Skip to content
/ Redirect-Tracker Public

Designed to identify 🔎 open redirect vulnerabilities🪲 which can be chained 🔗⚓ with other vulnerabilities. this tool leverages asynchronous operations that reduce scan time by 80%, significantly enhancing its eficiency.⚓⚓

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DNcrypter/Redirect-Tracker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
scripts
scripts
 
 
static
static
 
 
README.md
README.md
 
 
Redirect-Tracker.py
Redirect-Tracker.py
 
 
payloads.txt
payloads.txt
 
 
requirement.txt.txt
requirement.txt.txt
 
 
setup.sh
setup.sh
 
 

Repository files navigation

Redirect-Tracker

Designed to identify 🔎 open redirect vulnerabilities🪲 which can be chained 🔗⚓ with other vulnerabilities. this tool leverages asynchronous operations that reduce scan time by 80%, significantly enhancing its eficiency.⚓⚓

MIT License LinkedIn Medium

Redirect-Tracker

Installation

1. clone the repository

git clone https://github.com/DNcrypter/Redirect-Tracker.git

2. move to directory

cd Redirect-Tracker

3. Run setup.sh

sudo chmod +x setup.sh
./setup.sh

Usage

You can run the script from the command line with these options:

Redirect-Tracker [-p payloads] [-k keyword] [-c concurrency] -v [verbose]
  • -p, --payloads: File containing a list of payloads. If not specified, a hardcoded list is used.
  • -k, --keyword: Keyword in URLs to replace with payload. Default is "FUZZ".
  • -c, --concurrency: Number of concurrent tasks. Default is 50.

Note:- The script takes a list of URLs as input. Each URL must include the keyword defined by the -k option. The script substitutes the keyword with each payload and tries to fetch the modified URL.

Example usage:

cat list_of_urls.txt |  Redirect-Tracker -p payloads.txt -k "FUZZ" -c 100

List of URLs should look like below:

$>> cat list_of_urls.txt

https://admin.xyz.com/logout?redirect=FUZZ
https://auth.xyz.com/auth/realms/sonatype/protocol/openid-connect/logout?redirect_uri=test
https://xyz.com/php?test=baz&foo=bar

This example reads URLs from the file list_of_urls.txt, replaces all the values of the parameters to FUZZ (if --keyword is not supplied), then again replaces the keyword FUZZ or the supplied keyword with each payload from payloads.txt, and fetches each URL concurrently, with a maximum of 50 concurrent tasks.

Dependencies🔗

The script uses the following libraries:

  • argparse for handling command-line arguments.
  • aiohttp for making HTTP requests.
  • tqdm for displaying progress.
  • concurrent.futures for handling concurrent tasks.
  • asyncio for managing asynchronous tasks.

All dependencies are already installed using setup.sh. If any error occurs use below cmd:

pip install requirements.txt

Disclaimer:🔎🔎

You can use this script to check for open redirects in web applications. However, you should only use it on systems that you have been given explicit permission to test.

âš“Contributions:

Pull requests are always welcome as they help us grow as a community.

About

Designed to identify 🔎 open redirect vulnerabilities🪲 which can be chained 🔗⚓ with other vulnerabilities. this tool leverages asynchronous operations that reduce scan time by 80%, significantly enhancing its eficiency.⚓⚓

Topics

python tool shell-script vapt

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages