Open Redirects
Identifies redirect parameters (`redirect`, `url`, `next`, `return_to`) that attackers exploit to redirect victims to malicious sites.
RECONANALYSIS
Free account required
URL Analysis
Find open redirects, SSRF indicators, and injection points in any URL.
Parse and analyze URLs for common vulnerability patterns before you even send a request. Detects dangling redirects, cloud metadata endpoints, encoded injection payloads, and suspicious parameter names that signal SSRF or open redirect opportunities.
What it detects
Open Redirects
SSRF Indicators
Parameter Injection Points
Encoded Payloads
Detection capabilities
What URL Analysis finds
SSRF Indicators
Flags URLs pointing to cloud metadata endpoints (169.254.169.254), internal IP ranges, and localhost aliases.
Parameter Injection Points
Highlights parameters that commonly accept payloads for SQLi, XSS, or path traversal.
Encoded Payloads
Decodes URL encoding, double encoding, and Unicode escapes to expose hidden injection attempts.
Step-by-step guide
How to use URL Analysis
Paste your URL
Enter the full URL including query parameters. Supports encoded, double-encoded, and Unicode URLs.
Analyze
The tool parses all parameters, fragments, and path components for known vulnerability patterns.
Review findings
Each flagged element shows the risk type, affected parameter, and recommended test payload.
Keep going
Related tools
RECON
Subdomain Finder
Enumerate subdomains via DNS records, certificate transparency logs, and brute-force.
Use tool →
RECON
URL Finder
Discover hidden endpoints, admin paths, and API routes from any web application.
Use tool →
ANALYSIS
Security Headers
Inspect HTTP security headers and detect missing CSP, HSTS, and clickjacking protections.
Use tool →
RaSEC Platform
Run URL Analysis as part of an overnight hunt.
All 8 tools in coordinated sequence
Deterministic reproduction
Copy-paste PoC reports
No credit cardCancel anytimeFree forever tier