https://github.com/aavision/opn-re
Open redirect vulnerability scanner ⚡
https://github.com/aavision/opn-re
go golang open-redirect open-redirect-detection scanner vulnerability vulnerability-detection vulnerability-scanners
Last synced: 9 days ago
JSON representation
Open redirect vulnerability scanner ⚡
- Host: GitHub
- URL: https://github.com/aavision/opn-re
- Owner: AAVision
- License: mit
- Created: 2023-12-25T16:33:04.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-12-30T15:35:09.000Z (over 2 years ago)
- Last Synced: 2026-01-26T04:31:09.574Z (5 months ago)
- Topics: go, golang, open-redirect, open-redirect-detection, scanner, vulnerability, vulnerability-detection, vulnerability-scanners
- Language: Go
- Homepage:
- Size: 72.3 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.MD
- License: LICENSE
Awesome Lists containing this project
README
# OPN-RE
## What is opn-re tool or ORV?
First of all, the idea of this tool is to find an open redirect vulnerability in a URL, either from a simple query parameter checker or from grabbing endpoints from Web Archieve, and test them all!
## Introduction
### What is open redirect vulernability?
An open redirect vulnerability entails an attacker manipulating the user and redirecting them from one site to another, which may be malicious. The cybersecurity community doesn’t put enough emphasis on open redirect vulnerabilities because they are considered a simple flaw commonly connected to phishing scams and social engineering.
However, open redirect vulnerabilities can help attackers in ways that go far beyond phishing. The true risk of this vulnerability is when it is utilized and combined with Server Side Request Forgery, XSS-Auditor bypass, Oauth Flaw, and so on.
---
## General
### How to Use this tool?
First of all, you can create a simple PHP script that redirects by passing the url in the url parameters in the URL, e.g.
```php
```
Save this script on your XAMPP server and check if it will redirect to the URL provided in the parameters, e.g., `http://localhost/opn-re/?url=https://www.google.com`.
## Usage
```bash
go run . --help
Usage: opn-re.exe [--domain DOMAIN] [--force] [--xss] [--simple] [--input INPUT] [--verbose]
Options:
--domain DOMAIN, -d DOMAIN
--force, -f
--xss, -x
--simple, -s
--input INPUT, -i INPUT
--verbose, -v
--help, -h display this help and exit
```
**Parameters:**
- d (-d or --domain): is the domain that the tool will scan: `google.com`.
- s (-s or --simple): this key will make a simple scan by embedding the parameter added in the `config.txt` file.
- f (-f or --force): this key will force to get all archieved urls.
- i (-i or --input): This key will take the name of the file that contains urls and add its parameters.
- v (-v or --verbose): This key will show all the processes and the urls scanned.
- x (-x or -xss): this key will search for xss injection in the query params.
- h (-h or --help): this key will display the help menu.
```bash
go run . --input test.txt
go run . --domain google.com --force
go run . --domain localhost/opn-re/ --simple --verbose
```
```bash
go run . --domain localhost/opn-re/ --simple
Scanning: http://localhost/opn-re/?url=https://www.google.com/
Scanning: http://localhost/opn-re/?file=https://www.google.com/
Scanning: http://localhost/opn-re/?l=https://www.google.com/
Scanning: http://localhost/opn-re/?ret=https://www.google.com/
Scanning: http://localhost/opn-re/?red=https://www.google.com/
Scanning: http://localhost/opn-re/?page=https://www.google.com/
Scanning: http://localhost/opn-re/?q=https://www.google.com/
Scanning: http://localhost/opn-re/?img=https://www.google.com/
Scanning: http://localhost/opn-re/?path=https://www.google.com/
Scanning: http://localhost/opn-re/?file=https://www.google.com/
Scanning: http://localhost/opn-re/?old=https://www.google.com/
Scanning: http://localhost/opn-re/?back=https://www.google.com/
Scanning: http://localhost/opn-re/?redirectBack=https://www.google.com/
Scanning: http://localhost/opn-re/?aspxerrorpath=https://www.google.com/
Scanning: http://localhost/opn-re/?u=https://www.google.com/
Scanning: http://localhost/opn-re/?langTo=https://www.google.com/
Scanning: http://localhost/opn-re/?redirect=https://www.google.com/
Scanning: http://localhost/opn-re/?From=https://www.google.com/
Scanning: http://localhost/opn-re/?Goto=https://www.google.com/
Scanning: http://localhost/opn-re/?end_display=https://www.google.com/
Scanning: http://localhost/opn-re/?AuthState=https://www.google.com/
Scanning: http://localhost/opn-re/?forward=https://www.google.com/
Scanning: http://localhost/opn-re/?redir=https://www.google.com/
Scanning: http://localhost/opn-re/?page=https://www.google.com/
Scanning: http://localhost/opn-re/?r=https://www.google.com/
Scanning: http://localhost/opn-re/?return_url=https://www.google.com/
Scanning: http://localhost/opn-re/?image_path=https://www.google.com/
Scanning: http://localhost/opn-re/?URL=https://www.google.com/
Scanning: http://localhost/opn-re/?location=https://www.google.com/
Scanning: http://localhost/opn-re/?toredirect=https://www.google.com/
Scanning: http://localhost/opn-re/?returnUrl=https://www.google.com/
Scanning: http://localhost/opn-re/?redirect_url=https://www.google.com/
Scanning: http://localhost/opn-re/?Next=https://www.google.com/
Scanning: http://localhost/opn-re/?ReturnUrl=https://www.google.com/
Scanning: http://localhost/opn-re/?uri=https://www.google.com/
Scanning: http://localhost/opn-re/?open=https://www.google.com/
Scanning: http://localhost/opn-re/?newurl=https://www.google.com/
Scanning: http://localhost/opn-re/?Referer=https://www.google.com/
Scanning: http://localhost/opn-re/?ActionCodeURL=https://www.google.com/
Scanning: http://localhost/opn-re/?link=https://www.google.com/
Scanning: http://localhost/opn-re/?r2=https://www.google.com/
The vulnerable urls are: [http://localhost/opn-re/?url=https://www.google.com/]
Finished in: 740.6005ms
```
---
## Build
```bash
go build .
./opn-re
```
## LICENSE
This project is licensed under the MIT License. See the [LICENSE](https://github.com/aavision/opn-re/blob/main/LICENSE) file for details.