Oralyzer — Exploitation | Tools

Description

Oralyzer detects open redirect vulnerabilities by testing URL parameters with multiple payloads and bypass techniques. Open redirects can be used for phishing, OAuth token theft, and SSRF chaining.

Installation

BASH

                            git clone https://github.com/r0075h3ll/Oralyzer.git
cd Oralyzer
pip3 install -r requirements.txt
                        

Basic Usage

                        BASH
                        
                            # Test single URL
python3 oralyzer.py -u "https://target.com/redirect?url=FUZZ"

# From URL list
python3 oralyzer.py -l urls.txt

Advanced Usage

                        BASH
                        
                            # Custom payload file
python3 oralyzer.py -u "https://target.com/redirect?url=FUZZ" -p payloads.txt

# With cookies
python3 oralyzer.py -u "https://target.com/redirect?url=FUZZ" -c "session=abc"

# Custom headers
python3 oralyzer.py -u "https://target.com/redirect?url=FUZZ" -H "Authorization: Bearer TOKEN"

Common Payloads

                        TEXT
                        
                    

                            # Classic
https://evil.com
//evil.com
/\evil.com
https://target.com@evil.com
https://evil.com%23.target.com
https://target.com.evil.com
//evil%00.com
//%0d%0aHost:evil.com
                        

Common Workflows

                        BASH
                        
                            # Collect redirect parameters from wayback
gau target.com | grep -iE "redirect|return|url|next|dest|rurl|window" | sort -u > redirect_urls.txt
python3 oralyzer.py -l redirect_urls.txt

# OAuth redirect exploitation
# Find OAuth authorize URL → inject redirect_uri with open redirect