loading
loading
Vulnerabilities
A Python tool that finds open redirection vulnerabilities by fuzzing a URL.
overview
Oralyzer scans a website for open redirect vulnerabilities by fuzzing the URL you give it, swapping in redirect payloads and checking whether the response sends the browser to an attacker-controlled destination. It runs against a single target with --url or a file of targets with --list, so it scales from one endpoint to a collected list.
It does more than open redirects. The -crlf mode tests for CRLF header-injection flaws, and --wayback pulls historical URLs from archive.org so the scan reaches paths the live site no longer links. Route requests through --proxy for inspection, and point --payload at your own file to control exactly which redirect strings get tested.
On Trickest, Oralyzer takes a URL or a list of URLs and writes a file and a folder of results. Drop it after URL collection to test the parameterized endpoints a crawler or archive miner surfaced, then query the redirect and CRLF findings alongside the rest of the workflow.
use cases
Fuzz a target or a URL list with redirect payloads and flag the endpoints that forward the browser off-site to an attacker-controlled host.
Enable -crlf so the same run also checks for header-injection flaws, covering two URL-level classes in a single pass.
Turn on --wayback to source historical URLs from archive.org, reaching parameterized paths the live site no longer links.
Send requests through --proxy for inspection and supply a --payload file to test the exact redirect strings you care about.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| url | STRING | --url | Scan a single target URL. |
| url-list | FILE | --list | Scan multiple targets from a file. |
| payload | FILE | --payload | Use redirect payloads from a file. |
| crlf-test | BOOLEAN | -crlf | Also scan for CRLF injection. |
| wayback | BOOLEAN | --wayback | Fetch URLs from archive.org. |
| proxy | STRING | --proxy | Route requests through a proxy. |
Showing key inputs. oralyzer exposes 6 inputs in total.
example
# fuzz collected URLs for open redirect, with a CRLF passoralyzer --list urls.txt --payload payloads.txt -crlf[ Oralyzer ] [i] Payloads loaded: 58[i] Target: https://example.com/out?url=FUZZ [+] Open Redirect: https://example.com/out?url=//203.0.113.10[+] Open Redirect: https://example.com/out?url=/%09/203.0.113.10[-] Not vulnerable: https://example.com/logout?next=FUZZ[!] CRLF Injection: https://example.com/set?lang=%0d%0aSet-Cookie:orlz=1guidance
Reach for Oralyzer when you want to test URLs for open redirect and, optionally, CRLF injection. It fuzzes the URL itself, so collect endpoints first. For a pure async open-redirect run with custom payloads, OpenRedireX is the close sibling.
Async open-redirect fuzzer with custom payloads. Oralyzer adds CRLF testing and Wayback sourcing.
Focused CRLF injection scanner. Oralyzer folds a CRLF check into an open-redirect tool.
XSS parameter scanner. Oralyzer covers the redirect and CRLF classes instead.
faq
related
A Go script for bypassing 403 forbidden responses.
An open-source tool that automates detecting and exploiting command injection.
Detect and abuse vulnerable implementations of stateless sessions.
A Python tool to find Cross-Origin Resource Sharing misconfigurations.
A tool to find HTTP splitting vulnerabilities.
Multi-threaded, IPv6-aware username enumeration via CVE-2018-15473.
A URL list feeds Oralyzer, which fuzzes each one for open redirect and CRLF flaws and writes the findings as a queryable output.
Facts on this page come from the live Trickest tool library.