Interlace: A Tool to Easily Automate and Multithread Your Pentesting & Bug Bounty Workflow Without Any Coding

Image result for productivity hacking

Before we start, I need to get something off my chest. I’m an efficiency junkie. I’m one of those people who spends 4 hours configuring the perfect tmux/vim/sublime/bash configuration to save 4 milliseconds on a common task. If I could take one skill into the afterlife it would be automation. One of the ultimate hard-truths in my life is that efficiency does not equal productivity.

I would be generally more productive if I spent more time on actually doing things and less time on trying to improve efficiency. But hey, if I write blog posts about efficiency hacks, at least you can improve your productivity while I suffer in the depths of minor efficiency gains hell. You’re welcome.

If you so much as dabble in Information Security, you probably have your “tool bag” — a stack of your favourite go-to hacking tools that feel like a pair of worn-in jeans. You know the arguments better than you know your parents, and they just… work. You may have even written a few scripts to automate some of the boring legwork or check for extra vulnerabilities.

Here’s the problem though — some of these tools are slow. That script you wrote back in 2008 is slower than peak hour traffic and it definitely isn’t multi-threaded. Scanning a /16 subnet? You better leave your laptop open for the next 48 hours. Running Nikto on 100 web servers? It doesn’t have CIDR support, so now you need to either run it manually 100 times for each host or write a script to cycle through all the targets and visit some Antarctic penguins while you wait for it to finish.

Enter Interlace. A nice little project to easily turn a single threaded command line application into a fast, multi-threaded application with CIDR and glob support.

This project was created by codingo and sml555, two of my tightest internet homies. They gave me early access to the tool and it has since become a central part of my workflow. It was only released a month or two ago and hasn’t gained the popularity it deserves yet. Any tool that reduces the painful, monotonous boring part of pentesting is bound to become popular.

Interlace: Basic Usage

Let’s say we need to run Nikto (a basic, free web server vulnerability scanner) over a list of hosts:

luke$ cat targets.txt
hackerone.com
bugcrowd.com
yahoo.com
google.com

For an external pentest or bug bounty scope, you might have thousands of hosts. For the sake of this article, we’re going to keep this one simple with four hosts. Before Interlace graced the internet, to run Nikto over a list of hosts, I might have run each host separately like this:

nikto --host hackerone.com > ./hackerone.com-nikto.txt; 
nikto --host bugcrowd.com > ./bugcrowd.com-nikto.txt;
nikto --host yahoo.com > ./yahoo.com-nikto.txt;
nikto --host google.com > ./hackerone.com-google.com;

If I were scanning 1000 hosts, that would take too long to write out, so I might have used some bash scripting instead:

while read line; do
nikto --host $line > ./$line-nikto.txt;
done < targets.txt

Problem? It’s still single threaded and too slow. Especially if, like me, you are suffering from ridiculously slow internet speeds in Australia. This is a great example of a situation where Interlace excels:

luke$ interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_ > ./_target_-nikto.txt" -v
==============================================
Interlace v1.2 by Michael Skelton (@codingo_)
==============================================
[13:06:16] [VERBOSE] [nikto --host yahoo.com > ./yahoo.com-nikto.txt] Added after processing
[13:06:16] [VERBOSE] [nikto --host google.com > ./google.com-nikto.txt] Added after processing
[13:06:16] [VERBOSE] [nikto --host hackerone.com > ./hackerone.com-nikto.txt] Added after processing
[13:06:16] [VERBOSE] [nikto --host bugcrowd.com > ./bugcrowd.com-nikto.txt] Added after processing
[13:06:16] [THREAD] [nikto --host google.com > ./google.com-nikto.txt] Added to Queue
[13:06:16] [THREAD] [nikto --host hackerone.com > ./hackerone.com-nikto.txt] Added to Queue
[13:06:16] [THREAD] [nikto --host bugcrowd.com > ./bugcrowd.com-nikto.txt] Added to Queue
[13:06:16] [THREAD] [nikto --host yahoo.com > ./yahoo.com-nikto.txt] Added to Queue

Let’s break this down a bit — here’s the command I ran:

interlace -tL ./targets.txt -threads 5 -c "nikto --host _target_ > ./_target_-nikto.txt" -v
  • interlace is the name of the tool.
  • -tL ./targets.txt defines a file with a list of hosts.
  • -threads 5 defines the number of threads.
  • -c should be immediately followed by the command you want to run.
  • "nikto --host _target_ > ./_target_-nikto.txt" is the actual command which will be run, note that instances of _target_ will be replaced with each line in the ./targets.txt file.
  • -v makes it verbose.

Interlace will now run 5 instances of Nikto simultaneously over all the hosts in your targets.txt file! It’s a single command, it’s fast, and it’s easy. You now have more time to do important things like browse Reddit.

Bonus Round: Command Lists and Directory Sorting

So now you’ve got Interlace running Nikto, but you still have that little efficiency-addicted busy-bee in your ear whispering “more automation, more speeeeed”. Let’s take it a step further.

If you are hoping to find any bugs at all, you probably want to do more than just run Nikto. You might want to run 20 tools over each target. Running a new instance of Interlace for every command is what a half-efficient loser would do. You’re better than that.

First let’s make a list of commands we wish to run over every target:

luke$ cat commands.txt
nikto --host _target_:_port_ > _output_/_target_-nikto.txt
sslscan _target_:_port_ > _output_/_target_-sslscan.txt
testssl.sh _target_:_port_ > _output_/_target_-testssl.txt

Note the following variables:

  • _target_ will be replaced with the targets in the specified targets file.
  • _port_ will be replaced each port number specified on the command line.
  • _output_ will be replaced with the output directory specified on the command line.

Here’s the magic command:

interlace -tL ./targets.txt -o ~/engagement -cL ./commands.txt -p 80,443 -threads 5

The command above will run all the commands in commands.txt against all the targets in targets.txt on ports 80 and 443. Everything will be multithreaded and the output will be sorted into separate text files within the ~/engagement folder. Did you just read that?! This is every productivity-enthusiast/hacker’s dream come true. It’s like a one-click super hacking productivity chuck norris ninja tool. Go use it!

Download the tool and checkout the documentation here.

If you enjoyed this, follow me on Twitter.