New: CheckVibe MCP server — scan from Claude Code and Cursor nativelyRead the docs
Find URL redirect vulnerabilities that attackers use for phishing campaigns.
Overview
Open redirects allow attackers to craft URLs on your domain that redirect users to malicious sites. These are commonly exploited in phishing attacks because the initial URL appears trustworthy. Our scanner tests redirect parameters and login flows for unvalidated redirect destinations.
What this scanner does
Tests URL parameters commonly used for redirects (redirect, return_to, next, url, etc.) with external URLs. Checks login/logout flows for open redirect vulnerabilities and tests for redirect bypass techniques.
Why it matters
Open redirects let attackers use your trusted domain for phishing. A URL like yoursite.com/login?redirect=evil.com looks legitimate but sends users to an attacker-controlled page. This is especially dangerous after login flows where users expect to land on your site.
Common findings
OWASP Top 10 coverage
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Related checks
Vulnerability Detection
Test your login, signup, and password reset flows for common security weaknesses.
Vulnerability Detection
Test form fields and API inputs for proper validation and sanitization.
Vulnerability Detection
Find XSS vulnerabilities that could let attackers inject malicious scripts into your pages.
