Skills

hunt-open-redirect

Installation
SKILL.md

HUNT-OPEN-REDIRECT — Open Redirect

Crown Jewel Targets

Open redirect alone is Low. Chained to OAuth = Critical (ATO).

Highest-value chains:

  • Open redirect → OAuth auth code theft — redirect_uri contains open redirect on trusted domain → auth code sent to attacker → ATO
  • Open redirect → phishing — users trust the URL because it starts with target.com
  • Open redirect → SSRF escalation — if redirect followed server-side → SSRF
  • Open redirect → session fixation — force user to login endpoint with pre-set session

Attack Surface Signals

Installs
9
Repository
elementalsouls/…ughunter
GitHub Stars
2.6K
First Seen
Jun 5, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykFail
hunt-open-redirect — elementalsouls/claude-bughunter