Open-Redirect is a tool for detecting open redirect vulnerabilities in web applications. These flaws allow attackers to redirect users to malicious sites using trusted URLs. This tool tests various parameters and payloads to identify unsafe redirects. Ideal for penetration testing and web security education.
- Multi-threaded scanning
- Supports scanning single URLs or URL lists
- Built-in payloads and redirect parameter list
- Custom headers and user-agents
- JSON and CSV export formats
- Simple, CLI-based interface
- Python 3.8+
- Works on Linux and other
- Internet connection (to test redirects)
git clone https://github.com/denoyey/Open-Redirect.git
cd Open-Redirect
pip install -r requirements.txtScan Single URL
python openredirect.pyChoose option [1] and input the target URL when prompted.
Example:
https://example.com/redirect?url=Prepare a .txt file containing one URL per line, then:
python openredirect.pyChoose option [2] and enter the file path when prompted.
- Payloads: Over 50 encoded and obfuscated redirect payloads are used to test for various bypass techniques.
- Parameters: Includes 60+ common redirect-related parameters like
url,redirect,next,target,dest, and more.
You can expand the list by modifying
bypass_payloadsandredirect_paramsin the script.
result.json— JSON formatted scan results.result.csv— CSV formatted scan results.log.txt— Full scan log output.
Developed by denoyey.
Built for educational and ethical penetration testing purposes only.
Contributions and pull requests are welcome!