Giter Club home page Giter Club logo

orhunter's Introduction

ORhunter

ORhunter is an Open Redirect Vulnerability Scanner which Passively Crawls URLs from 3 Sources & Then Filter Potential URLs based on Parameter Values, then finally hunt them for Unvalidated Open Redirect

Disclaimer

๐Ÿ’ป This project was created only for good purposes and personal use.

THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. YOU MAY USE THIS SOFTWARE AT YOUR OWN RISK. THE USE IS COMPLETE RESPONSIBILITY OF THE END-USER. THE DEVELOPERS ASSUME NO LIABILITY AND ARE NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE CAUSED BY THIS PROGRAM.

Features

  • Works on Windows/Linux/MacOS
  • Passively Crawls URLs from 3 Sources
Crawl URLs from
Wayback Machine
Common Crawl
AlienVault's OTX (Open Threat Exchange)
  • Filter Potentially Vulnerable URLs based on Parameter value
  • Replaces only those parameter's value whose parameter value is a URL with "http://evil.com"

Example : Converts this URL to http://example.com/index.php?r=http://google.com&version=34 to http://example.com/index.php?r=http://evil.com&version=34

  • If you want to test your own URLs List & don't want to crawl URLs then you can use --list flag
  • DeepCrawl Feature (If Enabled, then Ragno try to fetch URLs from all 74+ CommonCrawl APIs)
  • MultiThreading
  • Result of Subdomains could be excluded & included via CommandLine Argument (i.e. -s)
  • Save Result in TXT File
  • GET Based Unvalidated Open Redirect Vulnerability Scanner
  • Path Fragment Unvalidated Open Redirect Vulnerability Scanner [Under Development]

Prerequisite

  • Python 3.X
  • Few External Modules

Available Arguments

  • Optional Arguments
Short Hand Full Hand Description
-h --help show this help message and exit
-t THREAD --thread THREAD Number of Threads to Used. Default=50
-o OUTPUT --output OUTPUT Save Result in TXT file
-s --subs Include Result of Subdomains
--deepcrawl Uses All Available APIs of CommonCrawl for Crawling URLs [Takes Time]
  • Required Arguments
Short Hand Full Hand Description
-l URL_LIST --list URL_LIST URLs List, ex:- google_urls.txt
-d DOMAIN --domain DOMAIN Target Domain Name, ex:- google.com

How To Use in Linux

# Navigate to the /opt directory (optional)
$ cd /opt/

# Clone this repository
$ git clone https://github.com/PushpenderIndia/ORhunter.git

# Navigate to ORhunter folder
$ cd ORhunter

# Installing dependencies
$ apt-get update && apt-get install python3-pip
$ pip3 install numpy requests

# Giving Executable Permission
$ chmod +x orhunter.py

# Checking Help Menu
$ python3 orhunter.py --help

# Normal (Fast) URL Crawl + Testing GET based open redirect
$ python3 orhunter.py -d target.com 

# Normal (Fast) URL Crawl + Testing GET based open redirect + Include Subdomain's URLs
$ python3 orhunter.py -d target.com -s

# Normal (Fast) URL Crawl + Testing GET based open redirect + Include Subdomain's URLs + Save Result
$ python3 orhunter.py -d target.com -s -o result.txt

# Run Deep Crawl + Saving Result + Include Subdomain's URLs + Change Thread Number
$ python3 orhunter.py -d target.com -o result.txt -s --deepcrawl --thread 100

How To Use in Windows

# Install dependencies 
$ Install latest python 3.x from Official Site (https://www.python.org/downloads/)

# Clone this repository or Download Zip File
$ git clone https://github.com/PushpenderIndia/ORhunter.git

# Navigate to ORhunter folder
$ cd ORhunter

# Installing dependencies
$ python -m pip install numpy requests

# Checking Help Menu
$ python orhunter.py --help

# Checking Help Menu
$ python orhunter.py --help

# Normal (Fast) URL Crawl + Testing GET based open redirect
$ python orhunter.py -d target.com 

# Normal (Fast) URL Crawl + Testing GET based open redirect + Include Subdomain's URLs
$ python orhunter.py -d target.com -s

# Normal (Fast) URL Crawl + Testing GET based open redirect + Include Subdomain's URLs + Save Result
$ python orhunter.py -d target.com -s -o result.txt

# Run Deep Crawl + Saving Result + Include Subdomain's URLs + Change Thread Number
$ python orhunter.py -d target.com -o result.txt -s --deepcrawl --thread 100

Screenshot

Contribute

  • All Contributors are welcome, this repo needs contributors who will improve this tool to make it best.

Contact

[email protected]

More Features Coming Soon...

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.