oob callback logger

Mint a unique callback URL, then drop it into anything you're testing. When a target reaches back — a blind SSRF fetching your URL, a command injection running curl, a SQLi exfiltrating over HTTP — the request is logged here with its full headers, body, and source IP. The Collaborator/interactsh pattern, ephemeral and no-login.

For authorized security testing only. HTTP callbacks only — DNS-interaction logging isn't offered here.

Or from the terminal

curl -s exl.ink/api/oast/new
# → { "callbackUrl": "...", "apiUrl": "...", "secret": "..." }
# use callbackUrl as your OOB target, then poll apiUrl