OWASP WEB Directory Scanner [](https://twitter.com/intent/tweet?text=Wow:&url=https://github.com/stanislav-web/OpenDoor)
===============================================================================================================================================================================================================================
| Python | Linux | OSX |
|----------|-------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------|
| 3.7 |  |  |
| 3.8 |  |  |
| 3.9 |  |  |
| 3.10 |  |  |
| 3.11 |  |  |
**OpenDoor OWASP** is console multifunctional website's scanner.
This application finds all possible ways to login, index of/ directories, web shells, restricted access points, subdomains, hidden data and large backups.
The scanning is performed by the built-in dictionary and external dictionaries as well. Anonymity and speed are provided by means of using proxy servers.
Software is written for informational purposes and is open source product under the GPL license.
[](https://github.com/stanislav-web/OpenDoor/graphs/contributors)
[](https://badge.fury.io/py/opendoor)
[](https://www.python.org/)
[](https://opendoor.readthedocs.io/?badge=latest)
[](https://github.com/stanislav-web/OpenDoor/actions/workflows/codacy.yml)
[](https://github.com/stanislav-web/OpenDoor/actions/workflows/codespaces/create_codespaces_prebuilds)
[](https://github.com/stanislav-web/OpenDoor/actions/workflows/dependency-review.yml)
[](https://github.com/stanislav-web/OpenDoor/actions/workflows/github-code-scanning/codeql)
[Read The Docs](https://opendoor.readthedocs.io/)
* *Current 4.2.0 (29.07.2023)*
- Directories: 83012
- Subdomains: 255260
#### [Changelog](CHANGELOG.md) (last changes)
v4.2.0 (29.07.2023)
---------------------------
- Fixed: `--sniff skipempty,skipsizes=NUM:NUM...` moved pages to ignore in reports instead of just skipping
- Fixed: invalid response statuses received because of invalid headers were passed
- Fixed: --accept-cookie param. Now it is working correctly if the server provided Cookies for surfing
- Optimized `directories_count` and `subdomains_count` operation to reduce RAM usage.
- Removed: `-262` directories from internal wordlist because of trash
- Edit Keep-Alive connection type moved to a separate parameter `--keep-alive`
- Optimized internal wordlist directories.txt list (sort, removed trash lines)
***Testing of the software on the live commercial systems and organizations is prohibited!***
- ✅ directories scanner
- ✅ subdomains scanner
- ✅ multithreading control
- ✅ scan's reports
- ✅ HTTP(S) (PORT) support
- ✅ Keep-alive long pooling
- ✅ Invalid certificates scan
- ✅ HTTP(S)/SOCKS proxies
- ✅ dynamic request header
- ✅ custom wordlists prefixes
- ✅ custom wordlists, proxies, ignore lists
- ✅ debug levels (1-3)
- ✅ extensions filter
- ✅ custom reports directory
- ✅ custom config wizard (use random techniques)
- ✅ analyze techniques:
* detect redirects
* detect index of/ Apache
* detect large files
* skip 200 OK redirects
* skip empty pages
* heuristic detect invalid pages
* blank success page filter
* certificate required pages
- ✅ randomization techniques:
* random user-agent per request
* random proxy per request
* wordlists shuffling
* wordlists filters
#### Install PIP
```
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
```
#### Local installation and run
```
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
pip3 install -r requirements.txt
chmod +x opendoor.py
python3 opendoor.py --host http://www.example.com
```
#### Global installation (Preferably for OS distributions)
```
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 setup.py build && python3 setup.py install
opendoor --host http://www.example.com
```
#### Updates
```
python3 opendoor.py --update
opendoor --update
```
#### Help
```
usage: opendoor.py [-h] [--host HOST] [-p PORT] [-m METHOD] [-t THREADS]
[-d DELAY] [--timeout TIMEOUT] [-r RETRIES]
[--accept-cookies] [--debug DEBUG] [--tor]
[--torlist TORLIST] [--proxy PROXY] [-s SCAN] [-w WORDLIST]
[--reports REPORTS] [--reports-dir REPORTS_DIR]
[--random-agent] [--random-list] [--prefix PREFIX]
[-e EXTENSIONS] [-i IGNORE_EXTENSIONS] [--sniff SNIFF]
[--update] [--version] [--examples] [--docs]
[--wizard [WIZARD]]
optional arguments:
-h, --help show this help message and exit
required named options:
--host HOST Target host (ip); --host http://example.com
Application tools:
--update Update from CVS
--version Get current version
--examples Examples of usage
--docs Read documentation
--wizard [WIZARD] Run wizard scanner from your config
Debug tools:
--debug DEBUG Debug level -1 (silent), 1 - 3
Reports tools:
--reports REPORTS Scan reports (json,std,txt,html)
--reports-dir REPORTS_DIR
Path to custom reports dir
Request tools:
-p PORT, --port PORT Custom port (Default 80)
-m METHOD, --method METHOD
Request method (use HEAD as default)
-d DELAY, --delay DELAY
Delay between requests threading
--timeout TIMEOUT Request timeout (30 sec default)
-r RETRIES, --retries RETRIES
Max retries to reconnect (default 3)
--keep-alive Use keep-alive connection
--accept-cookies Accept and route cookies from responses
--tor Using built-in proxylist
--torlist TORLIST Path to custom proxylist
--proxy PROXY Custom permanent proxy server
--random-agent Randomize user-agent per request
Sniff tools:
--sniff SNIFF Response sniff plugins
(indexof,collation,file,skipempty,skipsize=INT)
Stream tools:
-t THREADS, --threads THREADS
Allowed threads
Wordlist tools:
-s SCAN, --scan SCAN Scan type scan=directories or scan=subdomains
-w WORDLIST, --wordlist WORDLIST
Path to custom wordlist
--random-list Shuffle scan list
--prefix PREFIX Append path prefix to scan host
-e EXTENSIONS, --extensions EXTENSIONS
Force use selected extensions for scan session -e
php,json e.g
-i IGNORE_EXTENSIONS, --ignore-extensions IGNORE_EXTENSIONS
Ignore extensions for scan session -i aspx,jsp e.g
```
#### Maintainers
- @stanislav-web <https://github.com/stanislav-web> (Developer)
### Tests
```
pip3 install -r requirements-dev.txt
python setup.py test
```
### Contributors
If you like to contribute to the development of the project, in that case, pull requests are open for you.
Also, you can suggest an ideas and create a task in my track list
[](http://www.gnu.org/licenses/gpl-3.0) [](https://saythanks.io/to/stanislav-web)
### Documentation
- [Read The Docs](https://opendoor.readthedocs.io/)
- [Opendoor OWASP CookBook](https://github.com/stanislav-web/OpenDoor/wiki)
- [Issues](https://github.com/stanislav-web/OpenDoor/issues)
Raw data
{
"_id": null,
"home_page": "https://github.com/stanislav-web/OpenDoor",
"name": "opendoor",
"maintainer": "Brain Storm Team",
"docs_url": null,
"requires_python": "",
"maintainer_email": "nomail@gmail.com",
"keywords": "owasp scanner,directory scanner,access directory scanner,fuzzer,auth scanner,dir search,dirmap",
"author": "Brain Storm Team",
"author_email": "nomail@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/d4/4c/ebbf28acdb6582d43897d27ec8a7d7ac4df9b63c9d54d03c7cd1d2236e12/opendoor-4.2.0.tar.gz",
"platform": "any",
"description": "OWASP WEB Directory Scanner [](https://twitter.com/intent/tweet?text=Wow:&url=https://github.com/stanislav-web/OpenDoor)\n===============================================================================================================================================================================================================================\n\n| Python | Linux | OSX |\n|----------|-------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------|\n| 3.7 \t |  |  |\n| 3.8 \t |  |  |\n| 3.9 \t |  |  |\n| 3.10 \t |  |  |\n| 3.11 \t |  |  |\n\n**OpenDoor OWASP** is console multifunctional website's scanner.\nThis application finds all possible ways to login, index of/ directories, web shells, restricted access points, subdomains, hidden data and large backups.\nThe scanning is performed by the built-in dictionary and external dictionaries as well. Anonymity and speed are provided by means of using proxy servers.\nSoftware is written for informational purposes and is open source product under the GPL license.\n\n \n[](https://github.com/stanislav-web/OpenDoor/graphs/contributors)\n[](https://badge.fury.io/py/opendoor)\n[](https://www.python.org/)\n\n[](https://opendoor.readthedocs.io/?badge=latest)\n[](https://github.com/stanislav-web/OpenDoor/actions/workflows/codacy.yml)\n[](https://github.com/stanislav-web/OpenDoor/actions/workflows/codespaces/create_codespaces_prebuilds)\n[](https://github.com/stanislav-web/OpenDoor/actions/workflows/dependency-review.yml)\n[](https://github.com/stanislav-web/OpenDoor/actions/workflows/github-code-scanning/codeql)\n\n[Read The Docs](https://opendoor.readthedocs.io/)\n\n* *Current 4.2.0 (29.07.2023)*\n - Directories: 83012\n - Subdomains: 255260\n \n#### [Changelog](CHANGELOG.md) (last changes)\nv4.2.0 (29.07.2023)\n---------------------------\n- Fixed: `--sniff skipempty,skipsizes=NUM:NUM...` moved pages to ignore in reports instead of just skipping\n- Fixed: invalid response statuses received because of invalid headers were passed\n- Fixed: --accept-cookie param. Now it is working correctly if the server provided Cookies for surfing\n- Optimized `directories_count` and `subdomains_count` operation to reduce RAM usage.\n- Removed: `-262` directories from internal wordlist because of trash\n- Edit Keep-Alive connection type moved to a separate parameter `--keep-alive`\n- Optimized internal wordlist directories.txt list (sort, removed trash lines)\n\n***Testing of the software on the live commercial systems and organizations is prohibited!***\n\n![Alt text](http://dl3.joxi.net/drive/2017/01/30/0001/0378/90490/90/e309742b5c.jpg \"OpenDoor OWASP\")\n\n- \u2705 directories scanner\n- \u2705 subdomains scanner\n- \u2705 multithreading control\n- \u2705 scan's reports\n- \u2705 HTTP(S) (PORT) support\n- \u2705 Keep-alive long pooling\n- \u2705 Invalid certificates scan\n- \u2705 HTTP(S)/SOCKS proxies\n- \u2705 dynamic request header\n- \u2705 custom wordlists prefixes\n- \u2705 custom wordlists, proxies, ignore lists\n- \u2705 debug levels (1-3)\n- \u2705 extensions filter\n- \u2705 custom reports directory\n- \u2705 custom config wizard (use random techniques)\n- \u2705 analyze techniques:\n * detect redirects\n * detect index of/ Apache\n * detect large files\n * skip 200 OK redirects\n * skip empty pages\n * heuristic detect invalid pages\n * blank success page filter\n * certificate required pages\n- \u2705 randomization techniques:\n * random user-agent per request\n * random proxy per request\n * wordlists shuffling\n * wordlists filters\n\n\n#### Install PIP\n```\ncurl https://bootstrap.pypa.io/get-pip.py -o get-pip.py\n```\n\n#### Local installation and run\n```\n git clone https://github.com/stanislav-web/OpenDoor.git\n cd OpenDoor/\n pip3 install -r requirements.txt\n chmod +x opendoor.py\n\n python3 opendoor.py --host http://www.example.com\n```\n\n#### Global installation (Preferably for OS distributions)\n```\n git clone https://github.com/stanislav-web/OpenDoor.git\n cd OpenDoor/\n python3 setup.py build && python3 setup.py install\n\n opendoor --host http://www.example.com\n```\n\n\n#### Updates\n```\n python3 opendoor.py --update\n opendoor --update\n```\n\n#### Help\n```\nusage: opendoor.py [-h] [--host HOST] [-p PORT] [-m METHOD] [-t THREADS]\n [-d DELAY] [--timeout TIMEOUT] [-r RETRIES]\n [--accept-cookies] [--debug DEBUG] [--tor]\n [--torlist TORLIST] [--proxy PROXY] [-s SCAN] [-w WORDLIST]\n [--reports REPORTS] [--reports-dir REPORTS_DIR]\n [--random-agent] [--random-list] [--prefix PREFIX]\n [-e EXTENSIONS] [-i IGNORE_EXTENSIONS] [--sniff SNIFF]\n [--update] [--version] [--examples] [--docs]\n [--wizard [WIZARD]]\n\noptional arguments:\n -h, --help show this help message and exit\n\nrequired named options:\n --host HOST Target host (ip); --host http://example.com\n\nApplication tools:\n --update Update from CVS\n --version Get current version\n --examples Examples of usage\n --docs Read documentation\n --wizard [WIZARD] Run wizard scanner from your config\n\nDebug tools:\n --debug DEBUG Debug level -1 (silent), 1 - 3\n\nReports tools:\n --reports REPORTS Scan reports (json,std,txt,html)\n --reports-dir REPORTS_DIR\n Path to custom reports dir\n\nRequest tools:\n -p PORT, --port PORT Custom port (Default 80)\n -m METHOD, --method METHOD\n Request method (use HEAD as default)\n -d DELAY, --delay DELAY\n Delay between requests threading\n --timeout TIMEOUT Request timeout (30 sec default)\n -r RETRIES, --retries RETRIES\n Max retries to reconnect (default 3)\n --keep-alive Use keep-alive connection\n --accept-cookies Accept and route cookies from responses\n --tor Using built-in proxylist\n --torlist TORLIST Path to custom proxylist\n --proxy PROXY Custom permanent proxy server\n --random-agent Randomize user-agent per request\n\nSniff tools:\n --sniff SNIFF Response sniff plugins\n (indexof,collation,file,skipempty,skipsize=INT)\n \nStream tools:\n -t THREADS, --threads THREADS\n Allowed threads\n\nWordlist tools:\n -s SCAN, --scan SCAN Scan type scan=directories or scan=subdomains\n -w WORDLIST, --wordlist WORDLIST\n Path to custom wordlist\n --random-list Shuffle scan list\n --prefix PREFIX Append path prefix to scan host\n -e EXTENSIONS, --extensions EXTENSIONS\n Force use selected extensions for scan session -e\n php,json e.g\n -i IGNORE_EXTENSIONS, --ignore-extensions IGNORE_EXTENSIONS\n Ignore extensions for scan session -i aspx,jsp e.g\n```\n\n#### Maintainers\n- @stanislav-web <https://github.com/stanislav-web> (Developer)\n\n### Tests\n```\npip3 install -r requirements-dev.txt\npython setup.py test\n```\n\n### Contributors\nIf you like to contribute to the development of the project, in that case, pull requests are open for you.\nAlso, you can suggest an ideas and create a task in my track list\n\n[](http://www.gnu.org/licenses/gpl-3.0) [](https://saythanks.io/to/stanislav-web) \n\n### Documentation\n- [Read The Docs](https://opendoor.readthedocs.io/)\n- [Opendoor OWASP CookBook](https://github.com/stanislav-web/OpenDoor/wiki)\n- [Issues](https://github.com/stanislav-web/OpenDoor/issues)\n\n\n\n",
"bugtrack_url": null,
"license": "GPL",
"summary": "OWASP WEB Directory Scanner",
"version": "4.2.0",
"project_urls": {
"Download": "https://github.com/stanislav-web/OpenDoor/archive/refs/heads/master.zip",
"Homepage": "https://github.com/stanislav-web/OpenDoor"
},
"split_keywords": [
"owasp scanner",
"directory scanner",
"access directory scanner",
"fuzzer",
"auth scanner",
"dir search",
"dirmap"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "d44cebbf28acdb6582d43897d27ec8a7d7ac4df9b63c9d54d03c7cd1d2236e12",
"md5": "87bc68c93a199d3107f92f5b124bb7f4",
"sha256": "7b9cc925167b79332407d4c1eeb79ee8953dc9f439ae2660b5b3a0988f95b452"
},
"downloads": -1,
"filename": "opendoor-4.2.0.tar.gz",
"has_sig": false,
"md5_digest": "87bc68c93a199d3107f92f5b124bb7f4",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 1701010,
"upload_time": "2023-07-29T10:16:20",
"upload_time_iso_8601": "2023-07-29T10:16:20.606405Z",
"url": "https://files.pythonhosted.org/packages/d4/4c/ebbf28acdb6582d43897d27ec8a7d7ac4df9b63c9d54d03c7cd1d2236e12/opendoor-4.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-07-29 10:16:20",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "stanislav-web",
"github_project": "OpenDoor",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"circle": true,
"requirements": [],
"lcname": "opendoor"
}
JSON
