Merge pull request #698 from projectdiscovery/dev

Interactsh <> nuclei integration release

v2/cmd/nuclei/main.go

@@ -85,6 +85,12 @@ based on templates offering massive extensibility and ease of use.`)
 	set.IntVar(&options.PageTimeout, "page-timeout", 20, "Seconds to wait for each page in headless")
 	set.BoolVarP(&options.NewTemplates, "new-templates", "nt", false, "Only run newly added templates")
 	set.StringVarP(&options.DiskExportDirectory, "disk-export", "de", "", "Directory on disk to export reports in markdown to")
+	set.BoolVar(&options.NoInteractsh, "no-interactsh", false, "Do not use interactsh server for blind interaction polling")
+	set.StringVar(&options.InteractshURL, "interactsh-url", "https://interact.sh", "Interactsh Server URL")
+	set.IntVar(&options.InteractionsCacheSize, "interactions-cache-size", 5000, "Number of requests to keep in interactions cache")
+	set.IntVar(&options.InteractionsEviction, "interactions-eviction", 60, "Number of seconds to wait before evicting requests from cache")
+	set.IntVar(&options.InteractionsPollDuration, "interactions-poll-duration", 5, "Number of seconds before each interaction poll request")
+	set.IntVar(&options.InteractionsColldownPeriod, "interactions-cooldown-period", 5, "Extra time for interaction polling before exiting")
 	_ = set.Parse()
 
 	if cfgFile != "" {

v2/go.mod

@@ -4,6 +4,7 @@ go 1.15
 
 require (
 	github.com/Knetic/govaluate v3.0.0+incompatible
+	github.com/alecthomas/jsonschema v0.0.0-20210413112511-5c9c23bdc720
 	github.com/andygrunwald/go-jira v1.13.0
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/corpix/uarand v0.1.1
@@ -16,6 +17,7 @@ require (
 	github.com/hashicorp/go-retryablehttp v0.6.8 // indirect
 	github.com/json-iterator/go v1.1.10
 	github.com/julienschmidt/httprouter v1.3.0
+	github.com/karlseguin/ccache v2.0.3+incompatible
 	github.com/karrick/godirwalk v1.16.1
 	github.com/logrusorgru/aurora v2.0.3+incompatible
 	github.com/mattn/go-runewidth v0.0.10 // indirect
@@ -29,6 +31,7 @@ require (
 	github.com/projectdiscovery/goflags v0.0.4
 	github.com/projectdiscovery/gologger v1.1.4
 	github.com/projectdiscovery/hmap v0.0.1
+	github.com/projectdiscovery/interactsh v0.0.2
 	github.com/projectdiscovery/rawhttp v0.0.6
 	github.com/projectdiscovery/retryabledns v1.0.10
 	github.com/projectdiscovery/retryablehttp-go v1.0.1

v2/go.sum

@@ -38,6 +38,8 @@ github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8L
 github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic=
 github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA=
+github.com/alecthomas/jsonschema v0.0.0-20210413112511-5c9c23bdc720 h1:eGgkuR6dLpW0rvJCOH6illGPbxyndL2J3f7wDI2qCsE=
+github.com/alecthomas/jsonschema v0.0.0-20210413112511-5c9c23bdc720/go.mod h1:/n6+1/DWPltRLWL/VKyUxg6tzsl5kHUCcraimt4vr60=
 github.com/andygrunwald/go-jira v1.13.0 h1:vvIImGgX32bHfoiyUwkNo+/YrPnRczNarvhLOncP6dE=
 github.com/andygrunwald/go-jira v1.13.0/go.mod h1:jYi4kFDbRPZTJdJOVJO4mpMMIwdB+rcZwSO58DzPd2I=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
@@ -61,6 +63,8 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumC
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
+github.com/eggsampler/acme/v3 v3.2.1 h1:Lfsrg3M2zt00QRnizOFzdpSfsS9oDvPsGrodXS/w1KI=
+github.com/eggsampler/acme/v3 v3.2.1/go.mod h1:/qh0rKC/Dh7Jj+p4So7DbWmFNzC4dpcpK53r226Fhuo=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -73,6 +77,7 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-redis/redis v6.15.5+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-rod/rod v0.91.1 h1:7xIlC/bXCXosZqZUl2x6GVB8tv4yMQ4W/ZVdGVa1qYI=
 github.com/go-rod/rod v0.91.1/go.mod h1:/W4lcZiCALPD603MnJGIvhtywP3R6yRB9EDfFfsHiiI=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -133,6 +138,8 @@ github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs=
+github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
@@ -147,13 +154,23 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 h1:i462o439ZjprVSFSZLZxcsoAe592sZB1rci2Z8j4wdk=
+github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/jasonlvhit/gocron v0.0.1 h1:qTt5qF3b3srDjeOIR4Le1LfeyvoYzJlYpqvG7tJX5YU=
+github.com/jasonlvhit/gocron v0.0.1/go.mod h1:k9a3TV8VcU73XZxfVHCHWMWF9SOqgoku0/QlY2yvlA4=
 github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/karlseguin/ccache v2.0.3+incompatible h1:j68C9tWOROiOLWTS/kCGg9IcJG+ACqn5+0+t8Oh83UU=
+github.com/karlseguin/ccache v2.0.3+incompatible/go.mod h1:CM9tNPzT6EdRh14+jiW8mEF9mkNZuuE51qmgGYUB93w=
+github.com/karlseguin/ccache/v2 v2.0.7 h1:y5Pfi4eiyYCOD6LS/Kj+o6Nb4M5Ngpw9qFQs+v44ZYM=
+github.com/karlseguin/ccache/v2 v2.0.7/go.mod h1:2BDThcfQMf/c0jnZowt16eW405XIqZPavt+HoYEtcxQ=
+github.com/karlseguin/expect v1.0.2-0.20190806010014-778a5f0c6003 h1:vJ0Snvo+SLMY72r5J4sEfkuE7AFbixEP2qRbEcum/wA=
+github.com/karlseguin/expect v1.0.2-0.20190806010014-778a5f0c6003/go.mod h1:zNBxMY8P21owkeogJELCLeHIt+voOSduHYTFUbwRAV8=
 github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA9iw=
 github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
@@ -164,6 +181,7 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
 github.com/logrusorgru/aurora v2.0.3+incompatible h1:tOpm7WcpBTn4fjmVfgpQq0EfczGlG91VSDkswnjF5A8=
 github.com/logrusorgru/aurora v2.0.3+incompatible/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
@@ -186,10 +204,12 @@ github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZ
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU=
+github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo=
+github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME=
+github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -203,10 +223,13 @@ github.com/projectdiscovery/fastdialer v0.0.8 h1:mEMc8bfXV5hc1PUEkJiUnR5imYQe6+8
 github.com/projectdiscovery/fastdialer v0.0.8/go.mod h1:AuaV0dzrNeBLHqjNnzpFSnTXnHGIZAlGQE+WUMmSIW4=
 github.com/projectdiscovery/goflags v0.0.4 h1:fWKLMAr3KmPlZxE1b54pfei+vGIUJn9q6aM7woZIbCY=
 github.com/projectdiscovery/goflags v0.0.4/go.mod h1:Ae1mJ5MIIqjys0lFe3GiMZ10Z8VLaxkYJ1ySA4Zv8HA=
+github.com/projectdiscovery/gologger v1.1.3/go.mod h1:jdXflz3TLB8bcVNzb0v26TztI9KPz8Lr4BVdUhNUs6E=
 github.com/projectdiscovery/gologger v1.1.4 h1:qWxGUq7ukHWT849uGPkagPKF3yBPYAsTtMKunQ8O2VI=
 github.com/projectdiscovery/gologger v1.1.4/go.mod h1:Bhb6Bdx2PV1nMaFLoXNBmHIU85iROS9y1tBuv7T5pMY=
 github.com/projectdiscovery/hmap v0.0.1 h1:VAONbJw5jP+syI5smhsfkrq9XPGn4aiYy5pR6KR1wog=
 github.com/projectdiscovery/hmap v0.0.1/go.mod h1:VDEfgzkKQdq7iGTKz8Ooul0NuYHQ8qiDs6r8bPD1Sb0=
+github.com/projectdiscovery/interactsh v0.0.2 h1:v2gsHQbuMKu0OxK+PEduKR7lRQFsdNSZjxmI7iRa46g=
+github.com/projectdiscovery/interactsh v0.0.2/go.mod h1:dWnKO14d2FLP3kLhI9DecEsiAC/aZiJoUBGFjGhDskY=
 github.com/projectdiscovery/rawhttp v0.0.6 h1:HbgPB1eKXQVV5F9sq0Uxflm95spWFyZYD8dgFpeOC9M=
 github.com/projectdiscovery/rawhttp v0.0.6/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
 github.com/projectdiscovery/retryabledns v1.0.7/go.mod h1:/UzJn4I+cPdQl6pKiiQfvVAT636YZvJQYZhYhGB0dUQ=
@@ -214,6 +237,8 @@ github.com/projectdiscovery/retryabledns v1.0.10 h1:xJZ2aKoqrNg/OZEw1+4+QIOH40V/
 github.com/projectdiscovery/retryabledns v1.0.10/go.mod h1:4sMC8HZyF01HXukRleSQYwz4870bwgb4+hTSXTMrkf4=
 github.com/projectdiscovery/retryablehttp-go v1.0.1 h1:V7wUvsZNq1Rcz7+IlcyoyQlNwshuwptuBVYWw9lx8RE=
 github.com/projectdiscovery/retryablehttp-go v1.0.1/go.mod h1:SrN6iLZilNG1X4neq1D+SBxoqfAF4nyzvmevkTkWsek=
+github.com/prologic/smtpd v0.0.0-20210126001904-0893ad18168e h1:ZT3wZ92sp/EHEE/HcFCWCsYS3ROLjHb6EqSX8qYrgXw=
+github.com/prologic/smtpd v0.0.0-20210126001904-0893ad18168e/go.mod h1:GkLsdH1RZj6RDKeI9A05NGZYmEZQ/PbQcZPnZoSZuYI=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E=
 github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo=
@@ -232,7 +257,9 @@ github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.3.1-0.20190311161405-34c6fa2dc709/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
@@ -244,6 +271,8 @@ github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6Kllzaw
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.2.1 h1:TVEnxayobAdVkhQfrfes2IzOB6o+z4roRkPF52WA1u4=
 github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
+github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0 h1:3UeQBvD0TFrlVjOeLOBz+CPAI8dnbqNSVwUwRrkp7vQ=
+github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0/go.mod h1:IXCdmsXIht47RaVFLEdVnh1t+pgYtTAhQGj73kz+2DM=
 github.com/xanzy/go-gitlab v0.44.0 h1:cEiGhqu7EpFGuei2a2etAwB+x6403E5CvpLn35y+GPs=
 github.com/xanzy/go-gitlab v0.44.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug=
 github.com/ysmood/goob v0.3.0 h1:XZ51cZJ4W3WCoCiUktixzMIQF86W7G5VFL4QQ/Q2uS0=
@@ -276,6 +305,7 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210218145215-b8e89b74b9df h1:y7QZzfUiTwWam+xBn29Ulb8CBwVN5UdzmMDavl9Whlw=
@@ -387,6 +417,7 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201113233024-12cec1faf1ba/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -533,6 +564,8 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/corvus-ch/zbase32.v1 v1.0.0 h1:K4u1NprbDNvKPczKfHLbwdOWHTZ0zfv2ow71H1nRnFU=
+gopkg.in/corvus-ch/zbase32.v1 v1.0.0/go.mod h1:T3oKkPOm4AV/bNXCNFUxRmlE9RUyBz/DSo0nK9U+c0Y=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=

v2/internal/runner/banner.go

@@ -7,11 +7,11 @@ const banner = `
      ____  __  _______/ /__  (_)
     / __ \/ / / / ___/ / _ \/ /
    / / / / /_/ / /__/ /  __/ /
-  /_/ /_/\__,_/\___/_/\___/_/   v2.3.5
+  /_/ /_/\__,_/\___/_/\___/_/   v2.3.6
 `
 
 // Version is the current version of nuclei
-const Version = `2.3.5`
+const Version = `2.3.6`
 
 // showBanner is used to show the banner to the user
 func showBanner() {

v2/internal/runner/runner.go

@@ -6,6 +6,7 @@ import (
 	"os"
 	"path"
 	"strings"
+	"time"
 
 	"github.com/logrusorgru/aurora"
 	"github.com/projectdiscovery/gologger"
@@ -18,6 +19,7 @@ import (
 	"github.com/projectdiscovery/nuclei/v2/pkg/projectfile"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/clusterer"
+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolinit"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless/engine"
 	"github.com/projectdiscovery/nuclei/v2/pkg/reporting"
@@ -35,6 +37,7 @@ import (
 type Runner struct {
 	hostMap         *hybrid.HybridMap
 	output          output.Writer
+	interactsh      *interactsh.Client
 	inputCount      int64
 	templatesConfig *nucleiConfig
 	options         *types.Options
@@ -197,6 +200,23 @@ func New(options *types.Options) (*Runner, error) {
 		}
 	}
 
+	if !options.NoInteractsh {
+		interactshClient, err := interactsh.New(&interactsh.Options{
+			ServerURL:      options.InteractshURL,
+			CacheSize:      int64(options.InteractionsCacheSize),
+			Eviction:       time.Duration(options.InteractionsEviction) * time.Second,
+			ColldownPeriod: time.Duration(options.InteractionsColldownPeriod) * time.Second,
+			PollDuration:   time.Duration(options.InteractionsPollDuration) * time.Second,
+			Output:         runner.output,
+			IssuesClient:   runner.issuesClient,
+			Progress:       runner.progress,
+		})
+		if err != nil {
+			return nil, err
+		}
+		runner.interactsh = interactshClient
+	}
+
 	// Enable Polling
 	if options.BurpCollaboratorBiid != "" {
 		collaborator.DefaultCollaborator.Collab.AddBIID(options.BurpCollaboratorBiid)
@@ -291,6 +311,7 @@ func (r *Runner) RunEnumeration() {
 				IssuesClient: r.issuesClient,
 				Browser:      r.browser,
 				ProjectFile:  r.projectFile,
+				Interactsh:   r.interactsh,
 			}
 			clusterID := fmt.Sprintf("cluster-%s", xid.New().String())
 
@@ -352,6 +373,13 @@ func (r *Runner) RunEnumeration() {
 		}(t)
 	}
 	wgtemplates.Wait()
+
+	if r.interactsh != nil {
+		matched := r.interactsh.Close()
+		if matched {
+			results.CAS(false, true)
+		}
+	}
 	r.progress.Stop()
 
 	if r.issuesClient != nil {

v2/internal/runner/templates.go

@@ -62,6 +62,7 @@ func (r *Runner) parseTemplateFile(file string) (*templates.Template, error) {
 		Catalog:      r.catalog,
 		IssuesClient: r.issuesClient,
 		RateLimiter:  r.ratelimiter,
+		Interactsh:   r.interactsh,
 		ProjectFile:  r.projectFile,
 		Browser:      r.browser,
 	}

v2/pkg/operators/operators.go

@@ -65,6 +65,30 @@ type Result struct {
 	PayloadValues map[string]interface{}
 }
 
+// Merge merges a result structure into the other.
+func (r *Result) Merge(result *Result) {
+	if !r.Matched && result.Matched {
+		r.Matched = result.Matched
+	}
+	if !r.Extracted && result.Extracted {
+		r.Extracted = result.Extracted
+	}
+
+	for k, v := range result.Matches {
+		r.Matches[k] = v
+	}
+	for k, v := range result.Extracts {
+		r.Extracts[k] = v
+	}
+	r.OutputExtracts = append(r.OutputExtracts, result.OutputExtracts...)
+	for k, v := range result.DynamicValues {
+		r.DynamicValues[k] = v
+	}
+	for k, v := range result.PayloadValues {
+		r.PayloadValues[k] = v
+	}
+}
+
 // MatchFunc performs matching operation for a matcher on model and returns true or false.
 type MatchFunc func(data map[string]interface{}, matcher *matchers.Matcher) bool
 
@@ -81,6 +105,7 @@ func (r *Operators) Execute(data map[string]interface{}, match MatchFunc, extrac
 		Extracts:      make(map[string][]string),
 		DynamicValues: make(map[string]interface{}),
 	}
+
 	// Start with the extractors first and evaluate them.
 	for _, extractor := range r.Extractors {
 		var extractorResults []string

v2/pkg/output/output.go

@@ -9,6 +9,7 @@ import (
 	jsoniter "github.com/json-iterator/go"
 	"github.com/logrusorgru/aurora"
 	"github.com/pkg/errors"
+	"github.com/projectdiscovery/interactsh/pkg/server"
 	"github.com/projectdiscovery/nuclei/v2/internal/colorizer"
 	"github.com/projectdiscovery/nuclei/v2/pkg/operators"
 )
@@ -79,6 +80,8 @@ type ResultEvent struct {
 	IP string `json:"ip,omitempty"`
 	// Timestamp is the time the result was found at.
 	Timestamp time.Time `json:"timestamp"`
+	// Interaction is the full details of interactsh interaction.
+	Interaction *server.Interaction `json:"interaction,omitempty"`
 }
 
 // NewStandardWriter creates a new output writer based on user configurations

v2/pkg/protocols/common/interactsh/interactsh.go

@@ -0,0 +1,203 @@
+package interactsh
+
+import (
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/karlseguin/ccache"
+	"github.com/pkg/errors"
+	"github.com/projectdiscovery/gologger"
+	"github.com/projectdiscovery/interactsh/pkg/client"
+	"github.com/projectdiscovery/interactsh/pkg/server"
+	"github.com/projectdiscovery/nuclei/v2/pkg/operators"
+	"github.com/projectdiscovery/nuclei/v2/pkg/output"
+	"github.com/projectdiscovery/nuclei/v2/pkg/progress"
+	"github.com/projectdiscovery/nuclei/v2/pkg/reporting"
+	"github.com/valyala/fasttemplate"
+)
+
+// Client is a wrapped client for interactsh server.
+type Client struct {
+	// interactsh is a client for interactsh server.
+	interactsh *client.Client
+	// requests is a stored cache for interactsh-url->request-event data.
+	requests *ccache.Cache
+
+	matched          bool
+	dotHostname      string
+	eviction         time.Duration
+	pollDuration     time.Duration
+	cooldownDuration time.Duration
+}
+
+var interactshURLMarker = "{{interactsh-url}}"
+
+// Options contains configuration options for interactsh nuclei integration.
+type Options struct {
+	// ServerURL is the URL of the interactsh server.
+	ServerURL string
+	// CacheSize is the numbers of requests to keep track of at a time.
+	// Older items are discarded in LRU manner in favor of new requests.
+	CacheSize int64
+	// Eviction is the period of time after which to automatically discard
+	// interaction requests.
+	Eviction time.Duration
+	// CooldownPeriod is additional time to wait for interactions after closing
+	// of the poller.
+	ColldownPeriod time.Duration
+	// PollDuration is the time to wait before each poll to the server for interactions.
+	PollDuration time.Duration
+	// Output is the output writer for nuclei
+	Output output.Writer
+	// IssuesClient is a client for issue exporting
+	IssuesClient *reporting.Client
+	// Progress is the nuclei progress bar implementation.
+	Progress progress.Progress
+}
+
+// New returns a new interactsh server client
+func New(options *Options) (*Client, error) {
+	parsed, err := url.Parse(options.ServerURL)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not parse server url")
+	}
+
+	interactsh, err := client.New(&client.Options{
+		ServerURL:         options.ServerURL,
+		PersistentSession: false,
+	})
+	if err != nil {
+		return nil, errors.Wrap(err, "could not create client")
+	}
+	configure := ccache.Configure()
+	configure = configure.MaxSize(options.CacheSize)
+	cache := ccache.New(configure)
+
+	interactClient := &Client{
+		interactsh:       interactsh,
+		eviction:         options.Eviction,
+		dotHostname:      "." + parsed.Host,
+		requests:         cache,
+		pollDuration:     options.PollDuration,
+		cooldownDuration: options.ColldownPeriod,
+	}
+
+	interactClient.interactsh.StartPolling(interactClient.pollDuration, func(interaction *server.Interaction) {
+		item := interactClient.requests.Get(interaction.UniqueID)
+		if item == nil {
+			return
+		}
+		data, ok := item.Value().(*RequestData)
+		if !ok {
+			return
+		}
+
+		data.Event.InternalEvent["interactsh_protocol"] = interaction.Protocol
+		data.Event.InternalEvent["interactsh_request"] = interaction.RawRequest
+		data.Event.InternalEvent["interactsh_response"] = interaction.RawResponse
+		result, matched := data.Operators.Execute(data.Event.InternalEvent, data.MatchFunc, data.ExtractFunc)
+		if !matched || result == nil {
+			return // if we don't match, return
+		}
+		interactClient.requests.Delete(interaction.UniqueID)
+
+		if data.Event.OperatorsResult != nil {
+			data.Event.OperatorsResult.Merge(result)
+		} else {
+			data.Event.OperatorsResult = result
+		}
+		data.Event.Results = data.MakeResultFunc(data.Event)
+		for _, result := range data.Event.Results {
+			result.Interaction = interaction
+			_ = options.Output.Write(result)
+			if !interactClient.matched {
+				interactClient.matched = true
+			}
+			options.Progress.IncrementMatched()
+
+			if options.IssuesClient != nil {
+				if err := options.IssuesClient.CreateIssue(result); err != nil {
+					gologger.Warning().Msgf("Could not create issue on tracker: %s", err)
+				}
+			}
+		}
+	})
+	return interactClient, nil
+}
+
+// URL returns a new URL that can be interacted with
+func (c *Client) URL() string {
+	return c.interactsh.URL()
+}
+
+// Close closes the interactsh clients after waiting for cooldown period.
+func (c *Client) Close() bool {
+	if c.cooldownDuration > 0 {
+		time.Sleep(c.cooldownDuration)
+	}
+	c.interactsh.StopPolling()
+	c.interactsh.Close()
+	return c.matched
+}
+
+// ReplaceMarkers replaces the {{interactsh-url}} placeholders to actual
+// URLs pointing to interactsh-server.
+//
+// It accepts data to replace as well as the URL to replace placeholders
+// with generated uniquely for each request.
+func (c *Client) ReplaceMarkers(data, interactshURL string) string {
+	if !strings.Contains(data, interactshURLMarker) {
+		return data
+	}
+	replaced := fasttemplate.ExecuteStringStd(data, "{{", "}}", map[string]interface{}{
+		"interactsh-url": interactshURL,
+	})
+	return replaced
+}
+
+// MakeResultEventFunc is a result making function for nuclei
+type MakeResultEventFunc func(wrapped *output.InternalWrappedEvent) []*output.ResultEvent
+
+// RequestData contains data for a request event
+type RequestData struct {
+	MakeResultFunc MakeResultEventFunc
+	Event          *output.InternalWrappedEvent
+	Operators      *operators.Operators
+	MatchFunc      operators.MatchFunc
+	ExtractFunc    operators.ExtractFunc
+}
+
+// RequestEvent is the event for a network request sent by nuclei.
+func (c *Client) RequestEvent(interactshURL string, data *RequestData) {
+	id := strings.TrimSuffix(interactshURL, c.dotHostname)
+	c.requests.Set(id, data, c.eviction)
+}
+
+// HasMatchers returns true if an operator has interactsh part
+// matchers or extractors.
+//
+// Used by requests to show result or not depending on presence of interact.sh
+// data part matchers.
+func HasMatchers(op *operators.Operators) bool {
+	if op == nil {
+		return false
+	}
+
+	for _, matcher := range op.Matchers {
+		for _, dsl := range matcher.DSL {
+			if strings.Contains(dsl, "interactsh") {
+				return true
+			}
+		}
+		if strings.HasPrefix(matcher.Part, "interactsh") {
+			return true
+		}
+	}
+	for _, matcher := range op.Extractors {
+		if strings.HasPrefix(matcher.Part, "interactsh") {
+			return true
+		}
+	}
+	return false
+}

v2/pkg/protocols/http/build_request.go

@@ -37,7 +37,7 @@ type generatedRequest struct {
 
 // Make creates a http request for the provided input.
 // It returns io.EOF as error when all the requests have been exhausted.
-func (r *requestGenerator) Make(baseURL string, dynamicValues map[string]interface{}) (*generatedRequest, error) {
+func (r *requestGenerator) Make(baseURL string, dynamicValues map[string]interface{}, interactURL string) (*generatedRequest, error) {
 	// We get the next payload for the request.
 	data, payloads, ok := r.nextValue()
 	if !ok {
@@ -65,9 +65,9 @@ func (r *requestGenerator) Make(baseURL string, dynamicValues map[string]interfa
 	// If data contains \n it's a raw request, process it like raw. Else
 	// continue with the template based request flow.
 	if isRawRequest {
-		return r.makeHTTPRequestFromRaw(ctx, parsedString, data, values, payloads)
+		return r.makeHTTPRequestFromRaw(ctx, parsedString, data, values, payloads, interactURL)
 	}
-	return r.makeHTTPRequestFromModel(ctx, data, values)
+	return r.makeHTTPRequestFromModel(ctx, data, values, interactURL)
 }
 
 // Total returns the total number of requests for the generator
@@ -96,8 +96,11 @@ func baseURLWithTemplatePrefs(data string, parsed *url.URL) (string, *url.URL) {
 }
 
 // MakeHTTPRequestFromModel creates a *http.Request from a request template
-func (r *requestGenerator) makeHTTPRequestFromModel(ctx context.Context, data string, values map[string]interface{}) (*generatedRequest, error) {
+func (r *requestGenerator) makeHTTPRequestFromModel(ctx context.Context, data string, values map[string]interface{}, interactURL string) (*generatedRequest, error) {
 	final := replacer.Replace(data, values)
+	if interactURL != "" {
+		final = r.options.Interactsh.ReplaceMarkers(final, interactURL)
+	}
 
 	// Build a request on the specified URL
 	req, err := http.NewRequestWithContext(ctx, r.request.Method, final, nil)
@@ -105,7 +108,7 @@ func (r *requestGenerator) makeHTTPRequestFromModel(ctx context.Context, data st
 		return nil, err
 	}
 
-	request, err := r.fillRequest(req, values)
+	request, err := r.fillRequest(req, values, interactURL)
 	if err != nil {
 		return nil, err
 	}
@@ -113,7 +116,10 @@ func (r *requestGenerator) makeHTTPRequestFromModel(ctx context.Context, data st
 }
 
 // makeHTTPRequestFromRaw creates a *http.Request from a raw request
-func (r *requestGenerator) makeHTTPRequestFromRaw(ctx context.Context, baseURL, data string, values, payloads map[string]interface{}) (*generatedRequest, error) {
+func (r *requestGenerator) makeHTTPRequestFromRaw(ctx context.Context, baseURL, data string, values, payloads map[string]interface{}, interactURL string) (*generatedRequest, error) {
+	if interactURL != "" {
+		data = r.options.Interactsh.ReplaceMarkers(data, interactURL)
+	}
 	return r.handleRawWithPayloads(ctx, data, baseURL, values, payloads)
 }
 
@@ -158,8 +164,11 @@ func (r *requestGenerator) handleRawWithPayloads(ctx context.Context, rawRequest
 			continue
 		}
 		req.Header[key] = []string{value}
+		if key == "Host" {
+			req.Host = value
+		}
 	}
-	request, err := r.fillRequest(req, values)
+	request, err := r.fillRequest(req, values, "")
 	if err != nil {
 		return nil, err
 	}
@@ -168,10 +177,16 @@ func (r *requestGenerator) handleRawWithPayloads(ctx context.Context, rawRequest
 }
 
 // fillRequest fills various headers in the request with values
-func (r *requestGenerator) fillRequest(req *http.Request, values map[string]interface{}) (*retryablehttp.Request, error) {
+func (r *requestGenerator) fillRequest(req *http.Request, values map[string]interface{}, interactURL string) (*retryablehttp.Request, error) {
 	// Set the header values requested
 	for header, value := range r.request.Headers {
+		if interactURL != "" {
+			value = r.options.Interactsh.ReplaceMarkers(value, interactURL)
+		}
 		req.Header[header] = []string{replacer.Replace(value, values)}
+		if header == "Host" {
+			req.Host = replacer.Replace(value, values)
+		}
 	}
 
 	// In case of multiple threads the underlying connection should remain open to allow reuse
@@ -181,7 +196,11 @@ func (r *requestGenerator) fillRequest(req *http.Request, values map[string]inte
 
 	// Check if the user requested a request body
 	if r.request.Body != "" {
-		req.Body = ioutil.NopCloser(strings.NewReader(r.request.Body))
+		body := r.request.Body
+		if interactURL != "" {
+			body = r.options.Interactsh.ReplaceMarkers(body, interactURL)
+		}
+		req.Body = ioutil.NopCloser(strings.NewReader(body))
 	}
 	setHeader(req, "User-Agent", uarand.GetRandom())
 
@@ -198,4 +217,7 @@ func setHeader(req *http.Request, name, value string) {
 	if _, ok := req.Header[name]; !ok {
 		req.Header.Set(name, value)
 	}
+	if name == "Host" {
+		req.Host = value
+	}
 }

v2/pkg/protocols/http/build_request_test.go

@@ -42,7 +42,7 @@ func TestMakeRequestFromModal(t *testing.T) {
 	require.Nil(t, err, "could not compile http request")
 
 	generator := request.newGenerator()
-	req, err := generator.Make("https://example.com", map[string]interface{}{})
+	req, err := generator.Make("https://example.com", map[string]interface{}{}, "")
 	require.Nil(t, err, "could not make http request")
 
 	bodyBytes, _ := req.request.BodyBytes()
@@ -69,12 +69,12 @@ func TestMakeRequestFromModalTrimSuffixSlash(t *testing.T) {
 	require.Nil(t, err, "could not compile http request")
 
 	generator := request.newGenerator()
-	req, err := generator.Make("https://example.com/test.php", map[string]interface{}{})
+	req, err := generator.Make("https://example.com/test.php", map[string]interface{}{}, "")
 	require.Nil(t, err, "could not make http request")
 	require.Equal(t, "https://example.com/test.php?query=example", req.request.URL.String(), "could not get correct request path")
 
 	generator = request.newGenerator()
-	req, err = generator.Make("https://example.com/test/", map[string]interface{}{})
+	req, err = generator.Make("https://example.com/test/", map[string]interface{}{}, "")
 	require.Nil(t, err, "could not make http request")
 	require.Equal(t, "https://example.com/test/?query=example", req.request.URL.String(), "could not get correct request path")
 }
@@ -107,12 +107,12 @@ Accept-Encoding: gzip`},
 	require.Nil(t, err, "could not compile http request")
 
 	generator := request.newGenerator()
-	req, err := generator.Make("https://example.com", map[string]interface{}{})
+	req, err := generator.Make("https://example.com", map[string]interface{}{}, "")
 	require.Nil(t, err, "could not make http request")
 	authorization := req.request.Header.Get("Authorization")
 	require.Equal(t, "Basic admin:admin", authorization, "could not get correct authorization headers from raw")
 
-	req, err = generator.Make("https://example.com", map[string]interface{}{})
+	req, err = generator.Make("https://example.com", map[string]interface{}{}, "")
 	require.Nil(t, err, "could not make http request")
 	authorization = req.request.Header.Get("Authorization")
 	require.Equal(t, "Basic admin:guest", authorization, "could not get correct authorization headers from raw")
@@ -146,12 +146,12 @@ Accept-Encoding: gzip`},
 	require.Nil(t, err, "could not compile http request")
 
 	generator := request.newGenerator()
-	req, err := generator.Make("https://example.com", map[string]interface{}{})
+	req, err := generator.Make("https://example.com", map[string]interface{}{}, "")
 	require.Nil(t, err, "could not make http request")
 	authorization := req.request.Header.Get("Authorization")
 	require.Equal(t, "Basic YWRtaW46YWRtaW4=", authorization, "could not get correct authorization headers from raw")
 
-	req, err = generator.Make("https://example.com", map[string]interface{}{})
+	req, err = generator.Make("https://example.com", map[string]interface{}{}, "")
 	require.Nil(t, err, "could not make http request")
 	authorization = req.request.Header.Get("Authorization")
 	require.Equal(t, "Basic YWRtaW46Z3Vlc3Q=", authorization, "could not get correct authorization headers from raw")

v2/pkg/protocols/http/raw/raw.go

@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
-	"net"
 	"net/url"
 	"strings"
 
@@ -100,20 +99,11 @@ func Parse(request, baseURL string, unsafe bool) (*Request, error) {
 		rawRequest.Path = parts[1]
 	}
 
-	// If raw request doesn't have a Host header and/ path,
-	// this will be generated from the parsed baseURL
 	parsedURL, err := url.Parse(baseURL)
 	if err != nil {
 		return nil, fmt.Errorf("could not parse request URL: %s", err)
 	}
-
-	templateHost := rawRequest.Headers["Host"]
 	hostURL := parsedURL.Host
-
-	if strings.Contains(templateHost, ":") {
-		_, templatePort, _ := net.SplitHostPort(templateHost)
-		hostURL = net.JoinHostPort(parsedURL.Hostname(), templatePort)
-	}
 	if strings.HasSuffix(parsedURL.Path, "/") && strings.HasPrefix(rawRequest.Path, "/") {
 		parsedURL.Path = strings.TrimSuffix(parsedURL.Path, "/")
 	}
@@ -123,6 +113,12 @@ func Parse(request, baseURL string, unsafe bool) (*Request, error) {
 	}
 	rawRequest.FullURL = fmt.Sprintf("%s://%s%s", parsedURL.Scheme, strings.TrimSpace(hostURL), rawRequest.Path)
 
+	// If raw request doesn't have a Host header
+	// this will be generated from the parsed baseURL
+	if rawRequest.Headers["Host"] == "" {
+		rawRequest.Headers["Host"] = hostURL
+	}
+
 	// Set the request body
 	b, err := ioutil.ReadAll(reader)
 	if err != nil {

v2/pkg/protocols/http/raw/raw_test.go

@@ -15,7 +15,7 @@ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
 Accept-Language: en-US,en;q=0.9`, "https://example.com:8080", false)
 	require.Nil(t, err, "could not parse GET request")
-	require.Equal(t, "https://example.com:123/gg/phpinfo.php", request.FullURL, "Could not parse request url correctly")
+	require.Equal(t, "https://example.com:8080/gg/phpinfo.php", request.FullURL, "Could not parse request url correctly")
 	require.Equal(t, "/gg/phpinfo.php", request.Path, "Could not parse request path correctly")
 
 	t.Run("path-suffix", func(t *testing.T) {
@@ -29,17 +29,17 @@ Host: {{Hostname}}`, "https://example.com:8080/test", false)
 		request, err := Parse(`GET ?username=test&password=test HTTP/1.1
 Host: {{Hostname}}:123`, "https://example.com:8080/test", false)
 		require.Nil(t, err, "could not parse GET request")
-		require.Equal(t, "https://example.com:123/test?username=test&password=test", request.FullURL, "Could not parse request url correctly")
+		require.Equal(t, "https://example.com:8080/test?username=test&password=test", request.FullURL, "Could not parse request url correctly")
 
 		request, err = Parse(`GET ?username=test&password=test HTTP/1.1
 Host: {{Hostname}}:123`, "https://example.com:8080/test/", false)
 		require.Nil(t, err, "could not parse GET request")
-		require.Equal(t, "https://example.com:123/test/?username=test&password=test", request.FullURL, "Could not parse request url correctly")
+		require.Equal(t, "https://example.com:8080/test/?username=test&password=test", request.FullURL, "Could not parse request url correctly")
 
 		request, err = Parse(`GET /?username=test&password=test HTTP/1.1
 		Host: {{Hostname}}:123`, "https://example.com:8080/test/", false)
 		require.Nil(t, err, "could not parse GET request")
-		require.Equal(t, "https://example.com:123/test/?username=test&password=test", request.FullURL, "Could not parse request url correctly")
+		require.Equal(t, "https://example.com:8080/test/?username=test&password=test", request.FullURL, "Could not parse request url correctly")
 	})
 }
 

v2/pkg/protocols/http/request.go

@@ -17,6 +17,7 @@ import (
 	"github.com/projectdiscovery/nuclei/v2/pkg/output"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/tostring"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/httpclientpool"
 	"github.com/projectdiscovery/rawhttp"
@@ -33,7 +34,7 @@ func (r *Request) executeRaceRequest(reqURL string, previous output.InternalEven
 	// Requests within race condition should be dumped once and the output prefilled to allow DSL language to work
 	// This will introduce a delay and will populate in hacky way the field "request" of outputEvent
 	generator := r.newGenerator()
-	requestForDump, err := generator.Make(reqURL, nil)
+	requestForDump, err := generator.Make(reqURL, nil, "")
 	if err != nil {
 		return err
 	}
@@ -51,7 +52,7 @@ func (r *Request) executeRaceRequest(reqURL string, previous output.InternalEven
 	// Pre-Generate requests
 	for i := 0; i < r.RaceNumberRequests; i++ {
 		generator := r.newGenerator()
-		request, err := generator.Make(reqURL, nil)
+		request, err := generator.Make(reqURL, nil, "")
 		if err != nil {
 			return err
 		}
@@ -90,7 +91,7 @@ func (r *Request) executeParallelHTTP(reqURL string, dynamicValues, previous out
 	var requestErr error
 	mutex := &sync.Mutex{}
 	for {
-		request, err := generator.Make(reqURL, dynamicValues)
+		request, err := generator.Make(reqURL, dynamicValues, "")
 		if err == io.EOF {
 			break
 		}
@@ -148,7 +149,7 @@ func (r *Request) executeTurboHTTP(reqURL string, dynamicValues, previous output
 	var requestErr error
 	mutex := &sync.Mutex{}
 	for {
-		request, err := generator.Make(reqURL, dynamicValues)
+		request, err := generator.Make(reqURL, dynamicValues, "")
 		if err == io.EOF {
 			break
 		}
@@ -197,7 +198,13 @@ func (r *Request) ExecuteWithResults(reqURL string, dynamicValues, previous outp
 	requestCount := 1
 	var requestErr error
 	for {
-		request, err := generator.Make(reqURL, dynamicValues)
+		hasInteractMarkers := interactsh.HasMatchers(r.CompiledOperators)
+
+		var interactURL string
+		if r.options.Interactsh != nil && hasInteractMarkers {
+			interactURL = r.options.Interactsh.URL()
+		}
+		request, err := generator.Make(reqURL, dynamicValues, interactURL)
 		if err == io.EOF {
 			break
 		}
@@ -214,6 +221,15 @@ func (r *Request) ExecuteWithResults(reqURL string, dynamicValues, previous outp
 				gotOutput = true
 				dynamicValues = generators.MergeMaps(dynamicValues, event.OperatorsResult.DynamicValues)
 			}
+			if hasInteractMarkers && r.options.Interactsh != nil {
+				r.options.Interactsh.RequestEvent(interactURL, &interactsh.RequestData{
+					MakeResultFunc: r.MakeResultEvent,
+					Event:          event,
+					Operators:      r.CompiledOperators,
+					MatchFunc:      r.Match,
+					ExtractFunc:    r.Extract,
+				})
+			}
 			callback(event)
 		}, requestCount)
 		if err != nil {
@@ -393,14 +409,16 @@ func (r *Request) executeRequest(reqURL string, request *generatedRequest, previ
 	}
 
 	event := &output.InternalWrappedEvent{InternalEvent: outputEvent}
-	if r.CompiledOperators != nil {
-		var ok bool
-		event.OperatorsResult, ok = r.CompiledOperators.Execute(finalEvent, r.Match, r.Extract)
-		if ok && event.OperatorsResult != nil {
-			event.OperatorsResult.PayloadValues = request.meta
-			event.Results = r.MakeResultEvent(event)
+	if !interactsh.HasMatchers(r.CompiledOperators) {
+		if r.CompiledOperators != nil {
+			var ok bool
+			event.OperatorsResult, ok = r.CompiledOperators.Execute(finalEvent, r.Match, r.Extract)
+			if ok && event.OperatorsResult != nil {
+				event.OperatorsResult.PayloadValues = request.meta
+				event.Results = r.MakeResultEvent(event)
+			}
+			event.InternalEvent = outputEvent
 		}
-		event.InternalEvent = outputEvent
 	}
 	callback(event)
 	return nil
@@ -412,7 +430,11 @@ func (r *Request) setCustomHeaders(req *generatedRequest) {
 		if req.rawRequest != nil {
 			req.rawRequest.Headers[k] = v
 		} else {
-			req.request.Header.Set(strings.TrimSpace(k), strings.TrimSpace(v))
+			kk, vv := strings.TrimSpace(k), strings.TrimSpace(v)
+			req.request.Header.Set(kk, vv)
+			if kk == "Host" {
+				req.request.Host = vv
+			}
 		}
 	}
 }

v2/pkg/protocols/http/request_generator.go

@@ -1,6 +1,9 @@
 package http
 
-import "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
+import (
+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
+)
 
 // requestGenerator generates requests sequentially based on various
 // configurations for a http request template.
@@ -11,12 +14,13 @@ import "github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
 type requestGenerator struct {
 	currentIndex    int
 	request         *Request
+	options         *protocols.ExecuterOptions
 	payloadIterator *generators.Iterator
 }
 
 // newGenerator creates a new request generator instance
 func (r *Request) newGenerator() *requestGenerator {
-	generator := &requestGenerator{request: r}
+	generator := &requestGenerator{request: r, options: r.options}
 
 	if len(r.Payloads) > 0 {
 		generator.payloadIterator = r.generator.NewIterator()

v2/pkg/protocols/network/request.go

@@ -13,6 +13,7 @@ import (
 	"github.com/projectdiscovery/gologger"
 	"github.com/projectdiscovery/nuclei/v2/pkg/output"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer"
 )
 
@@ -77,6 +78,12 @@ func (r *Request) executeAddress(actualAddress, address, input string, shouldUse
 	defer conn.Close()
 	_ = conn.SetReadDeadline(time.Now().Add(time.Duration(r.options.Options.Timeout) * time.Second))
 
+	hasInteractMarkers := interactsh.HasMatchers(r.CompiledOperators)
+	var interactURL string
+	if r.options.Interactsh != nil && hasInteractMarkers {
+		interactURL = r.options.Interactsh.URL()
+	}
+
 	responseBuilder := &strings.Builder{}
 	reqBuilder := &strings.Builder{}
 
@@ -88,6 +95,9 @@ func (r *Request) executeAddress(actualAddress, address, input string, shouldUse
 		case "hex":
 			data, err = hex.DecodeString(input.Data)
 		default:
+			if interactURL != "" {
+				input.Data = r.options.Interactsh.ReplaceMarkers(input.Data, interactURL)
+			}
 			data = []byte(input.Data)
 		}
 		if err != nil {
@@ -150,11 +160,23 @@ func (r *Request) executeAddress(actualAddress, address, input string, shouldUse
 	}
 
 	event := &output.InternalWrappedEvent{InternalEvent: outputEvent}
-	if r.CompiledOperators != nil {
-		result, ok := r.CompiledOperators.Execute(outputEvent, r.Match, r.Extract)
-		if ok && result != nil {
-			event.OperatorsResult = result
-			event.Results = r.MakeResultEvent(event)
+	if !hasInteractMarkers {
+		if r.CompiledOperators != nil {
+			result, ok := r.CompiledOperators.Execute(outputEvent, r.Match, r.Extract)
+			if ok && result != nil {
+				event.OperatorsResult = result
+				event.Results = r.MakeResultEvent(event)
+			}
+		}
+	} else {
+		if r.options.Interactsh != nil {
+			r.options.Interactsh.RequestEvent(interactURL, &interactsh.RequestData{
+				MakeResultFunc: r.MakeResultEvent,
+				Event:          event,
+				Operators:      r.CompiledOperators,
+				MatchFunc:      r.Match,
+				ExtractFunc:    r.Extract,
+			})
 		}
 	}
 	callback(event)

v2/pkg/protocols/protocols.go

@@ -8,6 +8,7 @@ import (
 	"github.com/projectdiscovery/nuclei/v2/pkg/output"
 	"github.com/projectdiscovery/nuclei/v2/pkg/progress"
 	"github.com/projectdiscovery/nuclei/v2/pkg/projectfile"
+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless/engine"
 	"github.com/projectdiscovery/nuclei/v2/pkg/reporting"
 	"github.com/projectdiscovery/nuclei/v2/pkg/types"
@@ -50,6 +51,8 @@ type ExecuterOptions struct {
 	ProjectFile *projectfile.ProjectFile
 	// Browser is a browser engine for running headless templates
 	Browser *engine.Browser
+	// Interactsh is a client for interactsh oob polling server
+	Interactsh *interactsh.Client
 
 	Operators []*operators.Operators // only used by offlinehttp module
 }

v2/pkg/reporting/format/format.go

@@ -86,6 +86,31 @@ func MarkdownDescription(event *output.ResultEvent) string {
 			builder.WriteString("\n")
 		}
 	}
+	if event.Interaction != nil {
+		builder.WriteString("**Interaction Data**\n---\n")
+		builder.WriteString(event.Interaction.Protocol)
+		if event.Interaction.QType != "" {
+			builder.WriteString(" (")
+			builder.WriteString(event.Interaction.QType)
+			builder.WriteString(")")
+		}
+		builder.WriteString(" Interaction from ")
+		builder.WriteString(event.Interaction.RemoteAddress)
+		builder.WriteString(" at ")
+		builder.WriteString(event.Interaction.UniqueID)
+
+		if event.Interaction.RawRequest != "" {
+			builder.WriteString("\n\n**Interaction Request**\n\n```\n")
+			builder.WriteString(event.Interaction.RawRequest)
+			builder.WriteString("\n```\n")
+		}
+		if event.Interaction.RawResponse != "" {
+			builder.WriteString("\n**Interaction Response**\n\n```\n")
+			builder.WriteString(event.Interaction.RawResponse)
+			builder.WriteString("\n```\n")
+		}
+	}
+
 	builder.WriteString("\n---\nGenerated by [Nuclei](https://github.com/projectdiscovery/nuclei)")
 	data := builder.String()
 	return data

v2/pkg/reporting/trackers/jira/jira.go

@@ -129,6 +129,30 @@ func jiraFormatDescription(event *output.ResultEvent) string {
 			builder.WriteString("\n")
 		}
 	}
+	if event.Interaction != nil {
+		builder.WriteString("*Interaction Data*\n---\n")
+		builder.WriteString(event.Interaction.Protocol)
+		if event.Interaction.QType != "" {
+			builder.WriteString(" (")
+			builder.WriteString(event.Interaction.QType)
+			builder.WriteString(")")
+		}
+		builder.WriteString(" Interaction from ")
+		builder.WriteString(event.Interaction.RemoteAddress)
+		builder.WriteString(" at ")
+		builder.WriteString(event.Interaction.UniqueID)
+
+		if event.Interaction.RawRequest != "" {
+			builder.WriteString("\n\n*Interaction Request*\n\n{code}\n")
+			builder.WriteString(event.Interaction.RawRequest)
+			builder.WriteString("\n{code}\n")
+		}
+		if event.Interaction.RawResponse != "" {
+			builder.WriteString("\n*Interaction Response*\n\n{code}\n")
+			builder.WriteString(event.Interaction.RawResponse)
+			builder.WriteString("\n{code}\n")
+		}
+	}
 	builder.WriteString("\n---\nGenerated by [Nuclei|https://github.com/projectdiscovery/nuclei]")
 	data := builder.String()
 	return data

v2/pkg/templates/templates.go

@@ -17,22 +17,22 @@ type Template struct {
 	// Info contains information about the template
 	Info map[string]interface{} `yaml:"info"`
 	// RequestsHTTP contains the http request to make in the template
-	RequestsHTTP []*http.Request `yaml:"requests,omitempty"`
+	RequestsHTTP []*http.Request `yaml:"requests,omitempty" json:"requests"`
 	// RequestsDNS contains the dns request to make in the template
-	RequestsDNS []*dns.Request `yaml:"dns,omitempty"`
+	RequestsDNS []*dns.Request `yaml:"dns,omitempty" json:"dns"`
 	// RequestsFile contains the file request to make in the template
-	RequestsFile []*file.Request `yaml:"file,omitempty"`
+	RequestsFile []*file.Request `yaml:"file,omitempty" json:"file"`
 	// RequestsNetwork contains the network request to make in the template
-	RequestsNetwork []*network.Request `yaml:"network,omitempty"`
+	RequestsNetwork []*network.Request `yaml:"network,omitempty" json:"network"`
 	// RequestsHeadless contains the headless request to make in the template.
-	RequestsHeadless []*headless.Request `yaml:"headless,omitempty"`
+	RequestsHeadless []*headless.Request `yaml:"headless,omitempty" json:"headless"`
 
 	// Workflows is a yaml based workflow declaration code.
 	workflows.Workflow `yaml:",inline,omitempty"`
-	CompiledWorkflow   *workflows.Workflow `yaml:"-"`
+	CompiledWorkflow   *workflows.Workflow `yaml:"-" json:"-" jsonschema:"-"`
 
 	// TotalRequests is the total number of requests for the template.
-	TotalRequests int `yaml:"-"`
+	TotalRequests int `yaml:"-" json:"-"`
 	// Executer is the actual template executor for running template requests
-	Executer protocols.Executer `yaml:"-"`
+	Executer protocols.Executer `yaml:"-" json:"-"`
 }

v2/pkg/types/types.go

@@ -25,6 +25,8 @@ type Options struct {
 	BurpCollaboratorBiid string
 	// ProjectPath allows nuclei to use a user defined project folder
 	ProjectPath string
+	// InteractshURL is the URL for the interactsh server.
+	InteractshURL string
 	// Target is a single URL/Domain to scan using a template
 	Target string
 	// Targets specifies the targets to scan using templates.
@@ -63,6 +65,16 @@ type Options struct {
 	RateLimit int
 	// PageTimeout is the maximum time to wait for a page in seconds
 	PageTimeout int
+	// InteractionsCacheSize is the number of interaction-url->req to keep in cache at a time.
+	InteractionsCacheSize int
+	// InteractionsPollDuration is the number of seconds to wait before each interaction poll
+	InteractionsPollDuration int
+	// Eviction is the number of seconds after which to automatically discard
+	// interaction requests.
+	InteractionsEviction int
+	// InteractionsColldownPeriod is additional seconds to wait for interactions after closing
+	// of the poller.
+	InteractionsColldownPeriod int
 	// OfflineHTTP is a flag that specific offline processing of http response
 	// using same matchers/extractors from http protocol without the need
 	// to send a new request, reading responses from a file.
@@ -111,4 +123,6 @@ type Options struct {
 	Project bool
 	// NewTemplates only runs newly added templates from the repository
 	NewTemplates bool
+	// NoInteractsh disables use of interactsh server for interaction polling
+	NoInteractsh bool
 }