← Back to All Scanners
Network & ProtocolHigh Severity

DNS Rebinding Scanner

Identifies vulnerabilities to DNS rebinding attacks.

Try This Scanner

What is DNS Rebinding?

DNS Rebinding attacks exploit how browsers enforce same-origin policy using DNS. Attackers control DNS to first return their server's IP, then quickly change to an internal IP (127.0.0.1, 192.168.x.x). JavaScript from the attacker's page can then access internal services as if same-origin, bypassing network segmentation.

Why is This Important?

DNS rebinding bypasses firewalls and network segmentation by using the victim's browser as a proxy. It can access internal services, admin panels, IoT devices, and cloud metadata endpoints. The attack requires only that a victim visit a malicious website while on an internal network.

How It Works

1. Network Discovery

Scans and fingerprints network services, identifying open ports, protocols, and service versions.

2. Protocol Analysis

Tests protocol implementations for misconfigurations, weak encryption, and known vulnerabilities.

3. Infrastructure Assessment

Provides comprehensive network security posture with prioritized remediation recommendations.

Key Capabilities

Enterprise network security assessment covering infrastructure, protocols, and service configurations.

  • Comprehensive port and service discovery
  • Protocol-specific vulnerability checks
  • TLS/SSL configuration analysis
  • Legacy protocol detection and assessment
  • Network segmentation validation

Frequently Asked Questions

How does DNS rebinding work technically?

1) Victim visits evil.com, 2) DNS returns attacker IP with short TTL, 3) page loads with JavaScript, 4) DNS immediately changes to 192.168.1.1, 5) JavaScript makes requests to 'evil.com' (same origin), 6) requests go to internal IP but bypass same-origin checks.

What can attackers access with DNS rebinding?

Targets include: router admin panels, IoT devices, internal web applications, development servers, Docker APIs, cloud metadata (169.254.169.254), and any service accessible from the victim's network position. Essentially, anything the victim's browser can reach.

How do browsers try to prevent DNS rebinding?

Modern browsers implement DNS pinning (caching DNS longer than TTL), but it's inconsistent. Some ignore TTL=0. Private IP filtering in DNS responses (DNS rebinding protection) is emerging but not universal. Browser mitigations are incomplete.

How do I protect services from DNS rebinding?

Validate Host header against allowlist (reject unknown hosts), implement proper authentication (don't rely on network location), use TLS with valid certificates (attacker can't get cert for your internal domain), and consider internal DNS filtering to block private IPs from public lookups.

Related Scanners

TCP Port ScanningInfo
Learn more →
UDP Port ScanningInfo
Learn more →
Service FingerprintingInfo
Learn more →
TLS/SSL ConfigurationMedium
Learn more →

Ready to secure your application?

Start testing for dns rebinding vulnerabilities today.

Get Started Free