New Module: http_redirect_scan

[securestep9]

feature #692 http_redirect_scan module scans for target websites returning 3xx response code and redirecting users to a different location (the redirection code and location URL are logged)

Checklist

• I have followed the Contributor Guidelines.
• The code has been thoroughly tested in my local development environment with flake8 and pylint.
• The code is Python 3 compatible.
• The code follows the PEP8 styling guidelines with 4 spaces indentation.
• This Pull Request relates to only one issue or only one feature
• I have referenced the corresponding issue number in my commit message
• I have added the relevant documentation.
• My branch is up-to-date with the Upstream master branch.

Changes proposed in this pull request

http_redirect_scan module checks if a target webserver returns an 3xx http status code and logs it along with the redirection URL as specified in the Location response header . This can be very useful for recon as some redirections can be going to a subdomain/URL not exposed anywhere else, the redirection can go to a login page and include an auth token/session id in the URL etc.

Additionally understanding the redirections within your organisation's subdomains can help you identify any unauthorised or malicious redirects that may have been set up by cybercriminals. By regularly monitoring and auditing the redirects on the subdomains of your organisation you can mitigate the risk of phishing attacks and subdomain hijacking

Your development environment

• OS: MacOS
• OS Version: 12.6
• Python Version: 3.11