urlyzer is a tool to help with analyzing URLs, allowing you to quickly dissect and easily visualize all the parameters offline to keep your URL and Params confidential.

If you find it useful, consider giving us a ⭐ star 👆 😉

Frequently, you may encounter lengthy URLs containing various parameters. If you are trying to analyze these parameters in the query string or in a fragment, you may paste it into a text/code editor and break them apart or search for a certain parameter and value. Also, you may often have to decode some of it (if it is URL encoded), which means you have to also copy and paste that to another terminal tool or some other tool like Burp’s Decoder/CyberChef.

It turns out that also URL Fragments (#) may also contain query strings. One such case is with OpenID Connect (OIDC), and urlyzer also parses these!

If you are frustrated by this process, often repeated multiple times a day, then this 🛠 tool is for you!

• Offline parsing to keep your URL and Query String Parameters confidential.
• Allows you to pipe-in (|) the URL from the command line via stdin.
• Check the final destination (-f) after redirects of a URL.
• Proxy (-p) to allow to forward proxy the traffic for further inspection to Burp (or your proxy of choice) .
• Check Azure Blob Storage SAS URIs (sas) for type & parse the parameters with details of what each of those parameters mean in long form.
  • More support coming to this soon!
• Parse cookies 🍪 with -c.

go run urlyzer.go "https://www.example.com/path/towin?param1=value1&param2=value%202"

Simple Tool Use:

urlyzer "https://www.example.com/path/towin?param1=value1&param2=value%202#MyFragment"

Piped Input:

echo "https://www.example.com/path/towin?param1=value1&param2=value%202#MyFragment" | urlyzer 

Scheme: https
Host: www.example.com
Port: 
Path: /path/towin
Query String: param1=value1&param2=value%202
Query Parameters:
  param2: value 2
  param1: value1
Fragment: MyFragment

This is a case where the URL may have one or multiple redirects and you wish to check it's final destination. To do the analysis, pass in the -f flag after urlyzer:

urlyzer -f "https://aka.ms/powershell-release?tag=lts"

Example Output

Final Destination: https://github.com/PowerShell/PowerShell/releases/tag/v7.2.13
Status Code: 200
Headers:
  Location: [https://powershell-release-redirect.azurewebsites.net/api/powershell-release-redirect?code=GyM2EB/tN8KmH2swJp/o/TdJ72z9CLP2/g3lBa9gnPWDZOAbDrD5EA==&tag=lts]
  X-Response-Cache-Status: [True]
  Pragma: [no-cache]
  Cache-Control: [max-age=0, no-cache, no-store]
  Date: [Sun, 24 Sep 2023 20:21:23 GMT]
  Strict-Transport-Security: [max-age=31536000 ; includeSubDomains]
  Content-Length: [0]
  Server: [Kestrel]
  Request-Context: [appId=cid-v1:9b037ab9-fa5a-4c09-81bd-41ffa859f01e]
  Expires: [Sun, 24 Sep 2023 20:21:23 GMT]

If you want to forward proxy the traffic from the analysis for further analysis you can use the -p flag follwed by the proxy address:

echo " https://aka.ms/powershell-release?tag=lts" | ./urlyzer -f -p "http://127.0.0.1:8080"

Check out the releases tab to download one of the binaries for your targeted architecture.

Running in a container is easy with the provided Dockerfile and it doesn't any other dependencies, well other than having Docker!

1. Clone the code
2. Build the image by running docker build --tag urlyzer .
3. Run the container with urlyzer: docker run urlyzer [flag] "URL"

docker run urlyzer "https://login.microsoftonline.com/common/oauth2/authorize?client_id=1234#revx0r.com"

docker run urlyzer -f "https://aka.ms/powershell-release?tag=lts"