{"id":18952421,"url":"https://github.com/devanshbatham/openredirex","last_synced_at":"2025-04-12T22:20:02.765Z","repository":{"id":47555425,"uuid":"256962344","full_name":"devanshbatham/OpenRedireX","owner":"devanshbatham","description":"A fuzzer for detecting open redirect vulnerabilities","archived":false,"fork":false,"pushed_at":"2024-07-01T20:45:53.000Z","size":860,"stargazers_count":741,"open_issues_count":3,"forks_count":137,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-04-04T01:11:11.412Z","etag":null,"topics":["open-redirect","openredirect","openredirect-fuzzer","openredirect-scanner"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/devanshbatham.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-19T09:37:38.000Z","updated_at":"2025-04-03T14:50:42.000Z","dependencies_parsed_at":"2022-09-12T21:23:01.792Z","dependency_job_id":"b1a97bce-421b-4f2c-b172-aafda18958a2","html_url":"https://github.com/devanshbatham/OpenRedireX","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devanshbatham%2FOpenRedireX","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devanshbatham%2FOpenRedireX/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devanshbatham%2FOpenRedireX/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devanshbatham%2FOpenRedireX/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/devanshbatham","download_url":"https://codeload.github.com/devanshbatham/OpenRedireX/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248638327,"owners_count":21137652,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["open-redirect","openredirect","openredirect-fuzzer","openredirect-scanner"],"created_at":"2024-11-08T13:33:21.551Z","updated_at":"2025-04-12T22:20:02.743Z","avatar_url":"https://github.com/devanshbatham.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n\u003ch1 align=\"center\"\u003e\n    OpenRedireX\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n\u003ch4 align=\"center\"\u003eA fuzzer for detecting open redirect vulnerabilities\u003c/h4\u003e\n\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#install\"\u003e🏗️ Install\u003c/a\u003e  \n  \u003ca href=\"#usage\"\u003e⛏️ Usage\u003c/a\u003e  \n  \u003ca href=\"#dependencies\"\u003e📚 Dependencies\u003c/a\u003e\n  \u003cbr\u003e\n\u003c/p\u003e\n\n![OpenRedirex](https://github.com/devanshbatham/OpenRedireX/blob/master/static/openredirex.png?raw=true)\n\n# Install\n\n```sh\ngit clone https://github.com/devanshbatham/openredirex\ncd openredirex\nsudo chmod +x setup.sh\n./setup.sh\n```\n\n# Usage\n\nThe script is executed from the command line and has the following usage options:\n\n```sh\nopenredirex [-p payloads] [-k keyword] [-c concurrency]\n```\n\n- `-p`, `--payloads`: File containing a list of payloads. If not specified, a hardcoded list is used.\n- `-k`, `--keyword`: Keyword in URLs to replace with payload. Default is \"FUZZ\".\n- `-c`, `--concurrency`: Number of concurrent tasks. Default is 100.\n\nThe script expects a list of URLs as input. Each URL should contain the keyword specified by the `-k` option. The script replaces the keyword with each of the payloads, and attempts to fetch the modified URL. \n\nExample usage:\n\n```sh\ncat list_of_urls.txt |  openredirex -p payloads.txt -k \"FUZZ\" -c 50\n```\n\n\nList of URLs should look like below:\n\n\n```\ncat list_of_urls.txt\n\nhttps://newsroom.example.com/logout?redirect=FUZZ\nhttps://auth.example.com/auth/realms/sonatype/protocol/openid-connect/logout?redirect_uri=test\nhttps://exmaple.com/php?test=baz\u0026foo=bar\n```\n\nThis example reads URLs from the file `list_of_urls.txt`, replaces all the values of the parameters to `FUZZ` (if `--keyword` is not supplied), then again replaces the keyword `FUZZ` or the supplied keyword with each payload from `payloads.txt`, and fetches each URL concurrently, with a maximum of 50 concurrent tasks.\n\n\n\n# Dependencies\n\nThe script uses the following libraries:\n\n- `argparse` for handling command-line arguments.\n- `aiohttp` for making HTTP requests.\n- `tqdm` for displaying progress.\n- `concurrent.futures` for handling concurrent tasks.\n- `asyncio` for managing asynchronous tasks.\n\nYou need to install these dependencies before running the script. Most of them are part of the standard Python library. You can install `aiohttp` and `tqdm` using pip:\n\n```sh\npip install aiohttp tqdm\n```\n\nYou can use this script to check for open redirects in web applications. However, you should only use it on systems that you have been given explicit permission to test.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevanshbatham%2Fopenredirex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdevanshbatham%2Fopenredirex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevanshbatham%2Fopenredirex/lists"}