opendoor 5.8.2

Fast CLI for directory discovery, subdomain enumeration, and web asset reconnaissance

OWASP WEB Directory Scanner

Python	Linux	macOS	Windows
3.12
3.13
3.14

OpenDoor OWASP is a multifunctional console website scanner.
This application finds possible login entry points, Index of/ directories, web shells, restricted access points, subdomains, hidden data, and large backup files.
Scanning is performed using both the built-in dictionary and external dictionaries.
Anonymity and speed are provided through the use of proxy servers.
The software is written for informational purposes and is released as an open-source product under the GPL license.
The project is part of BlackArch Linux and is maintained and supported by the community.

• Built-in dictionaries
  • Directories: 110861
  • Subdomains: 255359

5.8.2 (25.04.2026)

• (dictionary) added +11572 new potencial directries to wordlist
• (enhancement) heuristic fingerprinting ( --fingerprint stabilizes and expands)
• (enhancement) improved infrastructure detection
• (enhancement) collision hardening for generic admin/backend/assets patterns
• (enhancement) --sniff indexof improved to detect directory listings across Apache, nginx, IIS and generic layouts
• (enhancement) --sniff collation improved to better detect repeated soft404/error templates
• (enhancement) --sniff file improved to detect explicit downloads, binary responses and large bodies without Content-Length
• (enhancement) --sniff skipempty improved to skip only truly empty or semantically empty short responses
• (enhancement) --sniff skipsizes improved with safer size handling, invalid header fallback and KB range support
• (bugfix) fixed false positives in sniff plugins for short login pages, short useful JSON responses and binary placeholders
• (bugfix) fixed backward compatibility regressions in CollationResponsePlugin
• (tests) negative regression coverage to reduce false positives
• (tests) expanded coverage for file, indexof, collation, skipempty and skipsizes
• (tests) full unittest suite passes after integration (790 tests)
• (tests) negative regression coverage to reduce false positives

Changelog (last changes)

Main features

• ✅ directories scanner
• ✅ recursive directory scanner
• ✅ subdomains scanner
• ✅ target input sources
  • single target via --host
  • multi-target file via --hostlist
  • standard input via --stdin
• ✅ technology fingerprinting
  • heuristic application stack detection via --fingerprint
  • identify probable CMS, ecommerce platforms, frameworks, site builders, and static-site tooling
  • detect infrastructure providers such as AWS, Cloudflare, Vercel, Netlify, GitHub Pages, GitLab Pages, Heroku, Azure, Google Cloud, Fastly, Akamai, and OpenResty
  • print application and infrastructure confidence in the standard report
• ✅ session control
  • runtime pause / resume session
  • persistent scan sessions
  • checkpoint autosave
  • session snapshot validation
  • atomic session writes
  • restore flow
• ✅ HTTP(S) (PORT) support
• ✅ Keep-alive long pooling
• ✅ Invalid certificates scan
• ✅ HTTP(S)/SOCKS proxies
• ✅ dynamic request headers
  • custom request headers support
  • custom request cookies support
  • cookie routing from responses
  • custom or randomized user-agent support
• ✅ custom wordlists prefixes
• ✅ custom wordlists, proxies, ignore lists
• ✅ debug levels (1-3)
  • silent mode
  • info
  • raw mode
• ✅ extensions filters
• ✅ custom config wizard (use random techniques)
• ✅ scans reporting
  • console reports
  • JSON reports
  • TXT reports
  • HTML reports
  • SQLITE reports
• ✅ analyze techniques:
  • detect redirects
  • detect index of/ Apache
  • detect large files
  • skip 200 OK redirects
  • skip empty pages
  • cookie routing (reusing cookies)
  • heuristic detect invalid pages (false 404)
  • blank success page filter
  • certificate required pages
• ✅ randomization techniques:
  • random user-agent per request
  • random proxy per request
  • wordlists shuffling
  • wordlists filters
• ✅ response filters
  • include/exclude HTTP status codes
  • HTTP status ranges, e.g. 200-299,301,302,403
  • exclude exact response sizes
  • exclude inclusive response size ranges
  • match or exclude body text fragments
  • match or exclude body regex patterns
  • min/max response length filters
  • automatic HEAD -> GET override for body-required filters
• ✅ raw-request templates
  • load raw HTTP requests via --raw-request request.txt
  • resolve relative request lines with --scheme http|https
  • parse method, host, port, headers, cookies, and request body
  • derive prefix automatically from raw request path
  • allow CLI host/header/cookie/method/prefix overrides on top of the template

Install PIP

python3 -m ensurepip --upgrade
python3 -m pip install --upgrade pip

Global installation from PyPI

Use this if you want the package available as a normal Python CLI tool.

Linux / macOS

python3 -m pip install --upgrade opendoor
opendoor --host http://www.example.com

Windows (PowerShell)

winget install Python.Python.3.14
py -m pip install --upgrade pip
py -m pip install --upgrade opendoor

opendoor --host http://www.example.com

Global installation with pipx (recommended for end users)

macOS / Homebrew

brew install pipx
pipx ensurepath
pipx install opendoor

opendoor --host http://www.example.com

Linux / generic environments

Install pipx with your system package manager or preferred Python tooling, then:

pipx ensurepath
pipx install opendoor

opendoor --host http://www.example.com

Windows (PowerShell)

winget install Python.Python.3.14
py -m pip install --user pipx
py -m pipx ensurepath

# Reopen PowerShell after ensurepath
pipx install opendoor

opendoor --host http://www.example.com

pipx is the preferred option when you want an isolated CLI installation without managing a project virtual environment manually.

Local installation and run

Use this mode if you want to run OpenDoor directly from the repository without installing it globally.

Linux / macOS

git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 -m pip install -r requirements.txt
chmod +x opendoor.py

python3 opendoor.py --host http://www.example.com

Windows (PowerShell)

git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor
py -m pip install -r requirements.txt

py opendoor.py --host http://www.example.com

Local development installation

Use this mode if you are developing, testing, or changing the project locally.

Linux / macOS

git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 -m venv .venv
source .venv/bin/activate
python -m pip install --upgrade pip setuptools wheel
python -m pip install -r requirements-dev.txt
python -m pip install -e .

opendoor --host http://www.example.com

Windows (PowerShell)

git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor
py -m venv .venv
.\.venv\Scripts\Activate.ps1
python -m pip install --upgrade pip setuptools wheel
python -m pip install -r requirements-dev.txt
python -m pip install -e .

opendoor --host http://www.example.com

Installation from source for OS distributions / maintainers

This flow is intended for Linux distributions, package maintainers, and release pipelines.

Linux / macOS

git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor/
python3 -m pip install --upgrade build
python3 -m build

Windows (PowerShell)

git clone https://github.com/stanislav-web/OpenDoor.git
cd OpenDoor
py -m pip install --upgrade build
py -m build

This flow is preferable for Linux distributions and package maintainers because:

• source package and wheel are generated through the standard Python build backend
• installation can be managed by the distribution package manager
• updates can be delivered together with OS package updates
• no legacy setup.py install flow is required

The package is already present in BlackArch Linux, and this build layout is intended to make packaging for other Linux distributions easier as well.

PyPI installation

Linux / macOS:

python3 -m pip install --upgrade opendoor

Windows:

py -m pip install --upgrade opendoor

pipx installation

pipx upgrade opendoor

Source checkout

Linux / macOS:

git pull
python3 -m pip install -e .

Windows:

git pull
py -m pip install -e .

Recognized systems

This is summarizing the platform families currently recognized by the heuristic fingerprint engine.

CMS (26)

• Bitrix
• Bludit
• Bolt CMS
• Concrete CMS
• Contao
• Craft CMS
• Directus
• Discourse
• Drupal
• Ghost
• GravCMS
• Joomla
• Matomo
• MediaWiki
• MODX
• Moodle
• Neos
• Nextcloud
• OctoberCMS
• ownCloud
• phpBB
• phpMyAdmin
• Pimcore
• TYPO3
• Umbraco
• WordPress

E-commerce (7)

• Magento
• nopCommerce
• OpenCart
• PrestaShop
• Shopify
• Shopware
• WooCommerce

Frameworks / app platforms (24)

• Angular
• ASP.NET
• Astro
• Django
• Express
• FastAPI
• Fastify
• Flask
• Gatsby
• Hapi
• Koa
• Laravel
• NestJS
• Next.js
• Nuxt
• Phoenix
• React
• Remix
• Ruby on Rails
• Spring
• Strapi
• SvelteKit
• Symfony
• Vue

Site builders (4)

• Squarespace
• Tilda
• Webflow
• Wix

Static / docs generators (5)

• Docusaurus
• Hugo
• Jekyll
• MkDocs
• VitePress

Infrastructure providers / hosting edge signals (21)

• AWS
• AWS API Gateway
• AWS Amplify
• AWS CloudFront
• AWS ELB / ALB
• AWS S3
• Akamai
• Cloudflare
• Fastly
• GitHub Pages
• GitLab Pages
• Google App Engine
• Google Cloud
• Google Cloud / Google Frontend
• Google Cloud Run
• Heroku
• Microsoft Azure
• Microsoft Azure App Service
• Netlify
• OpenResty
• Vercel

Help

usage: opendoor.py [-h]
                   [--host HOST | --hostlist HOSTLIST | --stdin | --session-load SESSION_LOAD]
                   [-p PORT] [-m METHOD] [--scheme SCHEME]
                   [--raw-request RAW_REQUEST]
                   [--session-save SESSION_SAVE]
                   [--session-autosave-sec SESSION_AUTOSAVE_SEC]
                   [--session-autosave-items SESSION_AUTOSAVE_ITEMS]
                   [-t THREADS] [-d DELAY] [--timeout TIMEOUT] [-r RETRIES]
                   [--keep-alive] [--header HEADER] [--cookie COOKIE]
                   [--accept-cookies] [--fingerprint] [--debug DEBUG]
                   [--tor] [--torlist TORLIST] [--proxy PROXY]
                   [-s SCAN] [-w WORDLIST] [--reports REPORTS]
                   [--reports-dir REPORTS_DIR] [--random-agent]
                   [--random-list] [--prefix PREFIX] [-e EXTENSIONS]
                   [-i IGNORE_EXTENSIONS] [--recursive]
                   [--recursive-depth RECURSIVE_DEPTH]
                   [--recursive-status RECURSIVE_STATUS]
                   [--recursive-exclude RECURSIVE_EXCLUDE] [--sniff SNIFF]
                   [--include-status INCLUDE_STATUS]
                   [--exclude-status EXCLUDE_STATUS]
                   [--exclude-size EXCLUDE_SIZE]
                   [--exclude-size-range EXCLUDE_SIZE_RANGE]
                   [--match-text MATCH_TEXT] [--exclude-text EXCLUDE_TEXT]
                   [--match-regex MATCH_REGEX] [--exclude-regex EXCLUDE_REGEX]
                   [--min-response-length MIN_RESPONSE_LENGTH]
                   [--max-response-length MAX_RESPONSE_LENGTH]
                   [--update] [--version] [--examples] [--docs]
                   [--wizard [WIZARD]]

options:
  -h, --help            show this help message and exit

required named options:
  --host HOST           Target host; example: --host http://example.com
  --hostlist HOSTLIST   Path to file with targets, one per line
  --stdin               Read targets from STDIN, one per line
  --session-load SESSION_LOAD
                        Resume a scan from a saved session file

Application tools:
  --update              Show package update instructions
  --version             Show current version
  --examples            Show usage examples
  --docs                Open documentation
  --wizard [WIZARD]     Run scanner wizard from your config

Debug tools:
  --debug DEBUG         Debug level -1 (silent), 1 - 3

Response filters:
  --include-status INCLUDE_STATUS
                        Include only response codes, e.g. 200-299,301,302,403
  --exclude-status EXCLUDE_STATUS
                        Exclude response codes, e.g. 404,429,500-599
  --exclude-size EXCLUDE_SIZE
                        Exclude exact response sizes in bytes, e.g. 0,1234
  --exclude-size-range EXCLUDE_SIZE_RANGE
                        Exclude response size ranges in bytes, e.g.
                        0-256,1024-2048
  --match-text MATCH_TEXT
                        Keep only responses whose body contains the given
                        text. Repeatable
  --exclude-text EXCLUDE_TEXT
                        Exclude responses whose body contains the given text.
                        Repeatable
  --match-regex MATCH_REGEX
                        Keep only responses whose body matches the given
                        regex. Repeatable
  --exclude-regex EXCLUDE_REGEX
                        Exclude responses whose body matches the given regex.
                        Repeatable
  --min-response-length MIN_RESPONSE_LENGTH
                        Keep only responses whose size is at least N bytes
  --max-response-length MAX_RESPONSE_LENGTH
                        Keep only responses whose size is at most N bytes

Reports tools:
  --reports REPORTS     Scan reports (json,std,txt,html,sqlite)
  --reports-dir REPORTS_DIR
                        Path to custom reports directory

Request tools:
  -p PORT, --port PORT  Custom port (default 80)
  -m METHOD, --method METHOD
                        Request method (HEAD by default)
  --scheme SCHEME       Raw-request scheme when request line uses a relative
                        path (http or https)
  --raw-request RAW_REQUEST
                        Path to raw HTTP request file exported from a proxy or
                        repeater
  -d DELAY, --delay DELAY
                        Delay between threaded requests
  --timeout TIMEOUT     Request timeout (30 sec default)
  -r RETRIES, --retries RETRIES
                        Maximum reconnect retries (default 3)
  --keep-alive          Use keep-alive connection
  --header HEADER       Add custom request header, e.g. --header 'X-Test: 1'
  --cookie COOKIE       Add custom cookie, e.g. --cookie 'sid=abc123'
  --accept-cookies      Accept and route cookies from responses
  --fingerprint         Detect probable CMS, framework or custom stack before
                        the scan
  --tor                 Use built-in proxy list
  --torlist TORLIST     Path to custom proxy list
  --proxy PROXY         Custom permanent proxy server
  --random-agent        Randomize user-agent per request

Session tools:
  --session-save SESSION_SAVE
                        Persist scan state to a checkpoint file
  --session-autosave-sec SESSION_AUTOSAVE_SEC
                        Autosave session checkpoint every N seconds
                        (default 20)
  --session-autosave-items SESSION_AUTOSAVE_ITEMS
                        Autosave session checkpoint after N processed items
                        (default 200)

Sniff tools:
  --sniff SNIFF         Response sniff plugins
                        (indexof,collation,file,skipempty,skipsizes=NUM:NUM...)

Stream tools:
  -t THREADS, --threads THREADS
                        Allowed threads

Wordlist tools:
  -s SCAN, --scan SCAN  Scan type: directories or subdomains
  -w WORDLIST, --wordlist WORDLIST
                        Path to custom wordlist
  --random-list         Shuffle scan list
  --prefix PREFIX       Append path prefix to scan host
  -e EXTENSIONS, --extensions EXTENSIONS
                        Force selected extensions for the scan session, e.g.
                        php,json
  -i IGNORE_EXTENSIONS, --ignore-extensions IGNORE_EXTENSIONS
                        Ignore selected extensions for the scan session, e.g.
                        aspx,jsp
  --recursive           Enable recursive directory scan
  --recursive-depth RECURSIVE_DEPTH
                        Maximum recursive scan depth
  --recursive-status RECURSIVE_STATUS
                        HTTP status codes allowed for recursive expansion
  --recursive-exclude RECURSIVE_EXCLUDE
                        File extensions excluded from recursive expansion

Maintainers

• @stanislav-web https://github.com/stanislav-web (Developer)

Tests

python3 -m pip install -r requirements-dev.txt
python3 -m unittest

Build

python3 -m pip install -r requirements-dev.txt
python3 -m build

Lint

python3 -m pip install -r requirements-dev.txt
ruff check .

Contributors

If you like to contribute to the development of the project, in that case, pull requests are open for you. Also, you can suggest ideas and create a task in my track list.

Documentation

• Read The Docs
• Opendoor OWASP CookBook
• Issues
• PyPI package