Open Redirect Scanner

Last updated:

Scans all links and forms on any webpage for open redirect parameters — ?url=, ?next=, ?redirect=, ?return_to=, ?continue=, and 20+ other common redirect parameter names. Identifies URLs that accept external redirect targets, which can be exploited for phishing attacks.

Drag to your bookmarks bar:

🔀 Find Redirects
1
Install — drag to bookmarks bar
2
Visit any website
3
Click — scans all links and forms for redirect parameters

Runs on any website — all processing in your browser.

🔀

Install the bookmarklet, then use it on any website

Open Redirect Scanner

Open redirects allow attackers to craft URLs on a trusted domain that redirect to malicious sites. They are commonly exploited in phishing campaigns because the initial URL appears legitimate.

Open Redirect
A vulnerability where a web application redirects users to an attacker-controlled URL via a parameter like ?url= or ?next=.

🔀 Open Redirect Scanner — FAQ

What is an open redirect?

A URL parameter that controls where the user is sent. If it accepts external URLs, attackers can craft phishing links that appear to come from the trusted domain.

Are all redirect parameters vulnerable?

No — many applications validate the target URL. This tool identifies the parameters; manual testing is needed to confirm exploitability.

Can this be used for bug bounties?

Yes — open redirects are commonly accepted in bug bounty programs, though severity varies.

What makes external targets more dangerous?

Internal redirects (same domain) are usually benign. External targets mean the parameter accepts arbitrary URLs — the key indicator of an open redirect.

Does it test the redirects?

No — it identifies redirect parameters in links and forms. Testing requires crafting a payload URL and observing the redirect behavior.

💉

DOM XSS Scanner

Find XSS patterns.
📝

Form Security Auditor

Audit form security.
🔌

API Discovery

Find hidden API endpoints.
🧲

Page OSINT Extractor

Extract intelligence from any page.