{"id":13842875,"url":"https://github.com/PushpenderIndia/ORhunter","last_synced_at":"2025-07-11T17:32:13.079Z","repository":{"id":106839300,"uuid":"299504462","full_name":"PushpenderIndia/ORhunter","owner":"PushpenderIndia","description":"ORhunter is an Open Redirect Vulnerability Scanner which Passively Crawls URLs from 3 Sources \u0026 Then Filter Potential URLs based on Parameter Values, then finally hunt them for Unvalidated Open Redirect ","archived":false,"fork":false,"pushed_at":"2023-10-02T04:58:06.000Z","size":52,"stargazers_count":40,"open_issues_count":3,"forks_count":13,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-01T21:01:24.519Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PushpenderIndia.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-29T04:30:32.000Z","updated_at":"2024-08-12T20:06:15.000Z","dependencies_parsed_at":"2023-10-02T05:52:41.234Z","dependency_job_id":null,"html_url":"https://github.com/PushpenderIndia/ORhunter","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/PushpenderIndia/ORhunter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PushpenderIndia%2FORhunter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PushpenderIndia%2FORhunter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PushpenderIndia%2FORhunter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PushpenderIndia%2FORhunter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PushpenderIndia","download_url":"https://codeload.github.com/PushpenderIndia/ORhunter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PushpenderIndia%2FORhunter/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264862485,"owners_count":23674981,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:01:48.799Z","updated_at":"2025-07-11T17:32:12.838Z","avatar_url":"https://github.com/PushpenderIndia.png","language":"Python","funding_links":[],"categories":["Python","Python (1887)"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eORhunter\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://python.org\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Python-3.7-green.svg\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/PushpenderIndia/subdover/blob/master/LICENSE\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/License-MIT-lightgrey.svg\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/PushpenderIndia/subdover/releases\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Release-1.0-blue.svg\"\u003e\n  \u003c/a\u003e\n    \u003ca href=\"https://github.com/PushpenderIndia/subdover\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Open%20Source-%E2%9D%A4-brightgreen.svg\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\nORhunter is an Open Redirect Vulnerability Scanner which Passively Crawls URLs from 3 Sources \u0026amp; Then Filter Potential URLs based on Parameter Values, then finally hunt them for Unvalidated Open Redirect \n\n## Disclaimer\n\u003cp align=\"center\"\u003e\n  :computer: This project was created only for good purposes and personal use.\n\u003c/p\u003e\n\nTHIS SOFTWARE IS PROVIDED \"AS IS\" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.\n\n## Features\n- [x] Works on Windows/Linux/MacOS\n- [x] Passively Crawls URLs from 3 Sources\n\n| Crawl URLs from |\n| --------------- |\n| Wayback Machine |\n| Common Crawl    |\n| AlienVault's OTX (Open Threat Exchange) |\n\n- [x] Filter Potentially Vulnerable URLs based on Parameter value\n- [x] Replaces only those parameter's value whose parameter value is a URL with \"http://evil.com\"\n\n\u003e **Example** : Converts this URL to *http://example.com/index.php?r=http://google.com\u0026version=34* to *http://example.com/index.php?r=http://evil.com\u0026version=34*\n\n- [x] If you want to test your own URLs List \u0026 don't want to crawl URLs then you can use **--list** flag\n- [x] DeepCrawl Feature (If Enabled, then Ragno try to fetch URLs from all **74+ CommonCrawl APIs**)\n- [x] MultiThreading \n- [x] Result of **Subdomains** could be excluded \u0026 included via CommandLine Argument (i.e. **-s**)\n- [x] Save Result in TXT File\n- [x] GET Based Unvalidated Open Redirect Vulnerability Scanner\n- [x] Path Fragment Unvalidated Open Redirect Vulnerability Scanner [**Under Development**]\n \n## Prerequisite\n- [x] Python 3.X\n- [x] Few External Modules\n\n\n## Available Arguments \n* Optional Arguments\n\n| Short Hand  | Full Hand       | Description                     |\n| ----------  | ---------       | -----------                     |\n| -h          | --help          | show this help message and exit |\n| -t THREAD   | --thread THREAD | Number of Threads to Used. Default=50 |\n| -o OUTPUT   | --output OUTPUT | Save Result in TXT file         |\n| -s          | --subs          | Include Result of Subdomains    |\n|             | --deepcrawl     | Uses All Available APIs of CommonCrawl for Crawling URLs [Takes Time] |\n\n\n* Required Arguments\n\n| Short Hand  | Full Hand | Description |\n| ----------  | --------- | ----------- |\n| -l URL_LIST | --list URL_LIST | URLs List, ex:- google_urls.txt |\n| -d DOMAIN   | --domain DOMAIN | Target Domain Name, ex:- google.com |\n\n## How To Use in Linux\n```bash\n# Navigate to the /opt directory (optional)\n$ cd /opt/\n\n# Clone this repository\n$ git clone https://github.com/PushpenderIndia/ORhunter.git\n\n# Navigate to ORhunter folder\n$ cd ORhunter\n\n# Installing dependencies\n$ apt-get update \u0026\u0026 apt-get install python3-pip\n$ pip3 install numpy requests\n\n# Giving Executable Permission\n$ chmod +x orhunter.py\n\n# Checking Help Menu\n$ python3 orhunter.py --help\n\n# Normal (Fast) URL Crawl + Testing GET based open redirect\n$ python3 orhunter.py -d target.com \n\n# Normal (Fast) URL Crawl + Testing GET based open redirect + Include Subdomain's URLs\n$ python3 orhunter.py -d target.com -s\n\n# Normal (Fast) URL Crawl + Testing GET based open redirect + Include Subdomain's URLs + Save Result\n$ python3 orhunter.py -d target.com -s -o result.txt\n\n# Run Deep Crawl + Saving Result + Include Subdomain's URLs + Change Thread Number\n$ python3 orhunter.py -d target.com -o result.txt -s --deepcrawl --thread 100\n```\n\n## How To Use in Windows\n```bash\n# Install dependencies \n$ Install latest python 3.x from Official Site (https://www.python.org/downloads/)\n\n# Clone this repository or Download Zip File\n$ git clone https://github.com/PushpenderIndia/ORhunter.git\n\n# Navigate to ORhunter folder\n$ cd ORhunter\n\n# Installing dependencies\n$ python -m pip install numpy requests\n\n# Checking Help Menu\n$ python orhunter.py --help\n\n# Checking Help Menu\n$ python orhunter.py --help\n\n# Normal (Fast) URL Crawl + Testing GET based open redirect\n$ python orhunter.py -d target.com \n\n# Normal (Fast) URL Crawl + Testing GET based open redirect + Include Subdomain's URLs\n$ python orhunter.py -d target.com -s\n\n# Normal (Fast) URL Crawl + Testing GET based open redirect + Include Subdomain's URLs + Save Result\n$ python orhunter.py -d target.com -s -o result.txt\n\n# Run Deep Crawl + Saving Result + Include Subdomain's URLs + Change Thread Number\n$ python orhunter.py -d target.com -o result.txt -s --deepcrawl --thread 100\n```\n\n## Screenshot\n\n![](/Result.JPG)\n\n## Contribute\n\n* All Contributors are welcome, this repo needs contributors who will improve this tool to make it best.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPushpenderIndia%2FORhunter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FPushpenderIndia%2FORhunter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPushpenderIndia%2FORhunter/lists"}