fix(interactsh): dedupe interactions results

dwisiswant0 · dwisiswant0 · commit f4b78e74306a · 2026-01-20T21:03:54.000+07:00
Add per-interaction deduplication cache to avoid
processing the same interaction multiple times,
which can occur due to DNS case variations or
repeated polling.

Signed-off-by: Dwi Siswanto &lt;git@dw1.io&gt;
diff --git a/pkg/protocols/common/interactsh/interactsh.go b/pkg/protocols/common/interactsh/interactsh.go
@@ -43,6 +43,8 @@ type Client struct {
 	matchedTemplates gcache.Cache[string, bool]
 	// interactshURLs is a stored cache to track multiple interactsh markers
 	interactshURLs gcache.Cache[string, string]
+	// processedInteractions is a cache for interactions already processed
+	processedInteractions gcache.Cache[string, bool]
 
 	eviction         time.Duration
 	pollDuration     time.Duration
@@ -61,16 +63,18 @@ func New(options *Options) (*Client, error) {
 	interactionsCache := gcache.New[string, []*server.Interaction](defaultMaxInteractionsCount).LRU().Build()
 	matchedTemplateCache := gcache.New[string, bool](defaultMaxInteractionsCount).LRU().Build()
 	interactshURLCache := gcache.New[string, string](defaultMaxInteractionsCount).LRU().Build()
+	processedInteractionsCache := gcache.New[string, bool](defaultMaxInteractionsCount).LRU().Build()
 
 	interactClient := &Client{
-		eviction:         options.Eviction,
-		interactions:     interactionsCache,
-		matchedTemplates: matchedTemplateCache,
-		interactshURLs:   interactshURLCache,
-		options:          options,
-		requests:         requestsCache,
-		pollDuration:     options.PollDuration,
-		cooldownDuration: options.CooldownPeriod,
+		eviction:              options.Eviction,
+		interactions:          interactionsCache,
+		matchedTemplates:      matchedTemplateCache,
+		interactshURLs:        interactshURLCache,
+		processedInteractions: processedInteractionsCache,
+		options:               options,
+		requests:              requestsCache,
+		pollDuration:          options.PollDuration,
+		cooldownDuration:      options.CooldownPeriod,
 	}
 	return interactClient, nil
 }
@@ -165,6 +169,10 @@ func (c *Client) processInteractionForRequest(interaction *server.Interaction, d
 	data.Event.InternalEvent["interactsh_ip"] = interaction.RemoteAddress
 	data.Event.Unlock()
 
+	if !c.shouldProcessInteraction(interaction) {
+		return false
+	}
+
 	if data.Operators != nil {
 		result, matched = data.Operators.Execute(data.Event.InternalEvent, data.MatchFunc, data.ExtractFunc, c.options.Debug || c.options.DebugRequest || c.options.DebugResponse)
 	} else {
@@ -276,6 +284,7 @@ func (c *Client) Close() bool {
 	c.interactions.Purge()
 	c.matchedTemplates.Purge()
 	c.interactshURLs.Purge()
+	c.processedInteractions.Purge()
 
 	return c.matched.Load()
 }
@@ -468,6 +477,38 @@ func (c *Client) setHostname(hostname string) {
 	c.hostname = hostname
 }
 
+func (c *Client) shouldProcessInteraction(interaction *server.Interaction) bool {
+	key := interactionCacheKey(interaction)
+	if key == "" {
+		return true
+	}
+
+	c.Lock()
+	defer c.Unlock()
+
+	if _, err := c.processedInteractions.Get(key); err == nil {
+		return false
+	}
+	_ = c.processedInteractions.SetWithExpire(key, true, defaultInteractionDuration)
+
+	return true
+}
+
+func interactionCacheKey(interaction *server.Interaction) string {
+	if interaction == nil {
+		return ""
+	}
+
+	uniqueID := strings.ToLower(interaction.UniqueID)
+	if uniqueID == "" {
+		return ""
+	}
+
+	protocol := strings.ToLower(interaction.Protocol)
+
+	return uniqueID + ":" + protocol
+}
+
 // GetHostname returns the configured interactsh server hostname.
 func (c *Client) GetHostname() string {
 	return c.getHostname()
