projectdiscovery
diff --git a/‎.github/workflows/stale.yml‎
Lines changed: 41 additions & 0 deletions b/‎.github/workflows/stale.yml‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 54 additions & 23 deletions b/‎README.md‎
Lines changed: 54 additions & 23 deletions
diff --git a/‎cmd/benchmark-server/duration-testing/bench.go‎
Lines changed: 3 additions & 1 deletion b/‎cmd/benchmark-server/duration-testing/bench.go‎
Lines changed: 3 additions & 1 deletion
@@ -0,0 +1,41 @@
+name: 💤 Stale
+
+on:
+  schedule:
+    - cron: '0 0 * * 0' # Weekly
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write # only for delete-branch option
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v10
+        with:
+          days-before-stale: 90
+          days-before-close: 7
+          stale-issue-label: "Status: Stale"
+          stale-pr-label: "Status: Stale"
+          stale-issue-message: >
+            This issue has been automatically marked as stale because it has not
+            had recent activity. It will be closed in 7 days if no further
+            activity occurs. Thank you for your contributions!
+          stale-pr-message: >
+            This pull request has been automatically marked as stale due to
+            inactivity. It will be closed in 7 days if no further activity
+            occurs. Please update if you wish to keep it open.
+          close-issue-message: >
+            This issue has been automatically closed due to inactivity. If you
+            think this is a mistake or would like to continue the discussion,
+            please comment or feel free to reopen it.
+          close-pr-message: >
+            This pull request has been automatically closed due to inactivity.
+            If you think this is a mistake or would like to continue working on
+            it, please comment or feel free to reopen it.
+          close-issue-label: "Status: Abandoned"
+          close-pr-label: "Status: Abandoned"
+          exempt-issue-labels: "Status: Abandoned"
+          exempt-pr-labels: "Status: Abandoned"
@@ -28,6 +28,7 @@
 # Features
 
 - DNS/HTTP(S)/SMTP(S)/LDAP Interaction
+- IPv4 and IPv6 support
 - CLI / Web / Burp / ZAP / Docker client
 - AES encryption with zero logging
 - Automatic ACME based Wildcard TLS w/ Auto Renewal
@@ -65,8 +66,8 @@ CONFIG:
    -t, -token string                        authentication token to connect protected interactsh server
    -pi, -poll-interval int                  poll interval in seconds to pull interaction data (default 5)
    -nf, -no-http-fallback                   disable http fallback registration
-   -cidl, -correlation-id-length int        length of the correlation id preamble (default 20)
-   -cidn, -correlation-id-nonce-length int  length of the correlation id nonce (default 13)
+   -cidl, -correlation-id-length int        length of the correlation id preamble (min 3, default 20)
+   -cidn, -correlation-id-nonce-length int  length of the correlation id nonce (min 3, default 13)
    -sf, -session-file string                store/read from session file
 
 FILTER:
@@ -118,7 +119,7 @@ You can configure your PDCP_API_KEY in two ways:
 This will generate a unique payload that can be used for OOB testing with minimal interaction information in the output.
 
 ```console
-interactsh-client
+$ interactsh-client
 
     _       __                       __       __  
    (_)___  / /____  _________ ______/ /______/ /_ 
@@ -144,7 +145,7 @@ interactsh-client
 `interactsh-client` with `-sf, -session-file` flag can be used store/read the current session information from user defined file which is useful to resume the same session to poll the interactions even after the client gets stopped or closed. 
 
 ```console
-interactsh-client -sf interact.session
+$ interactsh-client -sf interact.session
 
     _       __                       __       __  
    (_)___  / /____  _________ ______/ /______/ /_ 
@@ -171,7 +172,7 @@ interactsh-client -sf interact.session
 Running the `interactsh-client` in **verbose mode** (v) to see the whole request and response, along with an output file to analyze afterwards.
 
 ```console
-interactsh-client -v -o interactsh-logs.txt
+$ interactsh-client -v -o interactsh-logs.txt
 
     _       __                       __       __  
    (_)___  / /____  _________ ______/ /______/ /_ 
@@ -262,7 +263,7 @@ docker run projectdiscovery/interactsh-client:latest
 ```
 
 ```console
-docker run projectdiscovery/interactsh-client:latest
+$ docker run projectdiscovery/interactsh-client:latest
 
     _       __                       __       __  
    (_)___  / /____  _________ ______/ /______/ /_ 
@@ -349,17 +350,18 @@ Usage:
 Flags:
 INPUT:
    -d, -domain string[]                     single/multiple configured domain to use for server
-   -ip string                               public ip address to use for interactsh server
+   -ip string[]                             public ip address(es) to use for interactsh server (comma-separated,supports both IPv4 & IPv6)
    -lip, -listen-ip string                  public ip address to listen on (default "0.0.0.0")
    -e, -eviction int                        number of days to persist interaction data in memory (default 30)
    -ne, -no-eviction                        disable periodic data eviction from memory
+   -es, -eviction-strategy string           eviction strategy for interactions (sliding, fixed) (default "sliding")
    -a, -auth                                enable authentication to server using random generated token
    -t, -token string                        enable authentication to server using given token
    -acao-url string                         origin url to send in acao header to use web-client) (default "*")
    -sa, -skip-acme                          skip acme registration (certificate checks/handshake + TLS protocols will be disabled)
    -se, -scan-everywhere                    scan canary token everywhere
-   -cidl, -correlation-id-length int        length of the correlation id preamble (default 20)
-   -cidn, -correlation-id-nonce-length int  length of the correlation id nonce (default 13)
+   -cidl, -correlation-id-length int        length of the correlation id preamble (min 3, default 20)
+   -cidn, -correlation-id-nonce-length int  length of the correlation id nonce (min 3, default 13)
    -cert string                             custom certificate path
    -privkey string                          custom private key path
    -oih, -origin-ip-header string           HTTP header containing origin ip (interactsh behind a reverse proxy)
@@ -370,6 +372,7 @@ CONFIG:
    -dr, -dynamic-resp           enable setting up arbitrary response data
    -cr, -custom-records string  custom dns records YAML file for DNS server
    -hi, -http-index string      custom index file for http server
+   -dhr, -default-http-response string  file to serve for all http requests (takes priority over other options)
    -hd, -http-directory string  directory with files to serve with http server
    -ds, -disk                   disk based storage
    -dsp, -disk-path string      disk storage path
@@ -456,7 +459,7 @@ A number of needed flags are configured automatically to run `interactsh-server`
 ## Running Interactsh Server
 
 ```console
-interactsh-server -domain interact.sh
+$ interactsh-server -domain interact.sh
 
     _       __                       __       __  
    (_)___  / /____  _________ ______/ /______/ /_ 
@@ -481,7 +484,7 @@ interactsh-server -domain interact.sh
 Multiple domain names can be given in the same way as above to run the same interactsh server across multiple **configured domains**.
 
 ```console
-interactsh-server -d oast.pro,oast.me
+$ interactsh-server -d oast.pro,oast.me
 
     _       __                       __       __
    (_)___  / /____  _________ ______/ /______/ /_
@@ -503,6 +506,34 @@ interactsh-server -d oast.pro,oast.me
 [DNS] Listening on UDP 46.101.25.250:53
 ```
 
+## Interactsh Server with IPv4 and IPv6
+
+Interactsh server supports both IPv4 and IPv6 addresses. You can specify multiple IP addresses using the `-ip` flag, and the server will respond with the appropriate A (IPv4) or AAAA (IPv6) records in DNS responses.
+
+```console
+$ interactsh-server -d oast.pro -ip 192.0.2.1,2001:db8::1
+
+    _       __                       __       __
+   (_)___  / /____  _________ ______/ /______/ /_
+  / / __ \/ __/ _ \/ ___/ __ '/ ___/ __/ ___/ __ \
+ / / / / / /_/  __/ /  / /_/ / /__/ /_(__  ) / / /
+/_/_/ /_/\__/\___/_/   \__,_/\___/\__/____/_/ /_/ 1.0.5
+
+                projectdiscovery.io
+
+[INF] Configured IP addresses: 192.0.2.1, 2001:db8::1
+[INF] Listening with the following services:
+[HTTPS] Listening on TCP 46.101.25.250:443
+[HTTP] Listening on TCP 46.101.25.250:80
+[SMTPS] Listening on TCP 46.101.25.250:587
+[LDAP] Listening on TCP 46.101.25.250:389
+[SMTP] Listening on TCP 46.101.25.250:25
+[DNS] Listening on TCP 46.101.25.250:53
+[DNS] Listening on UDP 46.101.25.250:53
+```
+
+The server will automatically detect and categorize IPv4 and IPv6 addresses, returning appropriate DNS records based on the query type.
+
 <table>
 <td>
 
@@ -572,7 +603,7 @@ stream {
 **Configured Domains**
 
 ```console
-interactsh-server -d oast.pro,oast.me
+$ interactsh-server -d oast.pro,oast.me
 
     _       __                       __       __
    (_)___  / /____  _________ ______/ /______/ /_
@@ -598,7 +629,7 @@ interactsh-server -d oast.pro,oast.me
 
 Index page for http server can be customized while running custom interactsh server using `-http-index` flag.
 
-```console
+```bash
 interactsh-server -d hackwithautomation.com -http-index banner.html
 ```
 
@@ -613,7 +644,7 @@ Interactsh http server optionally enables file hosting to help in security testi
 
 To use this feature, `-http-directory` flag can be used which accepts diretory as input and files are served under `/s/` directory.
 
-```console
+```bash
 interactsh-server -d hackwithautomation.com -http-directory ./paylods
 ```
 
@@ -631,7 +662,7 @@ The following query parameter names are supported - `body`, `header`, `status` a
 - **delay** (response time)
 
 ```console
-curl -i 'https://hackwithautomation.com/x?status=307&body=this+is+example+body&delay=1&header=header1:value1&header=header1:value12'
+$ curl -i 'https://hackwithautomation.com/x?status=307&body=this+is+example+body&delay=1&header=header1:value1&header=header1:value12'
 
 HTTP/2 307 
 header1: value1
@@ -656,7 +687,7 @@ this is example body
 To enable `wildcard` interaction for configured Interactsh domain `wildcard` flag can be used with implicit authentication protection via the `auth` flag if the `token` flag is omitted.
 
 ```console
-interactsh-server -domain hackwithautomation.com -wildcard
+$ interactsh-server -domain hackwithautomation.com -wildcard
 
     _       __                       __       __  
    (_)___  / /____  _________ ______/ /______/ /_ 
@@ -682,7 +713,7 @@ interactsh-server -domain hackwithautomation.com -wildcard
 As default, Interactsh server support LDAP interaction for the payload included in [search query](https://ldapwiki.com/wiki/LDAP%20Query%20Examples), additionally `ldap` flag can be used for complete logging.
 
 ```console
-interactsh-server -domain hackwithautomation.com -sa -ldap
+$ interactsh-server -domain hackwithautomation.com -sa -ldap
 
     _       __                       __       __  
    (_)___  / /____  _________ ______/ /______/ /_ 
@@ -707,7 +738,7 @@ The length of the interactsh payload is **33** by default, consisting of **20**
 
 
 ```console
-interactsh-server -d hackwithautomation.com -cidl 4 -cidn 6
+$ interactsh-server -d hackwithautomation.com -cidl 4 -cidn 6
 
     _       __                       __       __  
    (_)___  / /____  _________ ______/ /______/ /_ 
@@ -731,7 +762,7 @@ interactsh-server -d hackwithautomation.com -cidl 4 -cidn 6
 **Note:** It is important and required to use same length on both side (**client** and **server**), otherwise co-relation will not work.
 
 ```console
-interactsh-client -s hackwithautomation.com -cidl 4 -cidn 6
+$ interactsh-client -s hackwithautomation.com -cidl 4 -cidn 6
 
     _       __                       __       __  
    (_)___  / /____  _________ ______/ /______/ /_ 
@@ -753,7 +784,7 @@ The [certmagic](https://github.com/caddyserver/certmagic) library is used by def
 
 
 ```console
-interactsh-server -d hackwithautomation.com -cert hackwithautomation.com.crt -privkey hackwithautomation.com.key
+$ interactsh-server -d hackwithautomation.com -cert hackwithautomation.com.crt -privkey hackwithautomation.com.key
 
     _       __                       __       __  
    (_)___  / /____  _________ ______/ /______/ /_ 
@@ -810,14 +841,14 @@ $ sudo interactsh-server -smb -skip-acme -debug -domain localhost
 ### Responder
 [Responder](https://github.com/lgandx/Responder) is wrapped in a docker container exposing various service ports via docker port forwarding. The interactions are retrieved by monitoring the shared log file `Responder-Session.log` in the temp folder. To use it on a self-hosted instance, it's necessary first to build the docker container and tag it as `interactsh`(docker daemon must be configured correctly and with port forwarding capabilities):
 
-```console
+```bash
 docker build . -t interactsh
 ```
 
 Then run the service with:
 
-```console
-$ sudo interactsh-server -responder -d localhost
+```bash
+sudo interactsh-server -responder -d localhost
 ```
 
 On default settings, the daemon listens on the following ports:
 
@@ -109,7 +109,9 @@ func startClient(idx int) {
 				log.Printf("client %d failed to send http request\n", idx)
 			} else if resp != nil {
 				_, _ = io.Copy(io.Discard, resp.Body)
-				resp.Body.Close()
+				if err := resp.Body.Close(); err != nil {
+					log.Printf("Error closing response body: %v\n", err)
+				}
 				log.Printf("Client %d sent HTTP request: %d\n", idx, resp.StatusCode)
 			}