Fast CLI for directory discovery, subdomain enumeration, and web asset reconnaissance
Project description
OWASP WEB Directory Scanner 
| Python | Linux | macOS | Windows |
|---|---|---|---|
| 3.12 |  |
 |
 |
| 3.13 |  |
 |
 |
| 3.14 |  |
 |
 |
OpenDoor OWASP is a multifunctional console website scanner.
This application finds possible login entry points, Index of/ directories, web shells, restricted access points, subdomains, hidden data, and large backup files.
Scanning is performed using both the built-in dictionary and external dictionaries.
Anonymity and speed are provided through the use of proxy servers.
The software is written for informational purposes and is released as an open-source product under the GPL license.
The project is part of BlackArch Linux and is maintained and supported by the community.
- Current 5.4.0 (21.04.2026)
- Directories: 110976
- Subdomains: 255359
Changelog (last changes)
v5.5.0 (21.04.2026)
- (feature) Added response filter flags:
--include-status,--exclude-status,--exclude-size,--exclude-size-range,--match-text,--exclude-text,--match-regex,--exclude-regex,--min-response-length, and--max-response-length. - (feature) Added HTTP status range support for response filtering, e.g.
200-299,301,302,403. - (feature) Added exact size and inclusive byte-range filtering for noisy responses and false positives.
- (feature) Added body text and regex response filtering for more precise discovery workflows.
- (ux) Automatically override explicit
HEADtoGETwhen selected response filters require response body access. - (tests) Added regression coverage for response filter option parsing, validation, browser config normalization, and browser filtering behavior.
- (tests) Full unittest suite passes after integration (
585tests).
Main features
- ✅ directories scanner
- ✅ recursive directory scanner
- ✅ subdomains scanner
- ✅ target input sources
- single target via
--host - multi-target file via
--hostlist - standard input via
--stdin
- single target via
- ✅ session control
- runtime pause / resume session
- ✅ HTTP(S) (PORT) support
- ✅ Keep-alive long pooling
- ✅ Invalid certificates scan
- ✅ HTTP(S)/SOCKS proxies
- ✅ dynamic request headers
- custom request headers support
- custom request cookies support
- cookie routing from responses
- custom or randomized user-agent support
- ✅ custom wordlists prefixes
- ✅ custom wordlists, proxies, ignore lists
- ✅ debug levels (1-3)
- silent mode
- info
- raw mode
- ✅ extensions filters
- ✅ custom config wizard (use random techniques)
- ✅ scans reporting
- console reports
- json reports
- txt reports
- html reports
- ✅ analyze techniques:
- detect redirects
- detect index of/ Apache
- detect large files
- skip 200 OK redirects
- skip empty pages
- cookie routing (reusing cookies)
- heuristic detect invalid pages (false 404)
- blank success page filter
- certificate required pages
- ✅ randomization techniques:
- random user-agent per request
- random proxy per request
- wordlists shuffling
- wordlists filters
- ✅ response filters
- include/exclude HTTP status codes
- HTTP status ranges, e.g.
200-299,301,302,403 - exclude exact response sizes
- exclude inclusive response size ranges
- match or exclude body text fragments
- match or exclude body regex patterns
- min/max response length filters
- automatic
HEAD->GEToverride for body-required filters
Install PIP
python3 -m ensurepip --upgrade
python3 -m pip install --upgrade pip
Global installation from PyPI
Use this if you want the package available as a normal Python CLI tool.
Linux / macOS
python3 -m pip install --upgrade opendoor
opendoor --host http://www.example.com
Windows (PowerShell)
winget install Python.Python.3.14
py -m pip install --upgrade pip
py -m pip install --upgrade opendoor
opendoor --host http://www.example.com
Global installation with pipx (recommended for end users)
macOS / Homebrew
brew install pipx
pipx ensurepath
pipx install opendoor
opendoor --host http://www.example.com
Linux / generic environments
Install pipx with your system package manager or preferred Python tooling, then:
pipx ensurepath
pipx install opendoor
opendoor --host http://www.example.com
Windows (PowerShell)
winget install Python.Python.3.14
py -m pip install --user pipx
py -m pipx ensurepath
# Reopen PowerShell after ensurepath
pipx install opendoor
opendoor --host http://www.example.com
pipx is the preferred option when you want an isolated CLI installation without managing a project virtual environment manually.
Local installation and run
Use this mode if you want to run OpenDoor directly from the repository without installing it globally.
Linux / macOS
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 -m pip install -r requirements.txt
chmod +x opendoor.py
python3 opendoor.py --host http://www.example.com
Windows (PowerShell)
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor
py -m pip install -r requirements.txt
py opendoor.py --host http://www.example.com
Local development installation
Use this mode if you are developing, testing, or changing the project locally.
Linux / macOS
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 -m venv .venv
source .venv/bin/activate
python -m pip install --upgrade pip setuptools wheel
python -m pip install -r requirements-dev.txt
python -m pip install -e .
opendoor --host http://www.example.com
Windows (PowerShell)
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor
py -m venv .venv
.\.venv\Scripts\Activate.ps1
python -m pip install --upgrade pip setuptools wheel
python -m pip install -r requirements-dev.txt
python -m pip install -e .
opendoor --host http://www.example.com
Installation from source for OS distributions / maintainers
This flow is intended for Linux distributions, package maintainers, and release pipelines.
Linux / macOS
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 -m pip install --upgrade build
python3 -m build
Windows (PowerShell)
git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor
py -m pip install --upgrade build
py -m build
This flow is preferable for Linux distributions and package maintainers because:
- source package and wheel are generated through the standard Python build backend
- installation can be managed by the distribution package manager
- updates can be delivered together with OS package updates
- no legacy
setup.py installflow is required
The package is already present in BlackArch Linux, and this build layout is intended to make packaging for other Linux distributions easier as well.
PyPI installation
Linux / macOS:
python3 -m pip install --upgrade opendoor
Windows:
py -m pip install --upgrade opendoor
pipx installation
pipx upgrade opendoor
Source checkout
Linux / macOS:
git pull
python3 -m pip install -e .
Windows:
git pull
py -m pip install -e .
Help
usage: opendoor [-h] [--host HOST | --hostlist HOSTLIST | --stdin]
[-p PORT] [-m METHOD] [-t THREADS]
[-d DELAY] [--timeout TIMEOUT] [-r RETRIES]
[--keep-alive] [--accept-cookies] [--header HEADER]
[--cookie COOKIE] [--debug DEBUG] [--tor]
[--torlist TORLIST] [--proxy PROXY] [-s SCAN] [-w WORDLIST]
[--reports REPORTS] [--reports-dir REPORTS_DIR]
[--random-agent] [--random-list] [--prefix PREFIX]
[-e EXTENSIONS] [-i IGNORE_EXTENSIONS] [--recursive]
[--recursive-depth RECURSIVE_DEPTH]
[--recursive-status RECURSIVE_STATUS]
[--recursive-exclude RECURSIVE_EXCLUDE] [--sniff SNIFF]
[--update] [--version] [--examples] [--docs]
[--wizard [WIZARD]]
options:
-h, --help show this help message and exit
required named options:
--host HOST Target host; example: --host http://example.com
--hostlist HOSTLIST Path to file with targets, one per line
--stdin Read targets from STDIN, one per line
Application tools:
--update Show package update instructions
--version Show current version
--examples Show usage examples
--docs Open documentation
--wizard [WIZARD] Run scanner wizard from your config
Debug tools:
--debug DEBUG Debug level -1 (silent), 1 - 3
Reports tools:
--reports REPORTS Scan reports (json,std,txt,html)
--reports-dir REPORTS_DIR
Path to custom reports directory
Request tools:
-p PORT, --port PORT Custom port (default 80)
-m METHOD, --method METHOD
Request method (HEAD by default)
-d DELAY, --delay DELAY
Delay between threaded requests
--timeout TIMEOUT Request timeout (30 sec default)
-r RETRIES, --retries RETRIES
Maximum reconnect retries (default 3)
--keep-alive Use keep-alive connection
--accept-cookies Accept and route cookies from responses
--header HEADER Add custom request header, e.g. --header 'X-Test: 1'
--cookie COOKIE Add custom cookie, e.g. --cookie 'sid=abc123'
--tor Use built-in proxy list
--torlist TORLIST Path to custom proxy list
--proxy PROXY Custom permanent proxy server
--random-agent Randomize user-agent per request
Sniff tools:
--sniff SNIFF Response sniff plugins
(indexof,collation,file,skipempty,skipsizes=NUM:NUM...)
Stream tools:
-t THREADS, --threads THREADS
Allowed threads
Wordlist tools:
-s SCAN, --scan SCAN Scan type: directories or subdomains
-w WORDLIST, --wordlist WORDLIST
Path to custom wordlist
--random-list Shuffle scan list
--prefix PREFIX Append path prefix to scan host
-e EXTENSIONS, --extensions EXTENSIONS
Force selected extensions for scan session, e.g. php,json
-i IGNORE_EXTENSIONS, --ignore-extensions IGNORE_EXTENSIONS
Ignore selected extensions for the scan session, e.g. aspx,jsp
--recursive Enable recursive directory scan
--recursive-depth RECURSIVE_DEPTH
Maximum recursive scan depth
--recursive-status RECURSIVE_STATUS
HTTP status codes allowed for recursive expansion
--recursive-exclude RECURSIVE_EXCLUDE
File extensions excluded from recursive expansion
Maintainers
- @stanislav-web https://github.com/stanislav-web (Developer)
Tests
python3 -m pip install -r requirements-dev.txt
python3 -m unittest
Build
python3 -m pip install -r requirements-dev.txt
python3 -m build
Lint
python3 -m pip install -r requirements-dev.txt
ruff check .
Contributors
If you like to contribute to the development of the project, in that case, pull requests are open for you. Also, you can suggest ideas and create a task in my track list.
Documentation
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
opendoor-5.5.0.tar.gz
(1.6 MB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file opendoor-5.5.0.tar.gz.
File metadata
- Download URL: opendoor-5.5.0.tar.gz
- Upload date:
- Size: 1.6 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7105f4924c8fa934ffcb726d7f0aa2b7c7c285f04df585ea086f22abd42d8cfe
|
|
| MD5 |
b1855debab0057e4dc011eab7104c456
|
|
| BLAKE2b-256 |
c9047510e008f6973df6b39a404fa83920ed39e0ba7a08645f3ee4c4930a88d2
|
File details
Details for the file opendoor-5.5.0-py3-none-any.whl.
File metadata
- Download URL: opendoor-5.5.0-py3-none-any.whl
- Upload date:
- Size: 1.6 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
97e6a7e3681ba04c34b1b7a12c683651e39472e6134c1c0514440e0b396161f6
|
|
| MD5 |
0f1015fd7d85a324a21949bf1161c0ab
|
|
| BLAKE2b-256 |
83ed5df3c4e1085510cd4dc32b4f1e7e3edb62282d38c5569a9478776d54c661
|
