Validate, decode, and extract OAST (Out-of-Band Application Security Testing) domains in SQL
Installing and Loading
INSTALL oast FROM community;
LOAD oast;
Example
-- Check if a domain is a valid OAST callback
SELECT oast_validate('c58bduhe008dovpvhvugcfemp9yyyyyyn.oast.pro') AS is_oast;
-- Decode OAST metadata (timestamp, machine ID, campaign)
SELECT oast_struct('c58bduhe008dovpvhvugcfemp9yyyyyyn.oast.pro').*;
-- Extract OAST domains from arbitrary text
SELECT oast_extract('GET /c58bduhe008dovpvhvugcfemp9yyyyyyn.oast.pro HTTP/1.1');
About oast
The oast extension provides functions for working with OAST (Out-of-Band Application Security Testing) domains directly in SQL. OAST domains are used by security testing tools like ProjectDiscovery Interactsh to detect out-of-band interactions during vulnerability scanning.
Functions include validation (oast_validate), metadata decoding (oast_struct, oast_decode_json), domain extraction from text (oast_extract, oast_extract_decode), and convenience macros for field access (oast_campaign, oast_timestamp, oast_ksort, oast_machine_id).
Supports domains from: oast.pro, oast.live, oast.site, oast.online, oast.fun, oast.me, interact.sh, interactsh.com.
Pure C implementation with no external dependencies. Uses DuckDB stable C API (v1.2.0+).
Added Functions
| function_name | function_type | description | comment | examples |
|---|---|---|---|---|
| oast_campaign | macro | NULL | NULL | |
| oast_count | macro | NULL | NULL | |
| oast_decode_json | scalar | NULL | NULL | |
| oast_extract | scalar | NULL | NULL | |
| oast_extract_decode | scalar | NULL | NULL | |
| oast_extract_structs | macro | NULL | NULL | |
| oast_has_oast | macro | NULL | NULL | |
| oast_ksort | macro | NULL | NULL | |
| oast_machine_id | macro | NULL | NULL | |
| oast_struct | macro | NULL | NULL | |
| oast_summary | macro | NULL | NULL | |
| oast_timestamp | macro | NULL | NULL | |
| oast_validate | scalar | NULL | NULL |