| Python | Linux | macOS | Windows |
|---|---|---|---|
| 3.12 | |||
| 3.13 | |||
| 3.14 |
OpenDoor OWASP is a multifunctional console website scanner.
This application finds possible login entry points, Index of/ directories, web shells, restricted access points, subdomains, hidden data, and large backup files.
Scanning is performed using both the built-in dictionary and external dictionaries.
Anonymity and speed are provided through the use of proxy servers.
The software is written for informational purposes and is released as an open-source product under the GPL license.
The project is part of BlackArch Linux and is maintained and supported by the community.
- Current 5.8.0 (23.04.2026)
- Directories: 110875
- Subdomains: 255359
Changelog (last changes)
- (feature) Added persistent scan sessions with
--session-saveand--session-load. - (feature) Added checkpoint autosave controls:
--session-autosave-secand--session-autosave-items. - (feature) Added logical scan state restore for pending queue, processed items, recursive state and partial results.
- (feature) Added session snapshot validation with schema version checks and checksum verification.
- (feature) Added atomic session writes with
.tmpswap and.bakfallback recovery. - (feature) Added controller-level restore flow so resumed scans continue from saved session state instead of restarting from zero.
- (feature) Kept persistent sessions strictly opt-in: no session file is created or updated unless session mode is explicitly enabled.
- (improvement) Hardened browser runtime so legacy non-session flows and existing pause/resume behavior remain unchanged when session mode is disabled.
- (improvement) Improved session compatibility across interrupted scans, graceful stops and resumed executions.
- (tests) Expanded regression coverage across browser session lifecycle, controller restore flow, config accessors and session file validation.
- (tests) Coverage gate now passes at 98%.
- ✅ directories scanner
- ✅ recursive directory scanner
- ✅ subdomains scanner
- ✅ target input sources
- single target via
--host - multi-target file via
--hostlist - standard input via
--stdin
- single target via
- ✅ technology fingerprinting
- heuristic application stack detection via
--fingerprint - identify probable CMS, ecommerce platforms, frameworks, site builders, and static-site tooling
- detect infrastructure providers such as AWS, Cloudflare, Vercel, Netlify, GitHub Pages, GitLab Pages, Heroku, Azure, Google Cloud, Fastly, Akamai, and OpenResty
- print application and infrastructure confidence in the standard report
- heuristic application stack detection via
- ✅ session control
- runtime pause / resume session
- persistent scan sessions
- checkpoint autosave
- session snapshot validation
- atomic session writes
- restore flow
- ✅ HTTP(S) (PORT) support
- ✅ Keep-alive long pooling
- ✅ Invalid certificates scan
- ✅ HTTP(S)/SOCKS proxies
- ✅ dynamic request headers
- custom request headers support
- custom request cookies support
- cookie routing from responses
- custom or randomized user-agent support
- ✅ custom wordlists prefixes
- ✅ custom wordlists, proxies, ignore lists
- ✅ debug levels (1-3)
- silent mode
- info
- raw mode
- ✅ extensions filters
- ✅ custom config wizard (use random techniques)
- ✅ scans reporting
- console reports
- JSON reports
- TXT reports
- HTML reports
- ✅ analyze techniques:
- detect redirects
- detect index of/ Apache
- detect large files
- skip 200 OK redirects
- skip empty pages
- cookie routing (reusing cookies)
- heuristic detect invalid pages (false 404)
- blank success page filter
- certificate required pages
- ✅ randomization techniques:
- random user-agent per request
- random proxy per request
- wordlists shuffling
- wordlists filters
- ✅ response filters
- include/exclude HTTP status codes
- HTTP status ranges, e.g.
200-299,301,302,403 - exclude exact response sizes
- exclude inclusive response size ranges
- match or exclude body text fragments
- match or exclude body regex patterns
- min/max response length filters
- automatic
HEAD->GEToverride for body-required filters
- ✅ raw-request templates
- load raw HTTP requests via
--raw-request request.txt - resolve relative request lines with
--scheme http|https - parse method, host, port, headers, cookies, and request body
- derive prefix automatically from raw request path
- allow CLI host/header/cookie/method/prefix overrides on top of the template
- load raw HTTP requests via
python3 -m ensurepip --upgrade
python3 -m pip install --upgrade pipUse this if you want the package available as a normal Python CLI tool.
python3 -m pip install --upgrade opendoor
opendoor --host http://www.example.comwinget install Python.Python.3.14
py -m pip install --upgrade pip
py -m pip install --upgrade opendoor
opendoor --host http://www.example.combrew install pipx
pipx ensurepath
pipx install opendoor
opendoor --host http://www.example.comInstall pipx with your system package manager or preferred Python tooling, then:
pipx ensurepath
pipx install opendoor
opendoor --host http://www.example.comwinget install Python.Python.3.14
py -m pip install --user pipx
py -m pipx ensurepath
# Reopen PowerShell after ensurepath
pipx install opendoor
opendoor --host http://www.example.compipx is the preferred option when you want an isolated CLI installation without managing a project virtual environment manually.
Use this mode if you want to run OpenDoor directly from the repository without installing it globally.
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 -m pip install -r requirements.txt
chmod +x opendoor.py
python3 opendoor.py --host http://www.example.comgit clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor
py -m pip install -r requirements.txt
py opendoor.py --host http://www.example.comUse this mode if you are developing, testing, or changing the project locally.
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 -m venv .venv
source .venv/bin/activate
python -m pip install --upgrade pip setuptools wheel
python -m pip install -r requirements-dev.txt
python -m pip install -e .
opendoor --host http://www.example.comgit clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor
py -m venv .venv
.\.venv\Scripts\Activate.ps1
python -m pip install --upgrade pip setuptools wheel
python -m pip install -r requirements-dev.txt
python -m pip install -e .
opendoor --host http://www.example.comThis flow is intended for Linux distributions, package maintainers, and release pipelines.
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 -m pip install --upgrade build
python3 -m buildgit clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor
py -m pip install --upgrade build
py -m buildThis flow is preferable for Linux distributions and package maintainers because:
- source package and wheel are generated through the standard Python build backend
- installation can be managed by the distribution package manager
- updates can be delivered together with OS package updates
- no legacy
setup.py installflow is required
The package is already present in BlackArch Linux, and this build layout is intended to make packaging for other Linux distributions easier as well.
Linux / macOS:
python3 -m pip install --upgrade opendoorWindows:
py -m pip install --upgrade opendoorpipx upgrade opendoorLinux / macOS:
git pull
python3 -m pip install -e .Windows:
git pull
py -m pip install -e .usage: opendoor.py [-h]
[--host HOST | --hostlist HOSTLIST | --stdin | --session-load SESSION_LOAD]
[-p PORT] [-m METHOD] [--scheme SCHEME]
[--raw-request RAW_REQUEST]
[--session-save SESSION_SAVE]
[--session-autosave-sec SESSION_AUTOSAVE_SEC]
[--session-autosave-items SESSION_AUTOSAVE_ITEMS]
[-t THREADS] [-d DELAY] [--timeout TIMEOUT] [-r RETRIES]
[--keep-alive] [--header HEADER] [--cookie COOKIE]
[--accept-cookies] [--fingerprint] [--debug DEBUG]
[--tor] [--torlist TORLIST] [--proxy PROXY]
[-s SCAN] [-w WORDLIST] [--reports REPORTS]
[--reports-dir REPORTS_DIR] [--random-agent]
[--random-list] [--prefix PREFIX] [-e EXTENSIONS]
[-i IGNORE_EXTENSIONS] [--recursive]
[--recursive-depth RECURSIVE_DEPTH]
[--recursive-status RECURSIVE_STATUS]
[--recursive-exclude RECURSIVE_EXCLUDE] [--sniff SNIFF]
[--include-status INCLUDE_STATUS]
[--exclude-status EXCLUDE_STATUS]
[--exclude-size EXCLUDE_SIZE]
[--exclude-size-range EXCLUDE_SIZE_RANGE]
[--match-text MATCH_TEXT] [--exclude-text EXCLUDE_TEXT]
[--match-regex MATCH_REGEX] [--exclude-regex EXCLUDE_REGEX]
[--min-response-length MIN_RESPONSE_LENGTH]
[--max-response-length MAX_RESPONSE_LENGTH]
[--update] [--version] [--examples] [--docs]
[--wizard [WIZARD]]
options:
-h, --help show this help message and exit
required named options:
--host HOST Target host; example: --host http://example.com
--hostlist HOSTLIST Path to file with targets, one per line
--stdin Read targets from STDIN, one per line
--session-load SESSION_LOAD
Resume a scan from a saved session file
Application tools:
--update Show package update instructions
--version Show current version
--examples Show usage examples
--docs Open documentation
--wizard [WIZARD] Run scanner wizard from your config
Debug tools:
--debug DEBUG Debug level -1 (silent), 1 - 3
Response filters:
--include-status INCLUDE_STATUS
Include only response codes, e.g. 200-299,301,302,403
--exclude-status EXCLUDE_STATUS
Exclude response codes, e.g. 404,429,500-599
--exclude-size EXCLUDE_SIZE
Exclude exact response sizes in bytes, e.g. 0,1234
--exclude-size-range EXCLUDE_SIZE_RANGE
Exclude response size ranges in bytes, e.g.
0-256,1024-2048
--match-text MATCH_TEXT
Keep only responses whose body contains the given
text. Repeatable
--exclude-text EXCLUDE_TEXT
Exclude responses whose body contains the given text.
Repeatable
--match-regex MATCH_REGEX
Keep only responses whose body matches the given
regex. Repeatable
--exclude-regex EXCLUDE_REGEX
Exclude responses whose body matches the given regex.
Repeatable
--min-response-length MIN_RESPONSE_LENGTH
Keep only responses whose size is at least N bytes
--max-response-length MAX_RESPONSE_LENGTH
Keep only responses whose size is at most N bytes
Reports tools:
--reports REPORTS Scan reports (json,std,txt,html)
--reports-dir REPORTS_DIR
Path to custom reports directory
Request tools:
-p PORT, --port PORT Custom port (default 80)
-m METHOD, --method METHOD
Request method (HEAD by default)
--scheme SCHEME Raw-request scheme when request line uses a relative
path (http or https)
--raw-request RAW_REQUEST
Path to raw HTTP request file exported from a proxy or
repeater
-d DELAY, --delay DELAY
Delay between threaded requests
--timeout TIMEOUT Request timeout (30 sec default)
-r RETRIES, --retries RETRIES
Maximum reconnect retries (default 3)
--keep-alive Use keep-alive connection
--header HEADER Add custom request header, e.g. --header 'X-Test: 1'
--cookie COOKIE Add custom cookie, e.g. --cookie 'sid=abc123'
--accept-cookies Accept and route cookies from responses
--fingerprint Detect probable CMS, framework or custom stack before
the scan
--tor Use built-in proxy list
--torlist TORLIST Path to custom proxy list
--proxy PROXY Custom permanent proxy server
--random-agent Randomize user-agent per request
Session tools:
--session-save SESSION_SAVE
Persist scan state to a checkpoint file
--session-autosave-sec SESSION_AUTOSAVE_SEC
Autosave session checkpoint every N seconds
(default 20)
--session-autosave-items SESSION_AUTOSAVE_ITEMS
Autosave session checkpoint after N processed items
(default 200)
Sniff tools:
--sniff SNIFF Response sniff plugins
(indexof,collation,file,skipempty,skipsizes=NUM:NUM...)
Stream tools:
-t THREADS, --threads THREADS
Allowed threads
Wordlist tools:
-s SCAN, --scan SCAN Scan type: directories or subdomains
-w WORDLIST, --wordlist WORDLIST
Path to custom wordlist
--random-list Shuffle scan list
--prefix PREFIX Append path prefix to scan host
-e EXTENSIONS, --extensions EXTENSIONS
Force selected extensions for the scan session, e.g.
php,json
-i IGNORE_EXTENSIONS, --ignore-extensions IGNORE_EXTENSIONS
Ignore selected extensions for the scan session, e.g.
aspx,jsp
--recursive Enable recursive directory scan
--recursive-depth RECURSIVE_DEPTH
Maximum recursive scan depth
--recursive-status RECURSIVE_STATUS
HTTP status codes allowed for recursive expansion
--recursive-exclude RECURSIVE_EXCLUDE
File extensions excluded from recursive expansion- @stanislav-web https://github.com/stanislav-web (Developer)
python3 -m pip install -r requirements-dev.txt
python3 -m unittestpython3 -m pip install -r requirements-dev.txt
python3 -m buildpython3 -m pip install -r requirements-dev.txt
ruff check .If you like to contribute to the development of the project, in that case, pull requests are open for you. Also, you can suggest ideas and create a task in my track list.