How to Automate Hunting for Open Redirect
In this age of automation , Hunting for Open Redirect using Manual Method is like Running on Hands instead of Legs.
You can’t achieve anything without using your creative mind. It is a sad truth that you need an Automation System for Recon and Vulnerability Testing.
For that purpose I am going to teach you my method which I am using to hunt for Open Redirects.
Open Redirects are vastly found in URLs.
Tools Required :
- ParamSpider — To Find Parameters on Target domains.
- Subfinder : To gather Subdomains.
Firstly we will start a Subfinder scan on the target website and save it in a file. In my case the target is NASA.
We will do this by using the following command :
subfinder -d domain.com -o subdomain.txt
We will wait to end the enumeration .
The output will be saved in your specified file.
Then We will use 2nd Tool in our arsenal waybackurls by tomnomnom . You can use it get url and use the following command to sort the url that redirects using following command :
grep -Ei 'url=|next=|redirect=|return=|rurl=|go=|dest=|out=' waybacksubdomain.txt > redirect.txt
OR
we will start by gathering the Parameter URLs related to the target by using the ParamSpider.
You can install it : https://github.com/devanshbatham/ParamSpider
To do this we will use the following command :
paramspider -l subdomain.txt > paramspiderout.txt
Then you can extract the url with redirect parameters :
grep -Ei 'url=|next=|redirect=|return=|rurl=|go=|dest=|out=' nasaall > redirect_params.txt
By using this method I have got the following :
Unfortunately It is Duplicate.
Subscribe To My Newsletter :
https://spectatorguy.beehiiv.com/subscribe
Follow me on X :
https://x.com/spectat0rguy?t=bp6JxuQNWR
