Pi-Hole

pi-hole.net Server/ VM/ Pi

Awesome Privacy ➔ Networking ➔ Ad Blockers ➔ Pi-Hole

Incredibly powerful, network-wide ad-blocker. Works out-of-the-box, light-weight with an intuitive web interface, but still allows for a lot of advanced configuration for power users. As well as blocking ads and trackers, Pi-Hole speeds up your network speeds quite significantly. The dashboard has detailed statistics, and makes it easy to pause/ resume Pi-Hole if needed.

Homepage: pi-hole.net
GitHub: github.com/pi-hole/pi-hole
Web info: web-check.xyz/check/pi-hole.net

Open Source

Pi-Hole Source Code

Author

pi-hole

Description

A black hole for Internet advertisements

#ad-blocker#blocker#cloud#dashboard#dhcp#dhcp-server#dns-server#dnsmasq#pi-hole#raspberry-pi#shell

Homepage

https://pi-hole.net

License

NOASSERTION

Created

08 Jun 14

Last Updated

16 Jun 26

Latest version

v6.4.2

Primary Language

Shell

Size

9,143 KB

Stars

59,316

Forks

3,228

Watchers

59,316

Language Usage

Star History

Top Contributors

Recent Commits

Adam Warner (24 Apr 26)
Pi-hole Core v6.4.2 (#6610)
Adam Warner (24 Apr 26)
Merge commit from fork hardcode PID file path in service hooks
Adam Warner (24 Apr 26)
Improve gravity error message including curl exit code and errormsg (#6605)
RD WebDesign (21 Apr 26)
Use semicolon as separator for the returned values Co-authored-by: casperklein <[email protected]> Signed-off-by: RD WebDesign <[email protected]>
RD WebDesign (21 Apr 26)
Apply suggestions from code review Note: use short flags for some commands, to keep Busybox compatibility Co-authored-by: Dan Schaper <[email protected]> Signed-off-by: RD WebDesign <[email protected]>
Adam Warner (20 Apr 26)
add logrotate to DEB and RPM dependencies (#6524)
RD WebDesign (20 Apr 26)
Add comment explaining the code used to compare versions Signed-off-by: RD WebDesign <[email protected]>
darkexplosiveqwx (20 Apr 26)
Merge branch 'development' into logrotate Conflicts resolved: automated install/basic-install.sh Signed-off-by: darkexplosiveqwx <[email protected]>
darkexplosiveqwx (20 Apr 26)
Clarify comment in pihole.cron Signed-off-by: darkexplosiveqwx <[email protected]>
RD WebDesign (19 Apr 26)
Show exit code using the same color as the message Signed-off-by: RD WebDesign <[email protected]>
Adam Warner (19 Apr 26)
Fix permission for *.etag files after gravity run (#6353)
RD WebDesign (19 Apr 26)
Merge branch 'development' into tweak/gravity_curl_error2 Signed-off-by: RD WebDesign <[email protected]>
Adam Warner (19 Apr 26)
Loose requirements for local file access for gravity (#6430)
Adam Warner (19 Apr 26)
security: hardcode PID file path in service hooks The pihole-FTL-prestart.sh and pihole-FTL-poststop.sh scripts are executed as root by systemd (via the '+' prefix). Both previously read the PID file path from pihole.toml via getFTLConfigValue — a file the pihole user can write to directly. An attacker with pihole-user access could set files.pid to an arbitrary path and trigger a service restart to cause root to delete then recreate any file on the system, enabling local privilege escalation. Fix by inlining the hardcoded path /run/pihole-FTL.pid directly in each hook, removing any dependency on user-controlled config. The same hardening is applied to the SysV init script for consistency. See: GHSA-6w8x-p785-6pm4 Signed-off-by: Adam Warner <[email protected]>
RD WebDesign (19 Apr 26)
Apply suggestion Co-authored-by: MichaIng <[email protected]> Signed-off-by: RD WebDesign <[email protected]>
RD WebDesign (18 Apr 26)
Add some adjustments to improve the curl message - Simplify the code that generates the alternative message. - Add fallback for success case, just in case. - Use `sort -V` to detect if the curl version is capable of showing errormsg value (curl 7.75.0 or higher). Signed-off-by: RD WebDesign <[email protected]>
RD WebDesign (18 Apr 26)
Get exit code using $? and only retrive http_code and errormsg Use the exit code as source, to check if curl command was successful. Then use the http code only to select the error message, if available. Signed-off-by: RD WebDesign <[email protected]>
Adam Warner (18 Apr 26)
FTL can create its logfiles on its own (#6601)
yubiuser (18 Apr 26)
Bump github/codeql-action from 4.35.1 to 4.35.2 in the github-actions-dependencies group (#6603)
dependabot[bot] (18 Apr 26)
Bump github/codeql-action in the github-actions-dependencies group Bumps the github-actions-dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 4.35.1 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...95e58e9a2cdfd71adc6e0353d5c52f41a045d225) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>
Adam Warner (17 Apr 26)
Set versions in /etc/pihole/versions to null if script fails (#6550)
yubiuser (30 Mar 26)
Apply suggestions from code review Co-authored-by: Adam Warner <[email protected]> Signed-off-by: yubiuser <[email protected]>
Christian König (23 Feb 26)
Set versions in /etc/pihole/versions to null if script fails Signed-off-by: Christian König <[email protected]>
Christian König (14 Apr 26)
FTL can create its logfiles on its own Signed-off-by: Christian König <[email protected]>
yubiuser (24 Oct 25)
Fix indentation Co-authored-by: RD WebDesign <[email protected]> Signed-off-by: yubiuser <[email protected]>
Christian König (23 Oct 25)
Prevent URLs like file:/./ to circumvent permission check Signed-off-by: Christian König <[email protected]>
Christian König (22 Oct 25)
Loose requirements for local file access for gravity Signed-off-by: yubiuser <[email protected]>
Adam Warner (12 Apr 26)
Skip apt cache update when pihole-meta is current (#6581)
yubiuser (11 Apr 26)
Bump the python-dependencies group in /test with 2 updates (#6596)
yubiuser (11 Apr 26)
Bump trufflesecurity/trufflehog from 3.94.2 to 3.94.3 in the github-actions-dependencies group (#6595)

Pi-Hole Security

7/10

Repo Security Summary

Updated 25 May 26

Code-Review 10/10
Maintained 10/10
Dangerous-Workflow 10/10
Packaging N/A
Binary-Artifacts 10/10
CII-Best-Practices 0/10
Token-Permissions 0/10
License 9/10
Fuzzing 0/10
Signed-Releases N/A
Branch-Protection N/A
Security-Policy 10/10
SAST 10/10
Pinned-Dependencies 2/10

Security Advisories (5)

high Unpatched CVSS 8.8

CVE-2026-41489 Local privilege escalation via config-controlled path in root-executed service hooks

24 Apr 26
medium Unpatched CVSS 6.4

CVE-2026-33727 Local Privilege Escalation (post-compromise, pihole -> root).

03 Apr 26
high Patched CVSS 8.5

CVE-2024-34361 Blind Server-Side Request Forgery (SSRF) can lead to Remote Code Execution (RCE)

05 Jul 24
high Patched CVSS 7.6

CVE-2024-28247 Authenticated Arbitrary File Read with root privileges

27 Mar 24
medium Patched

CVE-2021-29449 Multiple Privilege Escalation Vulnerabilities Pihole

14 Apr 21

Pi-Hole Website

Website

Pi-hole – Network-wide Ad Blocking

Redirects

Does not redirect

Security Checks

All 65 security checks passed

Server Details

IP Address 162.244.93.14
Hostname lv-shared04.dapanel.net
Location Las Vegas, Nevada, United States of America, NA
ISP Frantech Solutions
ASN AS965

Associated Countries

Safety Score

Website marked as safe

100%

Blacklist Check

pi-hole.net was found on 0 blacklists

AntiSocial Blacklist
Artists Against 419
Badbitcoin
Bambenek Consulting
CERT Polska
CoinBlockerLists
CRDF
CryptoScamDB
EtherAddressLookup
EtherScamDB
Fake Website Buster
MetaMask EthPhishing
NABP Not Recommended Sites
OpenPhish
PetScams
PhishFeed
PhishFort
Phishing.Database
PhishStats
PhishTank
Phishunt
RPiList Not Serious
Scam.Directory
SecureReload Phishing List
Spam404
StopGunScams
Suspicious Hosting IP
ThreatFox
ThreatLog
TweetFeed
URLhaus
ViriBack C2 Tracker

Website Preview

View full report at web-check.xyz

Pi-Hole Docker

Container Info

pihole

A Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole.

#Other#Tools pihole/pihole:latest

Run Command

docker run -d \
  -p 53:53/tcp \
  -p 53:53/udp \
  -p 67:67/udp \
  -p 1010:80/tcp \
  -p 4443:443/tcp \
  -v /portainer/Files/AppData/Config/PiHole:/etc/pihole \
  -v /portainer/Files/AppData/Config/PiHole/DNS:/etc/dnsmasq.d \
  --restart=unless-stopped \
  pihole/pihole:latest

Compose File

version: 3.8
services:
  pi-hole:
    image: "pihole/pihole:latest"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "1010:80/tcp"
      - "4443:443/tcp"
    volumes:
      - "/portainer/Files/AppData/Config/PiHole:/etc/pihole"
      - "/portainer/Files/AppData/Config/PiHole/DNS:/etc/dnsmasq.d"
    restart: unless-stopped

Port List

53:53/tcp
53:53/udp
67:67/udp
1010:80/tcp
4443:443/tcp

Volume Mounting

/portainer/Files/AppData/Config/PiHole /etc/pihole
/portainer/Files/AppData/Config/PiHole/DNS /etc/dnsmasq.d

Pi-Hole Reviews

More Ad Blockers

Blokada

(Android/ iOS)
blokada.org

Open source mobile ad-blocker that acts like a firewall. Since it's device-wide, once connected all apps will have ads/ trackers blocked, and the blacklist can be edited. The app is free, but there is a premium option, which has a built-in VPN.

Open Source blokadaorg/blokada

View Blokada Report
Diversion

(Router)
diversion.ch

A shell script application to manage ad-blocking, Dnsmasq logging, Entware and pixelserv-tls installations and more on supported routers running Asuswrt-Merlin firmware, including its forks.

View Diversion Report
hBlock

(Unix)
hblock.molinero.dev

A POSIX-compliant shell script, designed for Unix-like systems, that gets a list of domains that serve ads, tracking scripts and malware from multiple sources and creates a hosts file (alternative formats are also supported) that prevents your system from connecting to them. Aimed at improving security and privacy through blocking advert, tracking and malware associated domains.

Open Source hectorm/hblock

View hBlock Report
RethinkDNS & Firewall

(Android)
rethinkdns.com/app

Free and open source ad-blocker and a firewall for Android 6+ (no root required).

Open Source celzero/rethink-app

View RethinkDNS & Firewall Report
uBlock Origin

(Browser)
github.com/gorhill/uBlock

Light-weight, fast browser extension for Firefox and Chromium (Chrome, Edge, Brave Opera etc), that blocks tracking, ads and known malware. uBlock is easy-to-use out-of-the-box, but also has a highly customisable advanced mode, with a point-and-click firewall which can be configured on a per-site basis.

Open Source gorhill/uBlock

View uBlock Origin Report

About the Data: Pi-Hole

API

You can access Pi-Hole's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/v1/services/pi-hole

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share Pi-Hole

Help your friends compare Ad Blockers, and pick privacy-respecting software and services.
Share Pi-Hole and Awesome Privacy with your network!

View Ad Blockers (6)

Diversion