Home

Awesome

Singularity of Origin

Recent updates:

Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine.

It also ships with sample payloads to exploit several vulnerable software versions, from the simple capture of a home page to performing remote code execution. It aims at providing a framework to facilitate the exploitation of software vulnerable to DNS rebinding attacks and to raise awareness on how they work and how to protect from them.

Detailed documentation is on the wiki pages.

Core Features

Singularity Manager Interface

Singularity Manager Interface

Hook and Control a Vulnerable Application on Localhost or Other Hosts

Fetch an application home page

Automate the Scan and Compromise of All Vulnerables Applications

Fetch an application home page

Usage

Setting up Singularity requires a DNS domain name where you can edit your own DNS records for your domain and a Linux server to run it. Please see the setup singularity wiki page for detailed instructions.

The documentation is on the wiki pages. Here are a few pointers to start:

A test instance is available for demo purposes at http://rebind.it:8080/manager.html.

Speed

Singularity has been tested to work with the following browsers in optimal conditions in under 3 seconds:

BrowserOperating SystemTime to ExploitRebinding StrategyFetch IntervalTarget Specification
ChromeWindows 10<s>~3s</s>Multiple answers (fast)1s127.0.0.1
EdgeWindows 10<s>~3s</s>Multiple answers (fast)1s127.0.0.1
FirefoxWindows 10~3sMultiple answers (fast)1s127.0.0.1
ChromiumUbuntu~3sMultiple answers (fast)1s0.0.0.0
FirefoxUbuntu~3sMultiple answers (fast)1s0.0.0.0
ChromemacOS~3sMultiple answers (fast)1s0.0.0.0
FirefoxmacOS~3sMultiple answers (fast)1s0.0.0.0
SafarimacOS~3sMultiple answers (fast)1s0.0.0.0

Payloads Description

Singularity supports the following attack payloads: