InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties…

Follow publication

Spectat0rguy
InfoSec Write-ups
Published in
2 min readFeb 12, 2025

How to Automate Hunting for Open Redirect

Image by Freepik

In this age of automation , Hunting for Open Redirect using Manual Method is like Running on Hands instead of Legs.

You can’t achieve anything without using your creative mind. It is a sad truth that you need an Automation System for Recon and Vulnerability Testing.

For that purpose I am going to teach you my method which I am using to hunt for Open Redirects.

Open Redirects are vastly found in URLs.

Tools Required :

  • ParamSpider — To Find Parameters on Target domains.
  • Subfinder : To gather Subdomains.

Firstly we will start a Subfinder scan on the target website and save it in a file. In my case the target is NASA.

We will do this by using the following command :

subfinder -d domain.com -o subdomain.txt
Image by Author

We will wait to end the enumeration .

The output will be saved in your specified file.

Then We will use 2nd Tool in our arsenal waybackurls by tomnomnom . You can use it get url and use the following command to sort the url that redirects using following command :

grep -Ei 'url=|next=|redirect=|return=|rurl=|go=|dest=|out=' waybacksubdomain.txt > redirect.txt

OR

we will start by gathering the Parameter URLs related to the target by using the ParamSpider.

You can install it : https://github.com/devanshbatham/ParamSpider

To do this we will use the following command :

paramspider -l subdomain.txt > paramspiderout.txt

Then you can extract the url with redirect parameters :

grep -Ei 'url=|next=|redirect=|return=|rurl=|go=|dest=|out=' nasaall > redirect_params.txt

By using this method I have got the following :

Unfortunately It is Duplicate.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by Spectat0rguy

Blogger | Entrepreneur | Technical writer of Cyber Sec & Bug Bounty | X : https://x.com/spectat0rguy?t=bp6JxuQNWR

Responses (1)

Write a response

Great read :)

--