LOTWebHooks - Living Off The WebHooks

Living Off The WebHooks

Abusing WebHooks for Data Exfiltration & C2 Communications

LOTWebHooks is a community-driven project documenting webhooks that may be exploited for data exfiltration and C2 communications. Contribution guide.

Webhook Name	URL	Type	Reference
Webhook.site	`webhook.site/*`	Web	https://webhook.site/
Webhook.site	`*@emailhook.site`	Email	https://webhook.site/
Webhook.site	`*.dnshook.site`	DNS	https://webhook.site/
Webhook Test	`webhook-test.com/*`	Web	https://webhook-test.com/
Webhook Cool	`*.webhook.cool`	Web	https://webhook.cool/
Beeceptor	`*.free.beeceptor.com`	Web	https://beeceptor.com/
Beeceptor	`*.proxy.beeceptor.com`	Web	https://beeceptor.com/
Typed Web Hooks	`typedwebhook.tools/*`	Web	https://typedwebhook.tools/
Discord	`discord.com/api/webhooks/*`	Web	https://discord.com/
MS Teams	`.webhook.office.com/`	Web	https://teams.microsoft.com/
MS Teams Workflows	`..logic.azure.com/workflows/*`	Web	https://www.microsoft.com/en-us/microsoft-teams/apps-and-workflows
GitHub	`github.com/{username}/{repository}/hooks/*`	Web	https://github/
Request Catcher	`*.requestcatcher.com`	Web	https://requestcatcher.com/
Pipe Dream	`*.mpipedream.net`	Web	https://pipedream.com/
Trello	`api.trello.com/1/tokens/{token}/webhooks/?callbackURL=*`	Web	https://trello.com/
Slack	`hooks.slack.com/*`	Web	https://slack.com/
IFTTT	`maker.ifttt.com/trigger/*`	Web	https://ifttt.com
Webhook Relay	`*.hooks.webhookrelay.com`	Web	https://webhookrelay.com
Octohook	`octo.hk/*`	Web	https://octohook.com/

Webhook Name

URL

Type

Reference

Webhook.site

webhook.site/*

Web

https://webhook.site/

Webhook.site

*@emailhook.site

https://webhook.site/

Webhook.site

*.dnshook.site

DNS

https://webhook.site/

Webhook Test

webhook-test.com/*

Web

https://webhook-test.com/

Webhook Cool

*.webhook.cool

Web

https://webhook.cool/

Beeceptor

*.free.beeceptor.com

Web

https://beeceptor.com/

Beeceptor

*.proxy.beeceptor.com

Web

https://beeceptor.com/

Typed Web Hooks

typedwebhook.tools/*

Web

https://typedwebhook.tools/

Discord

discord.com/api/webhooks/*

Web

https://discord.com/

MS Teams

*.webhook.office.com/*

Web

https://teams.microsoft.com/

MS Teams Workflows

*.*.logic.azure.com/workflows/*

Web

https://www.microsoft.com/en-us/microsoft-teams/apps-and-workflows

GitHub

github.com/{username}/{repository}/hooks/*

Web

https://github/

Request Catcher

*.requestcatcher.com

Web

https://requestcatcher.com/

Pipe Dream

*.mpipedream.net

Web

https://pipedream.com/

Trello

api.trello.com/1/tokens/{token}/webhooks/?callbackURL=*

Web

https://trello.com/

Slack

hooks.slack.com/*

Web

https://slack.com/

IFTTT

maker.ifttt.com/trigger/*

Web

https://ifttt.com

Webhook Relay

*.hooks.webhookrelay.com

Web

https://webhookrelay.com

Octohook

octo.hk/*

Web

https://octohook.com/