loading
loading
Vulnerabilities
An asynchronous open redirect fuzzer.
overview
OpenRedireX tests URLs for open redirect vulnerabilities by replacing a marked keyword in each URL with redirect payloads and watching where the response tries to send the browser. It runs on a single URL or a whole file of parameterized URLs, and fires the requests asynchronously so a long list clears fast.
You control the payloads. Point --payloads at a file of redirect tricks to test the exact cases you care about, and set --keyword when your URLs mark the injection point with something other than FUZZ. OpenRedireX reports the Location header history, so a chained redirect shows the full hop path a payload took.
It sits after URL collection in a testing pipeline. Feed it endpoints from a crawler like katana or an archive miner like gau, tune --concurrency to the target's tolerance, and it writes the URLs that redirect off-site under a crafted payload.
use cases
Feed a file of parameterized URLs and let OpenRedireX swap each parameter for redirect payloads, flagging the ones that send the browser off-site.
Point --payloads at a payloads file to run the exact redirect tricks you want, rather than a fixed built-in set.
Read the reported Location header history to see the full hop path a payload triggered, not only the first redirect.
Raise or lower --concurrency to move a large URL file fast while staying within the target's tolerance.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| url | STRING | · | Single URL to test. |
| urls-file | FILE | · | File of URLs with parameters to test. |
| payloads-file | FILE | --payloads | File of redirect payloads to use. |
| keyword | STRING | --keyword | Keyword in URLs to replace with the payload (default FUZZ). |
| concurrency | STRING | --concurrency | Number of concurrent tasks (default 100). |
Showing key inputs. openredirex exposes 5 inputs in total.
example
# fuzz a list of parameterized URLs with custom redirect payloadscat urls.txt | openredirex --payloads payloads.txt --keyword FUZZ --concurrency 50[i] Reading URLs from input[i] Loaded 18 payloads[+] Testing https://example.com/login?next=FUZZ[VULN] https://example.com/login?next=//203.0.113.10 Location: //203.0.113.10[VULN] https://example.com/redirect?url=https:203.0.113.10 Location: https://203.0.113.10[-] https://example.com/goto?to=FUZZ (no open redirect)[i] Done. 2 of 3 URLs vulnerable.guidance
Reach for OpenRedireX when you have parameterized URLs and want to test them for open redirects with your own payloads. It fuzzes a marked keyword, so collect URLs first with a crawler or archive miner. For broad multi-class scanning, use a general scanner.
Another open-redirect fuzzer that also checks CRLF. OpenRedireX leans on async speed and custom payload files.
Rewrites query-string values to seed payloads. Pair it with OpenRedireX to build the URL list to fuzz.
XSS-focused parameter scanner. OpenRedireX is the narrower tool for the open-redirect class.
faq
related
A Go script for bypassing 403 forbidden responses.
An open-source tool that automates detecting and exploiting command injection.
Detect and abuse vulnerable implementations of stateless sessions.
A Python tool to find Cross-Origin Resource Sharing misconfigurations.
A tool to find HTTP splitting vulnerabilities.
Multi-threaded, IPv6-aware username enumeration via CVE-2018-15473.
A URL list and a payloads file feed OpenRedireX, which fuzzes each URL and writes the ones vulnerable to open redirect as a queryable output.
Facts on this page come from the live Trickest tool library.