Merge branch 'dev'

README.md

@@ -35,7 +35,7 @@
 - Dynamic HTTP Response control
 - Self-Hosted Interactsh Server
 - Multiple domain support **(self-hosted)**
-- NTLM/SMB/FTP/RESPONDER Listener **(self-hosted)**
+- NTLM/SMB/FTP(S)/RESPONDER Listener **(self-hosted)**
 - Wildcard / Protected Interactions **(self-hosted)**
 - Customizable Index / File hosting **(self-hosted)**
 - Customizable Payload Length **(self-hosted)**
@@ -363,6 +363,7 @@ SERVICES:
    -ftp                    start ftp agent (authenticated)
    -smb-port int           port to use for smb service (default 445)
    -ftp-port int           port to use for ftp service (default 21)
+   -ftps-port int          port to use for ftps service (default 990)
    -ftp-dir string         ftp directory - temporary if not specified
 
 DEBUG:
@@ -381,13 +382,13 @@ We are using GoDaddy for domain name and DigitalOcean droplet for the server, a
 
 ## Configuring Interactsh domain
 
-- Navigate to `https://dcc.godaddy.com/manage/{{domain}}/dns/hosts`
-- Advanced Features → Host names → Add → Submit `ns1`, `ns2` with your `SERVER_IP` as value
+- Navigate to `https://dcc.godaddy.com/control/portfolio/{{domain}}/settings?subtab=hostnames`
+- Add → Submit `ns1`, `ns2` with your `SERVER_IP` as value
 
 <img width="1288" alt="gdd-hostname" src="https://user-images.githubusercontent.com/8293321/135175512-135259fb-0490-4038-845a-0b62b1b8f549.png">
 
-- Navigate to `https://dns.godaddy.com/{{domain}}/nameservers`
-- I'll use my own nameservers &rarr; Submit `ns1.INTERACTSH_DOMAIN`, `ns2.INTERACTSH_DOMAIN`
+- Navigate to `https://dcc.godaddy.com/control/dnsmanagement?domainName={{domain}}&subtab=nameservers`
+- Change Nameservers &rarr; I'll use my own nameservers &rarr; Submit `ns1.INTERACTSH_DOMAIN`, `ns2.INTERACTSH_DOMAIN`
 
 <img width="1288" alt="gdd-ns" src="https://user-images.githubusercontent.com/8293321/135175627-ea9639fd-353d-441b-a9a4-dae7f540d0ae.png">
 
@@ -744,7 +745,7 @@ interactsh-server -d hackwithautomation.com -cert hackwithautomation.com.crt -pr
 
 ### FTP
 
-FTP support can be enabled with the `-ftp` flag and is recommended for self-hosted instances only. The FTP agent simulates a fully-functional FTP server agent with authentication that captures authentications with every file operation. By default, the agent listens on port 21 (this can be changed with the `-ftp-port` flag) and lists in read-only mode the content of the OS default temporary directory (customizable with the `-ftp-dir` option).
+FTP support can be enabled with the `-ftp` flag and is recommended for self-hosted instances only. The FTP agent simulates a fully-functional FTP server agent with authentication that captures authentications with every file operation. By default, the agent listens for clear text FTP on port 21 (this can be changed with the `-ftp-port` flag) and tls FTP on port 990 (this can be changed with the `-ftps-port` flag) and lists in read-only mode the content of the OS default temporary directory (customizable with the `-ftp-dir` option). The ftp engine uses the custom certificate and private key if provided or it will extract the certificate and private key from the first acme domain if provided.
 Example of starting the FTP daemon and capturing a login interaction:
 
 ```console

cmd/interactsh-server/main.go

@@ -92,6 +92,7 @@ func main() {
 		flagSet.BoolVar(&cliOptions.Ftp, "ftp", false, "start ftp agent (authenticated)"),
 		flagSet.IntVar(&cliOptions.SmbPort, "smb-port", 445, "port to use for smb service"),
 		flagSet.IntVar(&cliOptions.FtpPort, "ftp-port", 21, "port to use for ftp service"),
+		flagSet.IntVar(&cliOptions.FtpsPort, "ftps-port", 990, "port to use for ftps service"),
 		flagSet.StringVar(&cliOptions.FTPDirectory, "ftp-dir", "", "ftp directory - temporary if not specified"),
 	)
 
@@ -257,7 +258,11 @@ func main() {
 	go dnsTcpServer.ListenAndServe(dnsTcpAlive)
 	go dnsUdpServer.ListenAndServe(dnsUdpAlive)
 
-	var tlsConfig *tls.Config
+	var (
+		tlsConfig   *tls.Config
+		domainCerts []tls.Certificate
+		certFiles   []acme.CertificateFiles
+	)
 	switch {
 	case cliOptions.CertificatePath != "" && cliOptions.PrivateKeyPath != "":
 		var domain string
@@ -275,7 +280,8 @@ func main() {
 		for idx, domain := range cliOptions.Domains {
 			trimmedDomain := strings.TrimSuffix(domain, ".")
 			hostmaster := serverOptions.Hostmasters[idx]
-			domainCerts, acmeErr := acme.HandleWildcardCertificates(fmt.Sprintf("*.%s", trimmedDomain), hostmaster, acmeStore, cliOptions.Debug)
+			var acmeErr error
+			domainCerts, certFiles, acmeErr = acme.HandleWildcardCertificates(fmt.Sprintf("*.%s", trimmedDomain), hostmaster, acmeStore, cliOptions.Debug)
 			if acmeErr != nil {
 				gologger.Error().Msgf("An error occurred while applying for a certificate, error: %v", acmeErr)
 				gologger.Error().Msgf("Could not generate certs for auto TLS, https will be disabled")
@@ -290,6 +296,9 @@ func main() {
 		}
 	}
 
+	serverOptions.Certificates = domainCerts
+	serverOptions.CertFiles = certFiles
+
 	// manually cleans up stale OCSP from storage
 	acme.CleanupStorage()
 
@@ -318,12 +327,13 @@ func main() {
 	defer ldapServer.Close()
 
 	ftpAlive := make(chan bool)
+	ftpsAlive := make(chan bool)
 	if cliOptions.Ftp {
 		ftpServer, err := server.NewFTPServer(serverOptions)
 		if err != nil {
 			gologger.Fatal().Msgf("Could not create FTP server: %s", err)
 		}
-		go ftpServer.ListenAndServe(tlsConfig, ftpAlive) //nolint
+		go ftpServer.ListenAndServe(tlsConfig, ftpAlive, ftpsAlive) //nolint
 	}
 
 	responderAlive := make(chan bool)
@@ -385,6 +395,10 @@ func main() {
 				service = "FTP"
 				network = "TCP"
 				port = serverOptions.FtpPort
+			case status = <-ftpsAlive:
+				service = "FTPS"
+				network = "TCP"
+				port = serverOptions.FtpsPort
 			case status = <-responderAlive:
 				service = "Responder"
 				network = "TCP"

cmd/interactsh-server/smb_server.py

@@ -1,6 +1,11 @@
 import sys
 from impacket import smbserver
 
+def configure_shares(server):
+    shares = ["IPC$", "ADMIN$", "C$", "PRINT$", "FAX$", "NETLOGON", "SYSVOL"]
+    for share in shares:
+        server.removeShare(share)
+
 log_filename = "log.txt"
 if len(sys.argv) >= 2:
     log_filename = sys.argv[1]
@@ -10,7 +15,7 @@
 
 server = smbserver.SimpleSMBServer(listenAddress="0.0.0.0", listenPort=port)
 server.setSMB2Support(True)
-server.addShare("interactsh", "/interactsh")
+configure_shares(server)
 server.setSMBChallenge('')
 server.setLogFile(log_filename)
 server.start()

go.mod

@@ -14,16 +14,16 @@ require (
 	github.com/mackerelio/go-osstat v0.2.4
 	github.com/miekg/dns v1.1.56
 	github.com/pkg/errors v0.9.1
-	github.com/projectdiscovery/asnmap v1.0.6
-	github.com/projectdiscovery/goflags v0.1.40
+	github.com/projectdiscovery/asnmap v1.1.0
+	github.com/projectdiscovery/goflags v0.1.54
 	github.com/projectdiscovery/gologger v1.1.12
 	github.com/projectdiscovery/ldapserver v1.0.2-0.20240219154113-dcc758ebc0cb
-	github.com/projectdiscovery/retryabledns v1.0.56
-	github.com/projectdiscovery/retryablehttp-go v1.0.48
-	github.com/projectdiscovery/utils v0.0.78
+	github.com/projectdiscovery/retryabledns v1.0.62
+	github.com/projectdiscovery/retryablehttp-go v1.0.63
+	github.com/projectdiscovery/utils v0.1.1
 	github.com/remeh/sizedwaitgroup v1.0.0
 	github.com/rs/xid v1.5.0
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	github.com/syndtr/goleveldb v1.0.0
 	go.uber.org/multierr v1.11.0
 	go.uber.org/ratelimit v0.3.0
@@ -50,16 +50,17 @@ require (
 	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/denisbrodbeck/machineid v1.0.1 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/dlclark/regexp2 v1.8.1 // indirect
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
 	github.com/fatih/color v1.15.0 // indirect
 	github.com/gaukas/godicttls v0.0.4 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/go-github/v30 v30.1.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
 	github.com/klauspost/compress v1.16.7 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
@@ -68,6 +69,7 @@ require (
 	github.com/logrusorgru/aurora v2.0.3+incompatible // indirect
 	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
@@ -83,15 +85,19 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/pierrec/lz4/v4 v4.1.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/projectdiscovery/blackrock v0.0.1 // indirect
-	github.com/projectdiscovery/fastdialer v0.0.59 // indirect
-	github.com/projectdiscovery/hmap v0.0.39 // indirect
-	github.com/projectdiscovery/mapcidr v1.1.16 // indirect
-	github.com/projectdiscovery/networkpolicy v0.0.7 // indirect
+	github.com/projectdiscovery/fastdialer v0.1.1 // indirect
+	github.com/projectdiscovery/hmap v0.0.45 // indirect
+	github.com/projectdiscovery/machineid v0.0.0-20240226150047-2e2c51e35983 // indirect
+	github.com/projectdiscovery/mapcidr v1.1.34 // indirect
+	github.com/projectdiscovery/networkpolicy v0.0.8 // indirect
 	github.com/quic-go/quic-go v0.42.0 // indirect
 	github.com/refraction-networking/utls v1.5.4 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
+	github.com/shirou/gopsutil/v3 v3.23.7 // indirect
+	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/tidwall/btree v1.6.0 // indirect
 	github.com/tidwall/buntdb v1.3.0 // indirect
 	github.com/tidwall/gjson v1.14.4 // indirect
@@ -100,13 +106,16 @@ require (
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/tidwall/rtred v0.1.2 // indirect
 	github.com/tidwall/tinyqueue v0.1.1 // indirect
+	github.com/tklauser/go-sysconf v0.3.12 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
-	github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6 // indirect
 	github.com/weppos/publicsuffix-go v0.30.1-0.20230422193905-8fecedd899db // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/yl2chen/cidranger v1.0.2 // indirect
 	github.com/yuin/goldmark v1.5.4 // indirect
 	github.com/yuin/goldmark-emoji v1.0.1 // indirect
+	github.com/yusufpapurcu/wmi v1.2.4 // indirect
+	github.com/zcalusic/sysinfo v1.0.2 // indirect
 	github.com/zeebo/blake3 v0.2.3 // indirect
 	github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248 // indirect
 	github.com/zmap/zcrypto v0.0.0-20230422215203-9a665e1e9968 // indirect
@@ -117,6 +126,7 @@ require (
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/oauth2 v0.11.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect