https://github.com/denoyey/open-redirect

Scan and detect open redirect issues in web applications using automated payload injection. Ideal for security testing and reconnaissance.
https://github.com/denoyey/open-redirect

cybersecurity hacking open-redirect open-redirect-detection open-redirect-injection pentesting tools-python vulnerability-detection

Last synced: 10 months ago
JSON representation

Scan and detect open redirect issues in web applications using automated payload injection. Ideal for security testing and reconnaissance.

• Host: GitHub
• URL: https://github.com/denoyey/open-redirect
• Owner: denoyey
• License: mit
• Created: 2025-08-22T01:01:44.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2025-08-22T01:40:14.000Z (10 months ago)
• Last Synced: 2025-08-22T03:37:49.593Z (10 months ago)
• Topics: cybersecurity, hacking, open-redirect, open-redirect-detection, open-redirect-injection, pentesting, tools-python, vulnerability-detection
• Language: Python
• Homepage:
• Size: 921 KB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


# OPEN-REDIRECT



  





Open-Redirect is a tool for detecting open redirect vulnerabilities in web applications. These flaws allow attackers to redirect users to malicious sites using trusted URLs. This tool tests various parameters and payloads to identify unsafe redirects. Ideal for penetration testing and web security education.





![Build](https://img.shields.io/badge/build-stable-28a745?style=for-the-badge&logo=github)

![Platform](https://img.shields.io/badge/platform-Linux-0078D6?style=for-the-badge&logo=linux&logoColor=white)

![Last Commit](https://img.shields.io/github/last-commit/denoyey/Open-Redirect?style=for-the-badge&logo=git)

![Language](https://img.shields.io/github/languages/top/denoyey/Open-Redirect?style=for-the-badge&color=informational)

![Technologies](https://img.shields.io/badge/technologies-%20Python-yellow?style=for-the-badge&logo=terminal)

![Stars](https://img.shields.io/github/stars/denoyey/Open-Redirect?style=for-the-badge&color=ffac33&logo=github)

![Forks](https://img.shields.io/github/forks/denoyey/Open-Redirect?style=for-the-badge&color=blueviolet&logo=github)

![Issues](https://img.shields.io/github/issues/denoyey/Open-Redirect?style=for-the-badge&logo=github)

![Contributors](https://img.shields.io/github/contributors/denoyey/Open-Redirect?style=for-the-badge&color=9c27b0)










## 🛠️ Features

- Multi-threaded scanning

- Supports scanning single URLs or URL lists

- Built-in payloads and redirect parameter list

- Custom headers and user-agents

- JSON and CSV export formats

- Simple, CLI-based interface

## 🖥️ Requirements

- Python **3.8+**

- Works on **Linux** and other

- Internet connection (to test redirects)

## 📦 Installation

```bash

git clone https://github.com/denoyey/Open-Redirect.git

cd Open-Redirect

pip install -r requirements.txt

```

## 🚀 Usage

Scan Single URL

```bash

python openredirect.py

```

> Choose option [1] and input the target URL when prompted.

Example:

```bash

https://example.com/redirect?url=

```

## 📄 Scan from File

Prepare a .txt file containing one URL per line, then:

```bash

python openredirect.py

```

> Choose option [2] and enter the file path when prompted.

## 🧪 Payloads & Parameters

- **Payloads**: Over 50 encoded and obfuscated redirect payloads are used to test for various bypass techniques.

- **Parameters**: Includes 60+ common redirect-related parameters like `url`, `redirect`, `next`, `target`, `dest`, and more.

> You can expand the list by modifying `bypass_payloads` and `redirect_params` in the script.

## 💾 Output Files

- `result.json` — JSON formatted scan results.

- `result.csv` — CSV formatted scan results.

- `log.txt` — Full scan log output.

## 🙌 Credits

Developed by denoyey. 


Built for educational and ethical penetration testing purposes only. 


Contributions and pull requests are welcome!