Item logo image for Orion Open Redirect Hunter

Orion Open Redirect Hunter

ExtensionDeveloper Tools5 users
Item media 3 (screenshot) for Orion Open Redirect Hunter
Item media 1 (screenshot) for Orion Open Redirect Hunter
Item media 2 (screenshot) for Orion Open Redirect Hunter
Item media 3 (screenshot) for Orion Open Redirect Hunter
Item media 1 (screenshot) for Orion Open Redirect Hunter
Item media 1 (screenshot) for Orion Open Redirect Hunter
Item media 2 (screenshot) for Orion Open Redirect Hunter
Item media 3 (screenshot) for Orion Open Redirect Hunter

Overview

Automated, safe scanner for Open Redirect vulnerabilities. Does not follow redirects; records Location/meta/JS evidence.

Orion Open Redirect Hunter automates manual tests for Open Redirect (Unvalidated Redirects/Forwards) in web apps. It injects benign, controlled payloads pointing to example.com and never follows redirects. Instead, it observes: HTTP 3xx Location headers HTML meta refresh tags JavaScript redirects (location.href, location.assign, location.replace) If a redirect to the canary destination is detected, the tool flags the URL as vulnerable and records clear evidence. Why it’s safe No redirect following: requests are issued with redirect handling disabled Benign payloads only (https://example.com, //example.com, and encoded variants) Timeouts & optional rate limiting to avoid stressing targets No third-party services: everything runs locally in your browser Key features Test one or many URLs (paste multiple; one per line) Auto-detect common redirect parameters (next, redirect_uri, returnTo, etc.) or specify your own Choose GET or HEAD, set timeout and delay between requests View results inline and Export JSON with full evidence (status, header, mechanism) Clear legal/ethical banner; intended for authorized testing only Typical use cases Security reviews of login flows, OAuth/OIDC callbacks, and post-login redirect chains AppSec CI/spot checks during release hardening Bug bounty triage and validation How it works (high level) You paste URLs to scan The tool sets candidate redirect parameters to benign URLs (and encoded variants) It sends requests with redirect=manual and inspects response headers and HTML Findings are displayed and can be exported as JSON Notes Only test systems you own or have permission to assess You may need to whitelist targets in your testing scope and follow responsible disclosure practices open redirect, unvalidated redirect, redirect_uri, OAuth, OIDC, AppSec, bug bounty, security testing, Location header, meta refresh, JavaScript redirect, penetration testing (authorized)

Details

  • Version
    1.0.0
  • Updated
    August 13, 2025
  • Offered by
    Shubham Singh
  • Size
    218KiB
  • Languages
    English (United States)
  • Developer
    Email
    shubhu877@gmail.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has disclosed that it will not collect or use your data. To learn more, see the developer’s privacy policy.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes
Google apps