4-zero-3-403-401-bypass-methods-bash-automation

>_ Introduction

4-ZERO-3 Tool to bypass 403/401. This script contain all the possible techniques to do the same.

  • NOTE : If you see multiple [200 Ok]/bypasses as output, you must check the Content-Length. If the content-length is same for multiple [200 Ok]/bypasses means false positive. Reason can be “301/302” or “../” [Payload] DON’T PANIC.
  • Script will print cURL PAYLOAD if possible bypass found.

>_ Preview

>_ Help

root@me_dheeraj:$ bash 403-bypass.sh -h

>_ Usage / Modes

  • Scan with specific payloads: 
    • --header ] Support HEADER based bypasses/payloads root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --header
    • --protocol ] Support PROTOCOL based bypasses/payloads root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --protocol
    • --port ] Support PORT based bypasses/payloads root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --port
    • --HTTPmethod ] Support HTTP Method based bypasses/payloads root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --HTTPmethod
    • --encode ] Support URL Encoded bypasses/payloads root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --encode
    • --SQLi ] Support MySQL mod_Security & libinjection bypasses/payloads [** New **] root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --SQLi
  • Complete Scan {includes all exploits/payloads} for an endpoint [ –exploit ]
root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --exploit
Prerequisites
  • apt install curl [Debian]

Download 4-ZERO-3

Leave a Reply

Your email address will not be published. Required fields are marked *