opendoor 5.0.0

Console web directory and subdomain scanner for security research and asset discovery

OWASP WEB Directory Scanner

Python	Linux	OSX
3.12
3.13
3.14

OpenDoor OWASP is console multifunctional website's scanner.
This application finds all possible ways to login, index of/ directories, web shells, restricted access points, subdomains, hidden data and large backups.
The scanning is performed by the built-in dictionary and external dictionaries as well. Anonymity and speed are provided by means of using proxy servers.
Software is written for informational purposes and is open source product under the GPL license.

Read The Docs

• Current 5.0.0 (2026)
  • Directories: 83012
  • Subdomains: 255359

Changelog (last changes)

v5.0.0 (2026)

• Added: pyproject.toml for modern Python packaging workflow
• Added: source and wheel build support through python -m build
• Added: refreshed MANIFEST.in for correct source distribution contents
• Added: AGENTS.md for contributor and agent workflow guidance
• Added: Ruff baseline for lightweight Python linting
• Changed: Python support baseline updated to 3.12, 3.13, 3.14
• Changed: package build/install flow modernized for current Python ecosystem
• Changed: CLI update/version behavior refreshed for modern environments
• Changed: help text and install flow documentation clarified
• Changed: test suite refreshed for modern Python runtime and standard library mocks
• Changed: development dependencies refreshed to current maintained versions
• Fixed: build issues for source and wheel distribution generation
• Fixed: packaging metadata and install paths for modern setuptools/pip workflows
• Fixed: tests depending on external shell and network behavior
• Fixed: CLI banner rendering and package installation checks
• Planned next: deeper refactoring, additional tests, warnings cleanup and internal code improvements

Testing of the software on the live commercial systems and organizations is prohibited!

• ✅ directories scanner
• ✅ subdomains scanner
• ✅ multithreading control
• ✅ scan's reports
• ✅ HTTP(S) (PORT) support
• ✅ Keep-alive long pooling
• ✅ Invalid certificates scan
• ✅ HTTP(S)/SOCKS proxies
• ✅ dynamic request header
• ✅ custom wordlists prefixes
• ✅ custom wordlists, proxies, ignore lists
• ✅ debug levels (1-3)
• ✅ extensions filter
• ✅ custom reports directory
• ✅ custom config wizard (use random techniques)
• ✅ analyze techniques:
  • detect redirects
  • detect index of/ Apache
  • detect large files
  • skip 200 OK redirects
  • skip empty pages
  • heuristic detect invalid pages
  • blank success page filter
  • certificate required pages
• ✅ randomization techniques:
  • random user-agent per request
  • random proxy per request
  • wordlists shuffling
  • wordlists filters

Install PIP

python3 -m ensurepip --upgrade
python3 -m pip install --upgrade pip

Local installation and run

Use this mode if you want to run OpenDoor directly from the repository without installing it globally.

git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 -m pip install -r requirements.txt
chmod +x opendoor.py

python3 opendoor.py --host http://www.example.com

Local development installation

Use this mode if you are developing, testing, or changing the project locally.

git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 -m venv .venv
source .venv/bin/activate
python -m pip install --upgrade pip setuptools wheel
python -m pip install -r requirements-dev.txt
python -m pip install -e .

opendoor --host http://www.example.com

Global installation from PyPI

Use this if you want the package available as a normal Python CLI tool.

python3 -m pip install --upgrade opendoor
opendoor --host http://www.example.com

Global installation with pipx (recommended for end users)

macOS / Homebrew

brew install pipx
pipx ensurepath
pipx install opendoor

opendoor --host http://www.example.com

Linux / generic environments

Install pipx with your system package manager or preferred Python tooling, then:

pipx ensurepath
pipx install opendoor

opendoor --host http://www.example.com

pipx is the preferred option when you want an isolated CLI installation without managing a project virtual environment manually.

Installation from source for OS distributions / maintainers

This flow is intended for Linux distributions, package maintainers, and release pipelines.

git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 -m pip install --upgrade build
python3 -m build

Generated artifacts:

dist/opendoor-5.0.0.tar.gz
dist/opendoor-5.0.0-py3-none-any.whl

This flow is preferable for Linux distributions and package maintainers because:

• source package and wheel are generated through the standard Python build backend
• installation can be managed by the distribution package manager
• updates can be delivered together with OS package updates
• no legacy setup.py install flow is required

The package is already present in BlackArch Linux, and this build layout is intended to make packaging for other Linux distributions easier as well.

Manual installation from built wheel

python3 -m pip install dist/opendoor-5.0.0-py3-none-any.whl
opendoor --host http://www.example.com

Updates

PyPI installation

python3 -m pip install --upgrade opendoor

pipx installation

pipx upgrade opendoor

Source checkout

git pull
python3 -m pip install -e .

Help

usage: opendoor.py [-h] [--host HOST] [-p PORT] [-m METHOD] [-t THREADS]
                   [-d DELAY] [--timeout TIMEOUT] [-r RETRIES]
                   [--keep-alive] [--accept-cookies] [--debug DEBUG] [--tor]
                   [--torlist TORLIST] [--proxy PROXY] [-s SCAN] [-w WORDLIST]
                   [--reports REPORTS] [--reports-dir REPORTS_DIR]
                   [--random-agent] [--random-list] [--prefix PREFIX]
                   [-e EXTENSIONS] [-i IGNORE_EXTENSIONS] [--sniff SNIFF]
                   [--update] [--version] [--examples] [--docs]
                   [--wizard [WIZARD]]

optional arguments:
  -h, --help            show this help message and exit

required named options:
  --host HOST           Target host; example: --host http://example.com

Application tools:
  --update              Show package update instructions
  --version             Show current version
  --examples            Show usage examples
  --docs                Open documentation
  --wizard [WIZARD]     Run scanner wizard from your config

Debug tools:
  --debug DEBUG         Debug level -1 (silent), 1 - 3

Reports tools:
  --reports REPORTS     Scan reports (json,std,txt,html)
  --reports-dir REPORTS_DIR
                        Path to custom reports directory

Request tools:
  -p PORT, --port PORT  Custom port (default 80)
  -m METHOD, --method METHOD
                        Request method (HEAD by default)
  -d DELAY, --delay DELAY
                        Delay between threaded requests
  --timeout TIMEOUT     Request timeout (30 sec default)
  -r RETRIES, --retries RETRIES
                        Maximum reconnect retries (default 3)
  --keep-alive          Use keep-alive connection
  --accept-cookies      Accept and route cookies from responses
  --tor                 Use built-in proxy list
  --torlist TORLIST     Path to custom proxy list
  --proxy PROXY         Custom permanent proxy server
  --random-agent        Randomize user-agent per request

Sniff tools:
  --sniff SNIFF         Response sniff plugins
                        (indexof,collation,file,skipempty,skipsizes=NUM:NUM...)

Stream tools:
  -t THREADS, --threads THREADS
                        Allowed threads

Wordlist tools:
  -s SCAN, --scan SCAN  Scan type: directories or subdomains
  -w WORDLIST, --wordlist WORDLIST
                        Path to custom wordlist
  --random-list         Shuffle scan list
  --prefix PREFIX       Append path prefix to scan host
  -e EXTENSIONS, --extensions EXTENSIONS
                        Force selected extensions for scan session, e.g. php,json
  -i IGNORE_EXTENSIONS, --ignore-extensions IGNORE_EXTENSIONS
                        Ignore selected extensions for scan session, e.g. aspx,jsp

Maintainers

• @stanislav-web https://github.com/stanislav-web (Developer)

Tests

python3 -m pip install -r requirements-dev.txt
python3 -m unittest

Build

python3 -m pip install -r requirements-dev.txt
python3 -m build

Lint

python3 -m pip install -r requirements-dev.txt
ruff check .

Contributors

If you like to contribute to the development of the project, in that case, pull requests are open for you.
Also, you can suggest ideas and create a task in my track list.

Documentation

• Read The Docs
• Opendoor OWASP CookBook
• Issues
• PyPI package