New Module: http_redirect_scan #692
Assignees
Labels
new module
pull request with new module(s)
Comments
securestep9
added a commit
that referenced
this issue
Jul 2, 2023
feature #692 http_redirect_scan module scans for target websites returning 3xx response code and redirecting users to a different location
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
http_redirect_scan module checks if a target webserver returns an 3xx http status code and logs it along with the redirection URL as specified in the Location response header . This can be very useful for recon as some redirections can be going to a subdomain/URL not exposed anywhere else, the redirection can go to a login page and include an auth token/session id in the URL etc.
Additionally understanding the redirections within subdomains can help you identify any unauthorised or malicious redirects that may have been set up by cybercriminals. By regularly monitoring and auditing these redirects on the subdomains of your organisation you can mitigate the risk of phishing attacks and subdomain hijacking
The text was updated successfully, but these errors were encountered: