• Stars
    star
    1,100
  • Rank 42,169 (Top 0.9 %)
  • Language
    Shell
  • License
    MIT License
  • Created over 3 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

403/401 Bypass Methods + Bash Automation + Your Support ;)

License Follow on Twitter

>_ Introduction

4-ZERO-3 Tool to bypass 403/401. This script contain all the possible techniques to do the same.

  • NOTE : If you see multiple [200 Ok]/bypasses as output, you must check the Content-Length. If the content-length is same for multiple [200 Ok]/bypasses means false positive. Reason can be "301/302" or "../" [Payload] DON'T PANIC.
  • Script will print cURL PAYLOAD if possible bypass found.

>_ Preview

4-ZERO-3_priview

>_ Help

root@me_dheeraj:$ bash 403-bypass.sh -h

4-ZERO-3

>_ Usage / Modes

  • Scan with specific payloads:
    • [ --header ] Support HEADER based bypasses/payloads
      root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --header
    • [ --protocol ] Support PROTOCOL based bypasses/payloads
      root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --protocol
    • [ --port ] Support PORT based bypasses/payloads
      root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --port
    • [ --HTTPmethod ] Support HTTP Method based bypasses/payloads
      root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --HTTPmethod
    • [ --encode ] Support URL Encoded bypasses/payloads
      root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --encode
    • [ --SQLi ] Support MySQL mod_Security & libinjection bypasses/payloads [** New **]
      root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --SQLi
  • Complete Scan {includes all exploits/payloads} for an endpoint [ --exploit ]
root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --exploit
Prerequisites
  • apt install curl [Debian]

Support

If you like 4-ZERO-3 and it help you in work, money/bounty, pentesting, recon or just brings you happy feelings, please show your support ! ๐Ÿ›‘ Please avoid opening GitHub issues for support requests or questions! buy me a beer to keep me powered :)

Buy Me A Beer

More Repositories

1

karma_v2

โกทโ ‚๐š”๐šŠ๐š›๐š–๐šŠ ๐šŸ๐Ÿธโ โขพ is a Passive Open Source Intelligence (OSINT) Automated Reconnaissance (framework)
Shell
776
star
2

Lilly

Tool to find the real IP behind CDNs/WAFs like cloudflare using passive recon by retrieving the favicon hash. For the same hash value, all the possible IPs, PORTs and SSL/TLS Certs are searched to validate the target in-scope.
Shell
176
star
3

back-me-up

This tool will check for Sensitive Data Leakage with some useful patterns/RegEx. The patterns are mostly targeted on waybackdata and filter everything accordingly.
Shell
140
star
4

karma_v1

KARMA is a simple bash script automation that can hit Shodan Premium API and find active IPs, ASN, Common Vulnerabilities, CVEs & Open Ports.
Shell
58
star
5

notes

Bug Bounty & Other Stuff
51
star
6

subzzZ

SubzzZ to find possible subdomains using passive recon. Tool also support Permutations, Mutations, Alterations.
Shell
37
star
7

Prototype-Pollution-Lab_me_dheeraj

Prototype-Pollution-Lab to chain the vulnerabilities between multiple accounts.
JavaScript
13
star
8

Dheerajmadhukar

Director | Trainer at CDAC Under The Ministry of Electronics and Information | Corporate Trainer at Indian Air Force Under the Ministry of Defense ... Jai Hind
10
star
9

BB-Hunt-A-Day

A simple mind map with some automation/bash commands/tools execution. I hope it may help you all :)
7
star
10

GitApp

GITAPP : Tool will display all data URLs from GitHub including XML, JSON, Java, Text, Kotlin, Ruby, Markdown, CSV, Python, PHP, GO, YAML, Elixir, C++, JavaScript, HTML & many more . . .
Shell
7
star
11

Insecure-Comparison-Lab_me_dheeraj

Insecure Comparison in JavaScript. CTF written in nodejs Express module.
HTML
5
star
12

oh-my-dorks

HTML
4
star
13

community

For US
3
star
14

fdns

To resolve IP/Domain to check the correct resolver.
Shell
2
star