ configs:
+ - name: "{{ domain_name }}"
+ clients:
+ - url: {{ grafana_cloud_url }}
+ external_labels: {"server_name" : "{{ domain_name }}"}
+ scrape_configs:
+ - job_name: flog_scrape 
+ docker_sd_configs:
+ - host: unix:///var/run/docker.sock
+ refresh_interval: 5s
+ filters:
+ - name: name
+ values: ["{{ container_name }}"] 
+ relabel_configs:
+ - source_labels: ['__meta_docker_container_name']
+ regex: '/(.*)'
+ target_label: 'container'
+ replacement: "{{ domain_name }}"
+
+integrations:
+ node_exporter:
+ enabled: true
+ instance: "{{ domain_name }}"
+ rootfs_path: /rootfs
+ sysfs_path: /sys
+ procfs_path: /host/proc
+ metric_relabel_configs:
+ - source_labels: [__name__]
+ regex: '(node_arp_entries|node_context_switches_total|node_cooling_device_cur_state|node_cooling_device_max_state|node_cpu_guest_seconds_total|node_cpu_seconds_total|node_disk_discards_completed_total|node_disk_discards_merged_total|node_disk_discard_time_seconds_total|node_disk_io_now|node_disk_io_time_seconds_total|node_disk_io_time_weighted_seconds_total|node_disk_read_bytes_total|node_disk_reads_completed_total|node_disk_reads_merged_total|node_disk_read_time_seconds_total|node_disk_writes_completed_total|node_disk_writes_merged_total|node_disk_write_time_seconds_total|node_disk_written_bytes_total|node_entropy_available_bits|node_filefd_allocated|node_filefd_maximum|node_filesystem_avail_bytes|node_filesystem_device_error|node_filesystem_files|node_filesystem_files_free|node_filesystem_free_bytes|node_filesystem_readonly|node_filesystem_size_bytes|node_forks_total|node_hwmon_temp_celsius|node_hwmon_temp_crit_alarm_celsius|node_hwmon_temp_crit_celsius|node_hwmon_temp_crit_hyst_celsius|node_hwmon_temp_max_celsius|node_interrupts_total|node_intr_total|node_load1|node_load15|node_load5|node_memory_Active_anon_bytes|node_memory_Active_bytes|node_memory_Active_file_bytes|node_memory_AnonHugePages_bytes|node_memory_AnonPages_bytes|node_memory_Bounce_bytes|node_memory_Buffers_bytes|node_memory_Cached_bytes|node_memory_CommitLimit_bytes|node_memory_Committed_AS_bytes|node_memory_DirectMap1G_bytes|node_memory_DirectMap2M_bytes|node_memory_DirectMap4k_bytes|node_memory_Dirty_bytes|node_memory_HardwareCorrupted_bytes|node_memory_HugePages_Free|node_memory_Hugepagesize_bytes|node_memory_HugePages_Rsvd|node_memory_HugePages_Surp|node_memory_HugePages_Total|node_memory_Inactive_anon_bytes|node_memory_Inactive_bytes|node_memory_Inactive_file_bytes|node_memory_KernelStack_bytes|node_memory_Mapped_bytes|node_memory_MemAvailable_bytes|node_memory_MemFree_bytes|node_memory_MemTotal_bytes|node_memory_Mlocked_bytes|node_memory_NFS_Unstable_bytes|node_memory_PageTables_bytes|node_memory_Percpu_bytes|node_memory_Shmem_bytes|node_memory_ShmemHugePages_bytes|node_memory_ShmemPmdMapped_bytes|node_memory_Slab_bytes|node_memory_SReclaimable_bytes|node_memory_SUnreclaim_bytes|node_memory_SwapCached_bytes|node_memory_SwapTotal_bytes|node_memory_Unevictable_bytes|node_memory_VmallocChunk_bytes|node_memory_VmallocTotal_bytes|node_memory_VmallocUsed_bytes|node_memory_Writeback_bytes|node_memory_WritebackTmp_bytes|node_netstat_Icmp_InErrors|node_netstat_Icmp_InMsgs|node_netstat_Icmp_OutMsgs|node_netstat_IpExt_InOctets|node_netstat_IpExt_OutOctets|node_netstat_Ip_Forwarding|node_netstat_Tcp_ActiveOpens|node_netstat_Tcp_CurrEstab|node_netstat_TcpExt_ListenDrops|node_netstat_TcpExt_ListenOverflows|node_netstat_TcpExt_SyncookiesFailed|node_netstat_TcpExt_SyncookiesRecv|node_netstat_TcpExt_SyncookiesSent|node_netstat_TcpExt_TCPSynRetrans|node_netstat_Tcp_InErrs|node_netstat_Tcp_InSegs|node_netstat_Tcp_MaxConn|node_netstat_Tcp_OutRsts|node_netstat_Tcp_OutSegs|node_netstat_Tcp_PassiveOpens|node_netstat_Tcp_RetransSegs|node_netstat_Udp_InDatagrams|node_netstat_Udp_InErrors|node_netstat_UdpLite_InErrors|node_netstat_Udp_NoPorts|node_netstat_Udp_OutDatagrams|node_netstat_Udp_RcvbufErrors|node_netstat_Udp_SndbufErrors|node_network_carrier|node_network_mtu_bytes|node_network_receive_bytes_total|node_network_receive_compressed_total|node_network_receive_drop_total|node_network_receive_errs_total|node_network_receive_fifo_total|node_network_receive_frame_total|node_network_receive_multicast_total|node_network_receive_packets_total|node_network_speed_bytes|node_network_transmit_bytes_total|node_network_transmit_carrier_total|node_network_transmit_colls_total|node_network_transmit_compressed_total|node_network_transmit_drop_total|node_network_transmit_errs_total|node_network_transmit_fifo_total|node_network_transmit_packets_total|node_network_transmit_queue_length|node_network_up|node_nf_conntrack_entries|node_nf_conntrack_entries_limit|node_power_supply_online|node_processes_max_processes|node_processes_max_threads|node_processes_pids|node_processes_state|node_processes_threads|node_procs_blocked|node_procs_running|node_schedstat_running_seconds_total|node_schedstat_timeslices_total|node_schedstat_waiting_seconds_total|node_scrape_collector_duration_seconds|node_scrape_collector_success|node_sockstat_FRAG_inuse|node_sockstat_FRAG_memory|node_sockstat_RAW_inuse|node_sockstat_sockets_used|node_sockstat_TCP_alloc|node_sockstat_TCP_inuse|node_sockstat_TCP_mem|node_sockstat_TCP_mem_bytes|node_sockstat_TCP_orphan|node_sockstat_TCP_tw|node_sockstat_UDP_inuse|node_sockstat_UDPLITE_inuse|node_sockstat_UDP_mem|node_sockstat_UDP_mem_bytes|node_softnet_dropped_total|node_softnet_processed_total|node_softnet_times_squeezed_total|node_systemd_socket_accepted_connections_total|node_systemd_units|node_textfile_scrape_error|node_time_seconds|node_timex_estimated_error_seconds|node_timex_frequency_adjustment_ratio|node_timex_loop_time_constant|node_timex_maxerror_seconds|node_timex_offset_seconds|node_timex_sync_status|node_timex_tai_offset_seconds|node_timex_tick_seconds|node_vmstat_oom_kill|node_vmstat_pgfault|node_vmstat_pgmajfault|node_vmstat_pgpgin|node_vmstat_pgpgout|node_vmstat_pswpin|node_vmstat_pswpout|process_cpu_seconds_total|process_max_fds|process_open_fds|process_resident_memory_max_bytes|process_virtual_memory_bytes|process_virtual_memory_max_bytes)'
+ action: keep
+ - source_labels: [__name__]
+ regex: '(^go_.*|^promhttp_metric_.*)'
+ action: drop
+ cadvisor:
+ enabled: true
+ docker_only: true
+ instance: "{{ domain_name }}"
+ disabled_metrics:
+ - disk
+ enabled_metrics:
+ - memory

deploy/ansible.cfg

@@ -10,3 +10,9 @@ become = True
 become_user = root
 become_ask_pass=False
 become_method=sudo
+
+[persistent_connection]
+command_timeout = 60
+
+[ssh_connection]
+retries=3

deploy/deploy.yaml

@@ -6,7 +6,6 @@
  container_image: "projectdiscovery/interactsh-server:{{container_tag}}"
  container_command: "-dr -d {{domain_name}} -metrics"
  certmagic_host_path: "/root/.local/share/certmagic"
- grafana_cloud_url: "{{ lookup('env', 'GRAFANA_CLOUD') }}"
  tasks:
  - name: Install aptitude
  apt:
@@ -62,36 +61,15 @@
  state: directory
  loop:
  - "{{ certmagic_host_path }}"
- - /etc/promtail/
  tags: dir
 
- - name: Copy promtail config file
- template:
- src: promtail.yml.j2
- dest: "/etc/promtail/promtail.yml"
- tags: promtail
-
- - name: Launch promtail container
- community.docker.docker_container:
- name: "promtail"
- image: "grafana/promtail:k88-c660a7e"
- command: "--config.file=/etc/promtail/promtail.yml"
- restart: true
- restart_policy: "unless-stopped"
- volumes:
- - "/var/lib/docker/containers:/var/lib/docker/containers:ro"
- - "/var/run/docker.sock:/var/run/docker.sock:ro"
- - "/etc/promtail:/etc/promtail"
- state: started
- tags: promtail
-
  - name: Pull Docker image
  community.docker.docker_image:
  name: "{{ container_image }}"
  source: pull
  tags: deploy
 
- - name: Launch docker container
+ - name: Launch interactsh docker container
  community.docker.docker_container:
  name: "{{ container_name }}"
  image: "{{ container_image }}"

deploy/grafana_agent.yaml

@@ -0,0 +1,59 @@
+- hosts: all
+ become: true
+ vars:
+ env_name: "oast"
+ container_name: "interactsh"
+ grafana_agent_image: "grafana/agent:latest"
+ grafana_cloud_url: "{{ lookup('env', 'GRAFANA_CLOUD') }}"
+ prometheus_cloud_url: "{{ lookup('env', 'PROM_URL') }}"
+ prometheus_cloud_password: "{{ lookup('env', 'PROM_PASS') }}"
+ prometheus_cloud_username: "{{ lookup('env', 'PROM_USERNAME') }}"
+ tasks:
+ - name: create grafana directory for config
+ file:
+ path: "{{ item }}"
+ state: directory
+ loop:
+ - /etc/grafana/
+ tags: dir
+
+ - name: copy grafana agent config file
+ template:
+ src: agent.yaml.j2
+ dest: "/etc/grafana/agent.yaml"
+ tags: agent
+
+ - name: pull Docker image of grafana agent
+ community.docker.docker_image:
+ name: "{{ grafana_agent_image }}"
+ source: pull
+ tags: agent
+
+ - name: create Grafana agent container
+ community.docker.docker_container:
+ name: grafana_agent
+ image: "{{ grafana_agent_image }}"
+ restart_policy: always
+ restart: true
+ state: started
+ volumes:
+ - "/etc/grafana/agent.yaml:/etc/agent-config/agent.yaml:ro"
+ - "/proc:/host/proc:ro"
+ - "/tmp/agent:/etc/agent"
+ - "/var/lib/docker/:/var/lib/docker:ro"
+ - "/var/run/docker.sock:/var/run/docker.sock:ro"
+ - "/run/containerd/containerd.sock:/run/containerd/containerd.sock:ro"
+ - "/var/lib/docker/containers:/var/lib/docker/containers:ro"
+ - "/:/rootfs:ro"
+ - "/var/run:/var/run:ro"
+ - "/sys:/sys:ro"
+ devices:
+ - "/dev/kmsg:/dev/kmsg"
+ privileged: true
+ entrypoint:
+ - "/bin/agent"
+ - "-config.file=/etc/agent-config/agent.yaml"
+ - "-metrics.wal-directory=/tmp/agent/wal"
+ - "-server.register-instrumentation=false"
+ network_mode: "host"
+ pid_mode: "host"

go.mod

@@ -5,7 +5,7 @@ go 1.19
 require (
  git.mills.io/prologic/smtpd v0.0.0-20210710122116-a525b76c287a
  github.com/Mzack9999/ldapserver v1.0.2-0.20211229000134-b44a0d6ad0dd
- github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
+ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
  github.com/caddyserver/certmagic v0.17.2
  github.com/docker/go-units v0.5.0
  github.com/goburrow/cache v0.1.4
@@ -14,19 +14,19 @@ require (
  github.com/karlseguin/ccache/v2 v2.0.8
  github.com/libdns/libdns v0.2.1
  github.com/mackerelio/go-osstat v0.2.4
- github.com/miekg/dns v1.1.52
+ github.com/miekg/dns v1.1.53
  github.com/pkg/errors v0.9.1
- github.com/projectdiscovery/asnmap v1.0.2
+ github.com/projectdiscovery/asnmap v1.0.3
  github.com/projectdiscovery/goflags v0.1.8
  github.com/projectdiscovery/gologger v1.1.8
- github.com/projectdiscovery/retryabledns v1.0.21
- github.com/projectdiscovery/retryablehttp-go v1.0.13
- github.com/projectdiscovery/utils v0.0.17
+ github.com/projectdiscovery/retryabledns v1.0.23
+ github.com/projectdiscovery/retryablehttp-go v1.0.15
+ github.com/projectdiscovery/utils v0.0.25
  github.com/remeh/sizedwaitgroup v1.0.0
- github.com/rs/xid v1.4.0
+ github.com/rs/xid v1.5.0
  github.com/stretchr/testify v1.8.2
  github.com/syndtr/goleveldb v1.0.0
- go.uber.org/multierr v1.10.0
+ go.uber.org/multierr v1.11.0
  go.uber.org/ratelimit v0.2.0
  go.uber.org/zap v1.24.0
  goftp.io/server/v2 v2.0.0
@@ -36,7 +36,7 @@ require (
 
 require (
  aead.dev/minisign v0.2.0 // indirect
- github.com/Masterminds/semver/v3 v3.2.0 // indirect
+ github.com/Masterminds/semver/v3 v3.2.1 // indirect
  github.com/Mzack9999/go-http-digest-auth-client v0.6.1-0.20220414142836-eb8883508809 // indirect
  github.com/VividCortex/ewma v1.2.0 // indirect
  github.com/alecthomas/chroma v0.10.0 // indirect
@@ -75,7 +75,7 @@ require (
  github.com/pierrec/lz4 v2.6.0+incompatible // indirect
  github.com/pmezard/go-difflib v1.0.0 // indirect
  github.com/projectdiscovery/blackrock v0.0.0-20221025011524-9e4efe804fb4 // indirect
- github.com/projectdiscovery/mapcidr v1.1.0 // indirect
+ github.com/projectdiscovery/mapcidr v1.1.1 // indirect
  github.com/rivo/uniseg v0.4.4 // indirect
  github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
  github.com/ulikunitz/xz v0.5.8 // indirect
@@ -84,13 +84,13 @@ require (
  github.com/yuin/goldmark-emoji v1.0.1 // indirect
  go.uber.org/atomic v1.10.0 // indirect
  golang.org/x/crypto v0.7.0 // indirect
- golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect
- golang.org/x/mod v0.8.0 // indirect
- golang.org/x/net v0.8.0 // indirect
- golang.org/x/oauth2 v0.5.0 // indirect
- golang.org/x/sys v0.6.0 // indirect
- golang.org/x/text v0.8.0 // indirect
- golang.org/x/tools v0.6.0 // indirect
+ golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 // indirect
+ golang.org/x/mod v0.9.0 // indirect
+ golang.org/x/net v0.9.0 // indirect
+ golang.org/x/oauth2 v0.7.0 // indirect
+ golang.org/x/sys v0.7.0 // indirect
+ golang.org/x/text v0.9.0 // indirect
+ golang.org/x/tools v0.7.0 // indirect
  google.golang.org/appengine v1.6.7 // indirect
  google.golang.org/protobuf v1.28.1 // indirect
  gopkg.in/djherbis/times.v1 v1.3.0 // indirect