OpenRedireX – Open Redirect Scanner and Fuzzer Tool

OpenRedireX - Open Redirect Scanner and Fuzzer Tool

Open redirect vulnerabilities are a common security risk that can be exploited to redirect users to malicious websites, leading to phishing attacks or further exploitation. To proactively identify and address these vulnerabilities, cybersecurity researchers and developers rely on specialized tools such as OpenRedireX. Automated tool to scan and fuzz open redirect vulnerability.

What is open redirect vulnerability

Open redirect vulnerabilities occur when web applications allow attackers to craft malicious URLs that redirect users to arbitrary or malicious websites. These flaws often result from improper validation and handling of user-supplied input, enabling attackers to manipulate the redirection flow and potentially deceive users into divulging sensitive information.

OpenRedireX – Automated tool to scan open redirect vulnerability

OpenRedireX is an open-source Open Redirect Scanner Tool developed to identify and evaluate open redirect vulnerabilities in web applications. OpenRedireX leverages automation and custom payloads to systematically test target applications, providing valuable insights to bolster their security measures.

Key Features :

  • Takes a url or list of urls and fuzzes them for Open redirect issues
  • You can specify your own payloads in ‘payloads.txt’
  • Shows Location header history (if any)
  • Fast (as it is Asynchronous)

Usage :

Note: Use Python 3.7+

$ git clone https://github.com/devanshbatham/OpenRedireX $ cd OpenRedireX

For single URL :

Note: The “FUZZ” is important and the url must be in double qoutes !

$ python3.7 openredirex.py -u “https://vulnerable.com/?url=FUZZ” -p payloads.txt –keyword FUZZ

For List of URLs :

$ python3.7 openredirex.py -l urls.txt -p payloads.txt –keyword FUZZ

Example

OpenRedireX - Open Redirect Scanner and Fuzzer Tool


OpenRedireX - Open Redirect Scanner and Fuzzer Tool
Next Post

No more post

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

fifteen − 5 =