Introduction

DNSBin is a tool to test data exfiltration through DNS. It's helpful for testing out of band attacks when testers try to prove that they can execute commands on a targeted server by connecting to a public domain.

Usage

  • Generate a random string like iuhwqerojisdf234df
  • Perform a ping, dig, nslookup, etc to the domain iuhwqerojisdf234df.test.dnsbin.net. Note that you have to replace the random string with your string.
  • DNSBin will receive your DNS query and you can check whether it is successful or not by requesting to https://dnsbin.net/verify/test/iuhwqerojisdf234df. You get the status true if the command is executed successfully and get false for the failed command.
                                      
    curl https://dnsbin.net/verify/test/iuhwqerojisdf234df

    {"status": true}