From 1c4dc13f27a1624eeef9be99952df19f89d5cf4e Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 3 Feb 2017 01:38:32 +0000
Subject: [PATCH] Note limitations of http-open-redirect.nse

---
 scripts/http-open-redirect.nse | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scripts/http-open-redirect.nse b/scripts/http-open-redirect.nse
index 707dfccc3..2ceb15250 100644
--- a/scripts/http-open-redirect.nse
+++ b/scripts/http-open-redirect.nse
@@ -8,7 +8,12 @@ local url = require "url"
 description = [[
 Spiders a website and attempts to identify open redirects. Open
 redirects are handlers which commonly take a URL as a parameter and
-responds with a http redirect (3XX) to the target.  Risks of open redirects are described at http://cwe.mitre.org/data/definitions/601.html.
+responds with a HTTP redirect (3XX) to the target.  Risks of open redirects are
+described at http://cwe.mitre.org/data/definitions/601.html.
+
+Only open redirects that are directly linked on the target website can be
+discovered this way. If an open redirector is not linked, it will not be
+discovered.
 ]]
 
 ---