Provides an MCP server implementation that exposes ProjectDiscovery's interactsh service for out-of-band interaction testing, including session management, polling for DNS/HTTP callbacks, and encryption/decryption of interaction data.
A vibe code MCP Interactsh Bridge
This project exposes ProjectDiscovery's interactsh as a Model Context Protocol server implemented in Node.js. It lets MCP-compatible IDEs or agents provision interactsh sessions, poll for out-of-band interactions, and tear them down without modifying the upstream interactsh codebase.
Features
Session provisioning – Generates RSA key pairs, registers with the public interactsh fleet, and returns ready-to-use callback domains.
Polling & decryption – Retrieves encrypted interaction data and decrypts it locally using the session's private key.
Lifecycle management – Lists cached sessions and deregisters them when finished.
Demo script –
npm run demo
spins up a session, issues a real HTTP probe, and prints the captured DNS/HTTP events.
Requirements
Node.js 18 or newer (tested on Node 20.19)
Network access to the interactsh fleet (defaults to
https://oast.pro
)
Installation (local)
Run via npx
You can also pass environment variables inline:
Usage
Run the MCP server
The MCP server communicates over stdio. Configure your MCP-compatible client (e.g. Claude Code, VS Code MCP, Cursor) to launch:
Optional environment variables:
Variable | Default | Description |
|
| Base URL of the interactsh server to target. |
| host derived from
| Domain suffix used to build callback hosts. Override when using a custom interactsh deployment. |
| (unset) | Authorization token if your interactsh server enforces auth. |
Available MCP tools
create_interactsh_session
– Registers a new session and returns correlation ID, secret key, PEM private key, callback domain, server URL, plus explicit probe instructions.Probing rules:
Build host as
<correlation_id><nonce13>.<domain>
.correlation_id
is exactly 20 lowercase hex chars; do not alter or truncate.nonce13
is exactly 13 lowercase alphanumeric chars[a-z0-9]
.The label before the first dot must be 33 chars total (20 + 13).
Requests to
<correlation_id>.<domain>
(no nonce) are ignored by interactsh.Prefer plain HTTP for probes. Wait 2–3 seconds, then poll for events.
list_interactsh_sessions
– Lists all sessions cached in memory for the current MCP process.poll_interactsh_session
– Polls interactsh for new interactions, returning decrypted events. Optional arguments let you filter bymethod
,path_contains
,query_contains
,protocol
, ortext_contains
to focus on specific callbacks.deregister_interactsh_session
– Deregisters the session and removes it from local state.
Configure in Claude Code (JSON)
Claude Code supports MCP servers over stdio. If you prefer to configure via JSON, add an entry like the following in your Claude Code settings (Settings → MCP Servers or the equivalent config file):
If you prefer to use a local path (without npx), use:
Configure in Codex (TOML)
Codex reads MCP server configuration from ~/.codex/config.toml
. Add an entry like the following:
If you prefer to reference a local clone instead of npx:
You can verify the configuration with:
License
Released under the MIT License. See LICENSE
for details.
Credits
This bridge builds on the excellent work by ProjectDiscovery. See the original interactsh project:
Interactsh repository: https://github.com/projectdiscovery/interactsh
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Tools
Enables out-of-band interaction testing by integrating ProjectDiscovery's interactsh service as an MCP server. Allows AI agents to create callback domains, send probes, and capture DNS/HTTP interactions for security testing and verification workflows.