View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009661Kali LinuxNew Tool Requestspublic2026-04-30 23:042026-04-30 23:16
ReporterStanislav WEB Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0009661: OpenDoor - web directory discovery and reconnaissance scanner
Description

[Name]
OpenDoor

[Version]
5.13.2

A matching upstream release and git tag are available:
https://github.com/stanislav-web/OpenDoor/releases/tag/v5.13.2

[Homepage]
https://github.com/stanislav-web/OpenDoor
https://opendoor.readthedocs.io/

[Download]
Release tarball:
https://github.com/stanislav-web/OpenDoor/archive/refs/tags/v5.13.2.tar.gz

PyPI:
https://pypi.org/project/opendoor/

AUR:
https://aur.archlinux.org/packages/opendoor

BlackArch package update PR:
https://github.com/BlackArch/blackarch/pull/4930

Debian/Kali packaging PR:
https://github.com/stanislav-web/OpenDoor/pull/97

[Author]
OpenDoor contributors.
Maintainer: Stanislav Menshykh

[Licence]
GNU General Public License v3.0 only.

[Description]
OpenDoor is an open-source Python CLI scanner for authorized web reconnaissance, directory discovery, subdomain enumeration, fingerprint detection, WAF detection, controlled header-bypass probing, response filtering, reporting, and transport-based scanning workflows.

It helps security researchers, penetration testers, bug bounty hunters, DevSecOps engineers, and developers identify exposed paths, login panels, directory listings, restricted resources, backup files, web shells, subdomains, and other potentially sensitive web assets.

OpenDoor focuses on context-aware discovery rather than blind enumeration. It includes:

  • directory discovery
  • recursive directory discovery
  • subdomain enumeration
  • hostlist and stdin target input
  • custom wordlists, prefixes, and extension filters
  • response filtering by status, size, text, regex, and body length
  • auto-calibration for soft-404, wildcard, and catch-all responses
  • technology fingerprinting
  • passive WAF detection
  • WAF-safe scan mode
  • controlled header-injection bypass probes for blocked 401/403 paths
  • resumable scan sessions
  • CI/CD fail-on result bucket rules
  • reports in terminal, text, JSON, CSV, HTML, and SQLite formats
  • proxy, OpenVPN, and WireGuard transport profiles

[Dependencies]
Runtime dependencies:

  • python3
  • python3-packaging
  • python3-six
  • python3-socks
  • python3-tabulate
  • python3-urllib3

Build dependencies:

  • debhelper-compat (= 13)
  • dh-sequence-python3
  • pybuild-plugin-pyproject
  • python3-all
  • python3-build
  • python3-installer
  • python3-setuptools
  • python3-wheel

[Similar tools]
Similar tools include:

  • dirsearch
  • ffuf
  • gobuster
  • feroxbuster
  • dirb
  • dirbuster
  • wfuzz

OpenDoor overlaps with directory/content discovery tools, but adds a more integrated workflow around fingerprint-first scanning, WAF-aware behavior, controlled header-bypass evidence, auto-calibration, resumable sessions, structured reporting, hostlist/stdin batch workflows, and transport profile support.

[Activity]
The project is actively maintained.

Recent packaging/distribution work:

  • v5.13.2 released
  • PyPI publish workflow passed for v5.13.2
  • AUR package published: opendoor 5.13.2-1
  • BlackArch update PR opened
  • Debian/Kali packaging scaffold prepared and tested in kali-rolling

[How to install]
A Debian/Kali packaging scaffold is available in the upstream repository PR:
https://github.com/stanislav-web/OpenDoor/pull/97

Build in kali-rolling:

apt-get update
apt-get install -y \
  build-essential \
  debhelper \
  devscripts \
  dh-python \
  lintian \
  man-db \
  python3-all \
  python3-build \
  python3-installer \
  python3-packaging \
  python3-setuptools \
  python3-six \
  python3-socks \
  python3-tabulate \
  python3-urllib3 \
  python3-wheel \
  pybuild-plugin-pyproject

dpkg-buildpackage -us -uc -b
apt-get install -y ../opendoor_5.13.2-1_all.deb

[How to use]
Basic directory scan:

opendoor --host https://example.com

Use a custom wordlist:

opendoor \
  --host https://example.com \
  --wordlist paths.txt \
  --threads 10 \
  --reports=std,json,html

Subdomain enumeration:

opendoor --host example.com --scan subdomains

Target file:

opendoor --hostlist targets.txt

Standard input:

cat targets.txt | opendoor --stdin

WAF-safe scan:

opendoor \
  --host https://example.com \
  --waf-safe-mode \
  --timeout 60 \
  --retries 5 \
  --delay 0.5

Fingerprint and WAF detection:

opendoor \
  --host https://example.com \
  --fingerprint \
  --waf-detect

[Packaged]
Not yet in Debian/Kali.

Packaging status:

  • debian/ packaging scaffold exists
  • package builds successfully in kali-rolling
  • generated package: opendoor_5.13.2-1_all.deb
  • installed binary: /usr/bin/opendoor
  • manpage installed: /usr/share/man/man1/opendoor.1.gz
  • runtime assets installed under /usr/share/opendoor/
  • legacy /usr/data and /usr/opendoor.conf layout removed
  • debian/tests/smoke passes
  • lintian currently reports only:
    • initial-upload-closes-no-bugs

The remaining lintian warning is expected before a Kali bug/request ID exists and can be fixed once a bug ID is assigned.

Activities

Stanislav WEB

Stanislav WEB

2026-04-30 23:16

reporter   ~0021640

Debian/Kali packaging PR has been updated:

https://github.com/stanislav-web/OpenDoor/pull/97

Latest packaging status:

  • debian/changelog references this Kali request URL
  • dpkg-buildpackage -us -uc -b: OK in kali-rolling
  • lintian --tag-display-limit 0 ../opendoor_5.13.2-1_amd64.changes: only initial-upload-closes-no-bugs
  • Closes: #9661 was intentionally not used because Closes: is interpreted by lintian as a Debian BTS bug reference, while this is a Kali bug tracker issue.

Issue History

Date Modified Username Field Change
2026-04-30 23:04 Stanislav WEB New Issue
2026-04-30 23:16 Stanislav WEB Note Added: 0021640