OpenRedireX is a lightweight, high-performance fuzzer designed to identify Open Redirect vulnerabilities in modern web applications.
It focuses on accuracy over noise by using curated payloads, keyword-based fuzzing, and concurrent request handling to uncover exploitable redirect issues that are commonly missed during manual testing.
Ideal for bug bounty hunters, penetration testers, and security researchers.
- 🔍 Detects open redirects using smart payload injection
- ⚡ High-speed concurrent fuzzing
- 🎯 Keyword-based URL replacement (
FUZZby default) - 🧩 Supports custom payload lists
- 📈 Progress tracking with real-time feedback
- 🧪 Designed to minimize false positives
- 🛠 Simple CLI interface
Clone the repository and run the setup script:
git clone https://github.com/INTELEON404/OpenRedireX.git
cd OpenRedireX
chmod +x setup.sh
./setup.shOpenRedireX reads URLs from stdin and replaces a keyword with redirect payloads.
openredirex [-p payloads] [-k keyword] [-c concurrency]-
-p,--payloadsFile containing redirect payloads (default: built-in payload list) -
-k,--keywordKeyword in URL to replace (default: FUZZ) -
-c,--concurrencyNumber of concurrent requests (default: 100)
https://newsroom.example.com/logout?redirect=FUZZ
https://auth.example.com/logout?redirect_uri=FUZZ
https://example.com/page?next=FUZZcat urls.txt | openredirex -p payloads.txt -k FUZZ -c 50The tool will replace FUZZ with each payload and test for unsafe redirects concurrently.
OpenRedireX uses the following libraries:
argparseasyncioaiohttpconcurrent.futurestqdm
Install required external dependencies:
pip install aiohttp tqdmThis tool is intended for educational and authorized security testing only. Do not use OpenRedireX against systems without explicit permission. The author is not responsible for misuse.
- GitHub: https://github.com/INTELEON404
- Github: https://github.com/devanshbatham