>_ Introduction
4-ZERO-3 Tool to bypass 403/401. This script contain all the possible techniques to do the same.
- NOTE : If you see multiple [200 Ok]/bypasses as output, you must check the Content-Length. If the content-length is same for multiple [200 Ok]/bypasses means false positive. Reason can be "301/302" or "../" [Payload] DON'T PANIC.
- Script will print
cURLPAYLOAD if possible bypass found.
>_ Preview
>_ Help
root@me_dheeraj:$ bash 403-bypass.sh -h
>_ Usage / Modes
- Scan with specific payloads:
- [
--header] Support HEADER based bypasses/payloadsroot@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --header - [
--protocol] Support PROTOCOL based bypasses/payloadsroot@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --protocol - [
--port] Support PORT based bypasses/payloadsroot@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --port - [
--HTTPmethod] Support HTTP Method based bypasses/payloadsroot@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --HTTPmethod - [
--encode] Support URL Encoded bypasses/payloadsroot@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --encode - [
--SQLi] Support MySQL mod_Security & libinjection bypasses/payloads [** New **]root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --SQLi
- [
- Complete Scan {includes all exploits/payloads} for an endpoint [ --exploit ]
root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --exploitPrerequisites
- apt install curl [Debian]
from KitPloit - PenTest & Hacking Tools https://ift.tt/3E28vm6
via hacking
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
ConversionConversion EmoticonEmoticon