{"id":19525695,"url":"https://github.com/aavision/opn-re","last_synced_at":"2026-06-18T07:31:57.643Z","repository":{"id":214544938,"uuid":"735638594","full_name":"AAVision/opn-re","owner":"AAVision","description":"Open redirect vulnerability scanner ⚡","archived":false,"fork":false,"pushed_at":"2023-12-30T15:35:09.000Z","size":74,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-26T04:31:09.574Z","etag":null,"topics":["go","golang","open-redirect","open-redirect-detection","scanner","vulnerability","vulnerability-detection","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AAVision.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2023-12-25T16:33:04.000Z","updated_at":"2024-01-02T08:56:30.000Z","dependencies_parsed_at":"2023-12-28T22:27:07.040Z","dependency_job_id":"28b4b4f3-cdbc-433f-9a32-bb60dd54b709","html_url":"https://github.com/AAVision/opn-re","commit_stats":null,"previous_names":["aavision/opn-re"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/AAVision/opn-re","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AAVision%2Fopn-re","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AAVision%2Fopn-re/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AAVision%2Fopn-re/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AAVision%2Fopn-re/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AAVision","download_url":"https://codeload.github.com/AAVision/opn-re/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AAVision%2Fopn-re/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34481306,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-18T02:00:06.871Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","golang","open-redirect","open-redirect-detection","scanner","vulnerability","vulnerability-detection","vulnerability-scanners"],"created_at":"2024-11-11T01:06:34.730Z","updated_at":"2026-06-18T07:31:57.619Z","avatar_url":"https://github.com/AAVision.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OPN-RE\n## What is opn-re tool or ORV?\n\nFirst of all, the idea of this tool is to find an open redirect vulnerability in a URL, either from a simple query parameter checker or from grabbing endpoints from Web Archieve, and test them all!\n![Opn-Re](https://github.com/AAVision/opn-re/blob/da8ab89853889485e3d590d3bdbeaf82c9d31361/images/opn-re.png)\n\n## Introduction\n### What is open redirect vulernability?\nAn open redirect vulnerability entails an attacker manipulating the user and redirecting them from one site to another, which may be malicious. The cybersecurity community doesn’t put enough emphasis on open redirect vulnerabilities because they are considered a simple flaw commonly connected to phishing scams and social engineering.\n\nHowever, open redirect vulnerabilities can help attackers in ways that go far beyond phishing. The true risk of this vulnerability is when it is utilized and combined with Server Side Request Forgery, XSS-Auditor bypass, Oauth Flaw, and so on.\n---\n![Opn-Re-Example](https://github.com/AAVision/opn-re/blob/da8ab89853889485e3d590d3bdbeaf82c9d31361/images/open-redirect-example.png)\n## General\n### How to Use this tool?\nFirst of all, you can create a simple PHP script that redirects by passing the url in the url parameters in the URL, e.g.\n\n```php\n\u003c?php\n\nif($_GET[\"url\"]){\n    $url = $_GET[\"url\"];\n    header(\"Location: \" .$url);\n    die();\n}\n\n?\u003e\n```\nSave this script on your XAMPP server and check if it will redirect to the URL provided in the parameters, e.g., `http://localhost/opn-re/?url=https://www.google.com`.\n\n## Usage\n```bash\ngo run . --help                                       \nUsage: opn-re.exe [--domain DOMAIN] [--force] [--xss] [--simple] [--input INPUT] [--verbose]\n\nOptions:\n  --domain DOMAIN, -d DOMAIN\n  --force, -f\n  --xss, -x\n  --simple, -s\n  --input INPUT, -i INPUT\n  --verbose, -v\n  --help, -h             display this help and exit\n```\n**Parameters:**\n- d (-d or --domain): is the domain that the tool will scan: `google.com`.\n- s (-s or --simple): this key will make a simple scan by embedding the parameter added in the `config.txt` file.\n- f (-f or --force): this key will force to get all archieved urls.\n- i (-i or --input): This key will take the name of the file that contains urls and add its parameters.\n- v (-v or --verbose): This key will show all the processes and the urls scanned.\n- x (-x or -xss): this key will search for xss injection in the query params.\n- h (-h or --help): this key will display the help menu.\n\n```bash\ngo run . --input test.txt\n\ngo run . --domain google.com --force\n\ngo run . --domain localhost/opn-re/ --simple --verbose\n```\n\n```bash\ngo run . --domain localhost/opn-re/ --simple\nScanning: http://localhost/opn-re/?url=https://www.google.com/\nScanning: http://localhost/opn-re/?file=https://www.google.com/\nScanning: http://localhost/opn-re/?l=https://www.google.com/\nScanning: http://localhost/opn-re/?ret=https://www.google.com/\nScanning: http://localhost/opn-re/?red=https://www.google.com/\nScanning: http://localhost/opn-re/?page=https://www.google.com/\nScanning: http://localhost/opn-re/?q=https://www.google.com/\nScanning: http://localhost/opn-re/?img=https://www.google.com/\nScanning: http://localhost/opn-re/?path=https://www.google.com/\nScanning: http://localhost/opn-re/?file=https://www.google.com/\nScanning: http://localhost/opn-re/?old=https://www.google.com/\nScanning: http://localhost/opn-re/?back=https://www.google.com/\nScanning: http://localhost/opn-re/?redirectBack=https://www.google.com/\nScanning: http://localhost/opn-re/?aspxerrorpath=https://www.google.com/\nScanning: http://localhost/opn-re/?u=https://www.google.com/\nScanning: http://localhost/opn-re/?langTo=https://www.google.com/\nScanning: http://localhost/opn-re/?redirect=https://www.google.com/\nScanning: http://localhost/opn-re/?From=https://www.google.com/\nScanning: http://localhost/opn-re/?Goto=https://www.google.com/\nScanning: http://localhost/opn-re/?end_display=https://www.google.com/\nScanning: http://localhost/opn-re/?AuthState=https://www.google.com/\nScanning: http://localhost/opn-re/?forward=https://www.google.com/\nScanning: http://localhost/opn-re/?redir=https://www.google.com/\nScanning: http://localhost/opn-re/?page=https://www.google.com/\nScanning: http://localhost/opn-re/?r=https://www.google.com/\nScanning: http://localhost/opn-re/?return_url=https://www.google.com/\nScanning: http://localhost/opn-re/?image_path=https://www.google.com/\nScanning: http://localhost/opn-re/?URL=https://www.google.com/\nScanning: http://localhost/opn-re/?location=https://www.google.com/\nScanning: http://localhost/opn-re/?toredirect=https://www.google.com/\nScanning: http://localhost/opn-re/?returnUrl=https://www.google.com/\nScanning: http://localhost/opn-re/?redirect_url=https://www.google.com/\nScanning: http://localhost/opn-re/?Next=https://www.google.com/\nScanning: http://localhost/opn-re/?ReturnUrl=https://www.google.com/\nScanning: http://localhost/opn-re/?uri=https://www.google.com/\nScanning: http://localhost/opn-re/?open=https://www.google.com/\nScanning: http://localhost/opn-re/?newurl=https://www.google.com/\nScanning: http://localhost/opn-re/?Referer=https://www.google.com/\nScanning: http://localhost/opn-re/?ActionCodeURL=https://www.google.com/\nScanning: http://localhost/opn-re/?link=https://www.google.com/\nScanning: http://localhost/opn-re/?r2=https://www.google.com/\nThe vulnerable urls are:  [http://localhost/opn-re/?url=https://www.google.com/]\nFinished in: 740.6005ms\n```\n---\n\n## Build\n```bash\ngo build .\n./opn-re\n```\n## LICENSE\n\nThis project is licensed under the MIT License. See the [LICENSE](https://github.com/aavision/opn-re/blob/main/LICENSE) file for details.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faavision%2Fopn-re","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faavision%2Fopn-re","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faavision%2Fopn-re/lists"}