Pi-Hole

Awesome Privacy ➔ Networking ➔ Self-Hosted Network Security ➔ Pi-Hole

Network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. Pi-Hole can significantly speed up your internet, remove ads and block malware. It comes with a nice web interface and a mobile app with monitoring features, it's open source, easy to install and very widely used.

Homepage: pi-hole.net
GitHub: github.com/pi-hole/pi-hole
Privacy: tosdr.org/en/service/9079
Web info: web-check.xyz/check/pi-hole.net

Open Source

Pi-Hole Source Code

Author

pi-hole

Description

A black hole for Internet advertisements

#ad-blocker#blocker#cloud#dashboard#dhcp#dhcp-server#dns-server#dnsmasq#pi-hole#raspberry-pi#shell

Homepage

https://pi-hole.net

License

NOASSERTION

Created

08 Jun 14

Last Updated

16 Jun 26

Latest version

v6.4.2

Primary Language

Shell

Size

9,143 KB

Stars

59,316

Forks

3,228

Watchers

59,316

Language Usage

Star History

Top Contributors

Recent Commits

Adam Warner (24 Apr 26)
Pi-hole Core v6.4.2 (#6610)
Adam Warner (24 Apr 26)
Merge commit from fork hardcode PID file path in service hooks
Adam Warner (24 Apr 26)
Improve gravity error message including curl exit code and errormsg (#6605)
RD WebDesign (21 Apr 26)
Use semicolon as separator for the returned values Co-authored-by: casperklein <[email protected]> Signed-off-by: RD WebDesign <[email protected]>
RD WebDesign (21 Apr 26)
Apply suggestions from code review Note: use short flags for some commands, to keep Busybox compatibility Co-authored-by: Dan Schaper <[email protected]> Signed-off-by: RD WebDesign <[email protected]>
Adam Warner (20 Apr 26)
add logrotate to DEB and RPM dependencies (#6524)
RD WebDesign (20 Apr 26)
Add comment explaining the code used to compare versions Signed-off-by: RD WebDesign <[email protected]>
darkexplosiveqwx (20 Apr 26)
Merge branch 'development' into logrotate Conflicts resolved: automated install/basic-install.sh Signed-off-by: darkexplosiveqwx <[email protected]>
darkexplosiveqwx (20 Apr 26)
Clarify comment in pihole.cron Signed-off-by: darkexplosiveqwx <[email protected]>
RD WebDesign (19 Apr 26)
Show exit code using the same color as the message Signed-off-by: RD WebDesign <[email protected]>
Adam Warner (19 Apr 26)
Fix permission for *.etag files after gravity run (#6353)
RD WebDesign (19 Apr 26)
Merge branch 'development' into tweak/gravity_curl_error2 Signed-off-by: RD WebDesign <[email protected]>
Adam Warner (19 Apr 26)
Loose requirements for local file access for gravity (#6430)
Adam Warner (19 Apr 26)
security: hardcode PID file path in service hooks The pihole-FTL-prestart.sh and pihole-FTL-poststop.sh scripts are executed as root by systemd (via the '+' prefix). Both previously read the PID file path from pihole.toml via getFTLConfigValue — a file the pihole user can write to directly. An attacker with pihole-user access could set files.pid to an arbitrary path and trigger a service restart to cause root to delete then recreate any file on the system, enabling local privilege escalation. Fix by inlining the hardcoded path /run/pihole-FTL.pid directly in each hook, removing any dependency on user-controlled config. The same hardening is applied to the SysV init script for consistency. See: GHSA-6w8x-p785-6pm4 Signed-off-by: Adam Warner <[email protected]>
RD WebDesign (19 Apr 26)
Apply suggestion Co-authored-by: MichaIng <[email protected]> Signed-off-by: RD WebDesign <[email protected]>
RD WebDesign (18 Apr 26)
Add some adjustments to improve the curl message - Simplify the code that generates the alternative message. - Add fallback for success case, just in case. - Use `sort -V` to detect if the curl version is capable of showing errormsg value (curl 7.75.0 or higher). Signed-off-by: RD WebDesign <[email protected]>
RD WebDesign (18 Apr 26)
Get exit code using $? and only retrive http_code and errormsg Use the exit code as source, to check if curl command was successful. Then use the http code only to select the error message, if available. Signed-off-by: RD WebDesign <[email protected]>
Adam Warner (18 Apr 26)
FTL can create its logfiles on its own (#6601)
yubiuser (18 Apr 26)
Bump github/codeql-action from 4.35.1 to 4.35.2 in the github-actions-dependencies group (#6603)
dependabot[bot] (18 Apr 26)
Bump github/codeql-action in the github-actions-dependencies group Bumps the github-actions-dependencies group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 4.35.1 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...95e58e9a2cdfd71adc6e0353d5c52f41a045d225) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>
Adam Warner (17 Apr 26)
Set versions in /etc/pihole/versions to null if script fails (#6550)
yubiuser (30 Mar 26)
Apply suggestions from code review Co-authored-by: Adam Warner <[email protected]> Signed-off-by: yubiuser <[email protected]>
Christian König (23 Feb 26)
Set versions in /etc/pihole/versions to null if script fails Signed-off-by: Christian König <[email protected]>
Christian König (14 Apr 26)
FTL can create its logfiles on its own Signed-off-by: Christian König <[email protected]>
yubiuser (24 Oct 25)
Fix indentation Co-authored-by: RD WebDesign <[email protected]> Signed-off-by: yubiuser <[email protected]>
Christian König (23 Oct 25)
Prevent URLs like file:/./ to circumvent permission check Signed-off-by: Christian König <[email protected]>
Christian König (22 Oct 25)
Loose requirements for local file access for gravity Signed-off-by: yubiuser <[email protected]>
Adam Warner (12 Apr 26)
Skip apt cache update when pihole-meta is current (#6581)
yubiuser (11 Apr 26)
Bump the python-dependencies group in /test with 2 updates (#6596)
yubiuser (11 Apr 26)
Bump trufflesecurity/trufflehog from 3.94.2 to 3.94.3 in the github-actions-dependencies group (#6595)

Pi-Hole Security

7/10

Repo Security Summary

Updated 25 May 26

Code-Review 10/10
Maintained 10/10
Dangerous-Workflow 10/10
Packaging N/A
Binary-Artifacts 10/10
CII-Best-Practices 0/10
Token-Permissions 0/10
License 9/10
Fuzzing 0/10
Signed-Releases N/A
Branch-Protection N/A
Security-Policy 10/10
SAST 10/10
Pinned-Dependencies 2/10

Security Advisories (5)

high Unpatched CVSS 8.8

CVE-2026-41489 Local privilege escalation via config-controlled path in root-executed service hooks

24 Apr 26
medium Unpatched CVSS 6.4

CVE-2026-33727 Local Privilege Escalation (post-compromise, pihole -> root).

03 Apr 26
high Patched CVSS 8.5

CVE-2024-34361 Blind Server-Side Request Forgery (SSRF) can lead to Remote Code Execution (RCE)

05 Jul 24
high Patched CVSS 7.6

CVE-2024-28247 Authenticated Arbitrary File Read with root privileges

27 Mar 24
medium Patched

CVE-2021-29449 Multiple Privilege Escalation Vulnerabilities Pihole

14 Apr 21

Pi-Hole Website

Website

Pi-hole – Network-wide Ad Blocking

Redirects

Does not redirect

Security Checks

All 65 security checks passed

Server Details

IP Address 162.244.93.14
Hostname lv-shared04.dapanel.net
Location Las Vegas, Nevada, United States of America, NA
ISP Frantech Solutions
ASN AS965

Associated Countries

Safety Score

Website marked as safe

100%

Blacklist Check

pi-hole.net was found on 0 blacklists

AntiSocial Blacklist
Artists Against 419
Badbitcoin
Bambenek Consulting
CERT Polska
CoinBlockerLists
CRDF
CryptoScamDB
EtherAddressLookup
EtherScamDB
Fake Website Buster
MetaMask EthPhishing
NABP Not Recommended Sites
OpenPhish
PetScams
PhishFeed
PhishFort
Phishing.Database
PhishStats
PhishTank
Phishunt
RPiList Not Serious
Scam.Directory
SecureReload Phishing List
Spam404
StopGunScams
Suspicious Hosting IP
ThreatFox
ThreatLog
TweetFeed
URLhaus
ViriBack C2 Tracker

Website Preview

View full report at web-check.xyz

Pi-Hole Docker

Container Info

pihole

A Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole.

#Other#Tools pihole/pihole:latest

Run Command

docker run -d \
  -p 53:53/tcp \
  -p 53:53/udp \
  -p 67:67/udp \
  -p 1010:80/tcp \
  -p 4443:443/tcp \
  -v /portainer/Files/AppData/Config/PiHole:/etc/pihole \
  -v /portainer/Files/AppData/Config/PiHole/DNS:/etc/dnsmasq.d \
  --restart=unless-stopped \
  pihole/pihole:latest

Compose File

version: 3.8
services:
  pi-hole:
    image: "pihole/pihole:latest"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "1010:80/tcp"
      - "4443:443/tcp"
    volumes:
      - "/portainer/Files/AppData/Config/PiHole:/etc/pihole"
      - "/portainer/Files/AppData/Config/PiHole/DNS:/etc/dnsmasq.d"
    restart: unless-stopped

Port List

53:53/tcp
53:53/udp
67:67/udp
1010:80/tcp
4443:443/tcp

Volume Mounting

/portainer/Files/AppData/Config/PiHole /etc/pihole
/portainer/Files/AppData/Config/PiHole/DNS /etc/dnsmasq.d

Pi-Hole Reviews

More Self-Hosted Network Security

E2guardian
e2guardian.org

Powerful open source web content filter.

Open Source e2guardian/e2guardian

View E2guardian Report
Firezone
firezone.dev

Open-source self-hosted VPN and firewall built on WireGuard®.

Open Source firezone/firezone

View Firezone Report
IPFire
ipfire.org

A hardened, versatile, state-of-the-art open source firewall based on Linux. Its ease of use, high performance and extensibility make it usable for everyone.

Open Source ipfire/ipfire-2.x

View IPFire Report
PF Sense
pfsense.org

Widely used, open source firewall/router.

Open Source pfsense/pfsense

View PF Sense Report
PiVPN
pivpn.io

A simple way to set up a home VPN on any Debian server. Supports OpenVPN and WireGuard with elliptic curve encryption keys up to 512 bit. Supports multiple DNS providers and custom DNS providers - works nicely along-side PiHole.

Open Source pivpn/pivpn

View PiVPN Report
Technitium
technitium.com/dns

Another DNS server for blocking privacy-invasive content at its source. Technitium doesn't require much of a setup, and basically works straight out of the box, it supports a wide range of systems (and can even run as a portable app on Windows). It allows you to do some additional tasks, such as add local DNS addresses and zones with specific DNS records. Compared to Pi-Hole, Technitium is very lightweight, but lacks the deep insights that Pi-Hole provides, and has a significantly smaller community behind it.

Open Source TechnitiumSoftware/DnsServer

View Technitium Report
Zeek
zeek.org

Detect if you have a malware-infected computer on your network, and powerful network analysis framework and monitor.

Open Source zeek/zeek

View Zeek Report

About the Data: Pi-Hole

API

You can access Pi-Hole's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/v1/services/pi-hole

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share Pi-Hole

Help your friends compare Self-Hosted Network Security, and pick privacy-respecting software and services.
Share Pi-Hole and Awesome Privacy with your network!

View Self-Hosted Network Security (8)

Technitium