{"id":13841940,"url":"https://github.com/wfinn/redirex","last_synced_at":"2026-01-12T10:25:54.289Z","repository":{"id":79213911,"uuid":"463475923","full_name":"wfinn/redirex","owner":"wfinn","description":"tool that generates bypasses for open redirects","archived":false,"fork":false,"pushed_at":"2022-04-18T18:32:05.000Z","size":25,"stargazers_count":52,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-11T14:34:49.419Z","etag":null,"topics":["bugbounty","bypass","pentesting"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wfinn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-02-25T09:39:15.000Z","updated_at":"2025-02-15T19:14:34.000Z","dependencies_parsed_at":"2023-06-09T05:30:31.778Z","dependency_job_id":null,"html_url":"https://github.com/wfinn/redirex","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/wfinn/redirex","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wfinn%2Fredirex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wfinn%2Fredirex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wfinn%2Fredirex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wfinn%2Fredirex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wfinn","download_url":"https://codeload.github.com/wfinn/redirex/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wfinn%2Fredirex/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28338277,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T06:09:07.588Z","status":"ssl_error","status_checked_at":"2026-01-12T06:05:18.301Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bypass","pentesting"],"created_at":"2024-08-04T17:01:24.563Z","updated_at":"2026-01-12T10:25:54.268Z","avatar_url":"https://github.com/wfinn.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# redirex\n\nThis tool generates bypasses for open redirects.  \nMany of the bypasses apply for software other than browsers, but I recommend thorough fuzzing there.\n\n1) find a redirect on your target\n2) generate list of payloads for the domain\n3) use Intruder, ffuf or headless browsers to test payloads\n4) do manual testing for app specific payloads if the redirect seems unusual\n\n```sh\ngo install github.com/wfinn/redirex@latest\nredirex -t target.tld -a attacker.tld\nredirex -h # to see all options\n```\n\n## Bypasses\n\n- relative urls e.g. /%09/attacker.tld\n- when all subdomains are allowed e.g. https://attacker.tld#.target.tld\n- chars that don't really end the host part e.g. https://target.tld\u0026.attacker.tld\n- IP based bypasses e.g. //2130706433 (use -ip to change)\n- unescaped dots in regexes e.g. https://wwwxtarget.tld\n- unicode normalization after checking host e.g. attacker.com%EF%BC%8F.target.com -\u003e attacker.com/.target.com\n- ...\n\nMany bypasses require that you have catch all DNS for your domain.  \nSome bypasses only work in Safari.\n\nThis tool does not create all possible permutations, but aims to generate a good amount.\n\n## Finding Redirects\n\nYou can use these parameters at login, logout \u0026 register.\n\n```\n?Redirect=/Redirect\u0026RedirectUrl=/RedirectUrl\u0026ReturnUrl=/ReturnUrl\u0026Url=/Url\u0026action=/action\u0026action_url=/action_url\u0026backurl=/backurl\u0026burl=/burl\u0026callback_url=/callback_url\u0026checkout_url=/checkout_url\u0026clickurl=/clickurl\u0026continue=/continue\u0026data=/data\u0026dest=/dest\u0026destination=/destination\u0026desturl=/desturl\u0026ext=/ext\u0026forward=/forward\u0026forward_url=/forward_url\u0026go=/go\u0026goto=/goto\u0026image_url=/image_url\u0026jump=/jump\u0026jump_url=/jump_url\u0026link=/link\u0026linkAddress=/linkAddress\u0026location=/location\u0026login=/login\u0026logout=/logout\u0026next=/next\u0026origin=/origin\u0026originUrl=/originUrl\u0026page=/page\u0026pic=/pic\u0026q=/q\u0026qurl=/qurl\u0026recurl=/recurl\u0026redir=/redir\u0026redirect=/redirect\u0026redirect_uri=/redirect_uri\u0026redirect_url=/redirect_url\u0026request=/request\u0026return=/return\u0026returnTo=/returnTo\u0026return_path=/return_path\u0026return_to=/return_to\u0026rit_url=/rit_url\u0026rurl=/rurl\u0026service=/service\u0026sp_url=/sp_url\u0026src=/src\u0026success=/success\u0026target=/target\u0026u=/u\u0026u1=/u1\u0026uri=/uri\u0026url=/url\u0026view=/view\n```\n\nTo test for for redirects that require full urls use `echo \"params\" | sed 's#=/#=https://TARGETDOMAIN/#g'`.\n\nYou could also use my (currently experimental) tool [redirs](https://github.com/wfinn/stuff/tree/master/redirs) to do something like:\n```sh\n$ waybackurls target.tld | uro \u003e urls.txt\n$ redirs \u003c urls.txt\nfrom:  https://target.tld/logout.php?return=home\nto:    https://target.tld/home.php\n...\n```\n\n## Issues\n\n- The order of the generated list is not ideal, manually tweaking it is recommended if you have many endpoints on the same target to get a hit faster.\n\n---\n\nThanks to:\n- @dbzer0 for https://github.com/dbzer0/ipfmt MIT License\n- @jpillora for https://github.com/jpillora/go-tld MIT License\n- @tomnomnom for https://github.com/tomnomnom/hacks/blob/master/unisub No License\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwfinn%2Fredirex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwfinn%2Fredirex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwfinn%2Fredirex/lists"}