interactsh

interactsh is a standalone async Rust client for out-of-band interaction polling. It extracts the reusable correlation logic from scanner-specific code so any security tool can generate callback hostnames, tag them with local context, and poll a compatible OOB service later.

Features

• Async polling over reqwest
• Correlation ID and nonce tracking with arbitrary labels and attributes
• Defensive poll parsing with configurable response size limits
• TOML config load/save helpers for local tooling
• Examples and 20+ tests covering URL generation, config handling, and polling behavior

Installation

[dependencies]
interactsh = "0.1"

Quick start

use interactsh::{ClientConfig, InteractionContext, InteractshClient};

# #[tokio::main]
# async fn main() -> Result<(), Box<dyn std::error::Error>> {
let client = InteractshClient::new(ClientConfig {
    server: "oast.pro".into(),
    ..ClientConfig::default()
}).await?;

let generated = client.generate_url(
    InteractionContext::new("blind-sqli")
        .with_attribute("target", "https://example.com/search")
)?;

println!("{}", generated.url);
# Ok(())
# }

TOML config

server = "oast.pro"
token = "replace-me"
authorization_header = "Authorization"
correlation_id_length = 14
nonce_length = 16
max_poll_response_bytes = 10485760
default_scheme = "https"

Notes

• This crate focuses on correlation, polling, and config management.
• It expects a polling endpoint compatible with GET /poll?id=<correlation_id>.
• It does not implement the full encrypted Interactsh registration handshake.