ProjectDiscovery
Replies: 2 comments
-
|
hey @ocervell , yea u can actually just set if both the flag and the env var are present, the env var usually wins (or at if u run if that solves it mark it as answer, |
Beta Was this translation helpful? Give feedback.
-
|
Hi @ocervell Thanks for bringing this up. You have highlighted a very valid security point—passing sensitive credentials like -itoken directly via command-line arguments is indeed an anti-pattern. It leaves the token exposed to process monitoring tools (e.g., ps, top, /proc filesystem) and shell history logs. While implementing a fallback to an INTERACTSH_TOKEN environment variable is an excellent feature request, you can actually resolve this exposure issue immediately by utilizing Nuclei's native YAML configuration engine. You can securely persist your custom Interactsh server and token inside your config.yaml file (typically located at $HOME/.config/nuclei/config.yaml). Simply append the following key-value pairs to the config: # ~/.config/nuclei/config.yaml
interactsh-url: "https://your-custom-interactsh-url.com"
interactsh-token: "your-secure-token"Once defined, the Nuclei engine will automatically parse and load these parameters at runtime during initialization, completely eliminating the need to pass -iserver or -itoken in your CLI execution string. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I use the
-iserverand-itokenflags to pass a custom InteractSH URL / token, but can the latter be passed through other means (like env variable) ? The resulting cmdline will have the token in the cmd, which can be problematic on some envs and lack basic security.Having a default that pulls from 'INTERACTSH_TOKEN' env variable would be nice, what do you think ?
Beta Was this translation helpful? Give feedback.
All reactions