r0075h3ll / oralyzer Goto Github PK
View Code? Open in Web Editor NEWOpen Redirection Analyzer
License: GNU General Public License v3.0
Open Redirection Analyzer
License: GNU General Public License v3.0
Sometimes i got this error, tested with Python 3.9/3.10
Hey man!
I tried to use your tool, but i got this error:
�[92m ____ __
/ __ \_______ _/ /_ _____ ___ ____
/ /_/ / __/ _ `/ / // /_ // -_) __/
\____/_/ \_,_/_/\_, //__/\__/_/
/___/
�[00m
Traceback (most recent call last):
File "oralyzer.py", line 50, in <module>
file = open(FilePath).read().splitlines()
File "C:\Users\XXXXXX\AppData\Local\Programs\Python\Python37\lib\encodings\cp1252.py", line 23, in decode
return codecs.charmap_decode(input,self.errors,decoding_table)[0]
UnicodeDecodeError: 'charmap' codec can't decode byte 0x81 in position 1215: character maps to <undefined>
The command (python 3): python oralyzer.py -u https:///it?requestUrl=site.com
Hope you can resolve it!
when it says Header Based Redirection
what headers is it using?
very good tool, just need to save the results. I'm saving >>
After the recent update, the tool throws some error when you try to run from outside the tool directory.
▶ python3 Oralyzer/oralyzer.py -h
____ __
/ __ \_______ _/ /_ _____ ___ ____
/ /_/ / __/ _ `/ / // /_ // -_) __/
\____/_/ \_,_/_/\_, //__/\__/_/
/___/
Traceback (most recent call last):
File "Oralyzer/oralyzer.py", line 13, in <module>
from core.wayback import get_urls
File "/Users/gaurangbhatnagar/Flow-Tools/Oralyzer/core/wayback.py", line 2, in <module>
from core.others import good,bad,info
File "/Users/gaurangbhatnagar/Flow-Tools/Oralyzer/core/others.py", line 19, in <module>
with open('core/config.json', 'r') as file:
FileNotFoundError: [Errno 2] No such file or directory: 'core/config.json'
This only works when you navigate to the folder and run the tool.
▶ cd Oralyzer
▶ python3 oralyzer.py -h
____ __
/ __ \_______ _/ /_ _____ ___ ____
/ /_/ / __/ _ `/ / // /_ // -_) __/
\____/_/ \_,_/_/\_, //__/\__/_/
/___/
usage: oralyzer.py [-h] [-u URL] [-l PATH] [-crlf] [-p PAYLOAD] [--proxy] [--wayback]
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL scan single target
-l PATH, --list PATH scan multiple target
-crlf scan for CRLF Injection
-p PAYLOAD, --payload PAYLOAD
use payloads from a file
--proxy use proxy
--wayback fetch URLs from archive.org
/https://www.google.com
//https://www.google.com
?next=https://www.google.com
?url=https://www.google.com
?target=https://www.google.com
?rurl=https://www.google.com
?dest=https://www.google.com
?destination=https://www.google.com
?redir=https://www.google.com
?redirect_uri=https://www.google.com
?redirect_url=https://www.google.com
?redirect=https://www.google.com
/redirect/https://www.google.com
/cgi-bin/redirect.cgi?https://www.google.com
/out/https://www.google.com
/out?https://www.google.com
?view=https://www.google.com
/login?to=https://www.google.com
?image_url=https://www.google.com
?go=https://www.google.com
?return=https://www.google.com
?returnTo=https://www.google.com
?return_to=https://www.google.com
?checkout_url=https://www.google.com
?continue=https://www.google.com
?return_path=https://www.google.com
╭─kali@kali ~/Desktop/Tools/Oralyzer ‹master●›
╰─$ python3 oralyzer.py -u http://testphp.vulnweb.com/showimage.php\?file\=8 1 ↵
Oralyzer
[!] Infusing payloads
Traceback (most recent call last):
File "/home/kali/Desktop/Tools/Oralyzer/oralyzer.py", line 260, in
analyze(url)
File "/home/kali/Desktop/Tools/Oralyzer/oralyzer.py", line 55, in analyze
testingBreak = request(multiTestCall[1],params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/Desktop/Tools/Oralyzer/oralyzer.py", line 74, in request
funcBreak = check(page, page.request.url)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/Desktop/Tools/Oralyzer/oralyzer.py", line 215, in check
sourcesMatch = list(dict.fromkeys(re.findall("|".join(escapedSourcesSinks), str(soup))))
^^^^^^^^^
File "/home/kali/.local/lib/python3.11/site-packages/bs4/element.py", line 1075, in unicode
return self.decode()
^^^^^^^^^^^^^
File "/home/kali/.local/lib/python3.11/site-packages/bs4/init.py", line 626, in decode
return prefix + super(BeautifulSoup, self).decode(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/.local/lib/python3.11/site-packages/bs4/element.py", line 1111, in decode
formatter = self.formatter_for_name(formatter)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/kali/.local/lib/python3.11/site-packages/bs4/element.py", line 167, in formatter_for_name
if isinstance(formatter, collections.Callable):
^^^^^^^^^^^^^^^^^^^^
AttributeError: module 'collections' has no attribute 'Callable'
Requirement already satisfied: requests in /home/marcmx/.local/lib/python3.8/site-packages (from -r requirements.txt (line 1)) (2.20.0)
Collecting bs4
Using cached bs4-0.0.1.tar.gz (1.1 kB)
ERROR: Could not find a version that satisfies the requirement urllib.parse (from -r requirements.txt (line 3)) (from versions: none)
ERROR: No matching distribution found for urllib.parse (from -r requirements.txt (line 3))
python3 oralyzer.py -u https://target --wayback -o res.txt
Oralyzer {Open Redirection Analyzer}
[•] Getting juicy URLs with waybackurls
Traceback (most recent call last):
File "oralyzer.py", line 164, in
get_urls(url, output)
File "/root/gaurav/Oralyzer/core/wayback.py", line 32, in get_urls
no_output = subprocess.run(['waybackurls', url], capture_output=True, text=True)
File "/usr/lib64/python3.6/subprocess.py", line 423, in run
with Popen(*popenargs, **kwargs) as process:
TypeError: init() got an unexpected keyword argument 'capture_output'
Oralyzer {Open Redirection Analyzer}
[•] Appending payloads just after the URL
[•] Infusing payloads
Traceback (most recent call last):
File "oralyzer.py", line 153, in
analyze(url)
File "oralyzer.py", line 96, in analyze
page = requests.get(uri, allow_redirects=False, headers=header, timeout=15)
File "/home/marcmx/.local/lib/python3.8/site-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/home/marcmx/.local/lib/python3.8/site-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/home/marcmx/.local/lib/python3.8/site-packages/requests/sessions.py", line 524, in request
resp = self.send(prep, **send_kwargs)
File "/home/marcmx/.local/lib/python3.8/site-packages/requests/sessions.py", line 631, in send
adapter = self.get_adapter(url=request.url)
File "/home/marcmx/.local/lib/python3.8/site-packages/requests/sessions.py", line 722, in get_adapter
raise InvalidSchema("No connection adapters were found for '%s'" % url)
requests.exceptions.InvalidSchema: No connection adapters were found for 'www.google.com/http://www.google.com'
Traceback (most recent call last):
File "/home/geo/Oralyzer/oralyzer.py", line 19, in
from core.wayback import get_urls
ModuleNotFoundError: No module named 'core.wayback'
I had previously created the same issue. The issue isn't fixed yet.
Can you run this tool from your home directory? It doesn't work at my end.
Traceback (most recent call last):
File "oralyzer.py", line 19, in
from core.wayback import getURLs
ModuleNotFoundError: No module named 'core.wayback'
ERROR: No matching distribution found for urllib.parse (from -r requirements.txt (line 3))
Can't install with python 3.7 and 3.8.
Got the error:
ERROR: Could not find a version that satisfies the requirement urllib.parse (from -r requirements.txt (line 3)) (from versions: none)
ERROR: No matching distribution found for urllib.parse (from -r requirements.txt (line 3))
Or:
Could not install packages due to an EnvironmentError: 404 Client Error: Not Found for url: https://pypi.org/simple/urllib-parse/
If I run this tool from some another directory, the tool does not work.
python3 /<path-to-oralyzer>/Oralyzer/oralyzer.py -f urls.txt
This probably is happening because of the following code:
file = open('payloads.txt','r')
The script is looking into the current directory for payloads.txt.
This can be fixed if you can add a switch to provide the path/directory where payloads.txt reside.
I just found your tool and I'm very impressed with it.
I see there is even a DOM XSS module, although limited. I would like to share https://portswigger.net/blog/introducing-dom-invader with you. If you scroll down to about half way down the page you can see more sources and sinks to add to your script.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.