dontgo403 is a tool to bypass 40X errors.

Related tags

Utilities dontgo403
Overview

contributions welcome

dontgo403 is a tool to bypass 40X errors.

Installation

git clone https://github.com/devploit/dontgo403; cd dontgo403; go get; go build

Options

./dontgo403 -h

Command line application that automates different attempts to bypass 40X codes

Usage:
  dontgo403 [flags]

Flags:
  -h, --help               help for dontgo403
  -p, --proxy string       Proxy URL. For example: http://127.0.0.1:8080
  -u, --uri string         Target URL
  -a, --useragent string   Set the User-Agent string (default 'dontgo403/0.1')

Example of usage

./dontgo403 -u https://server.com/admin

[+] HTTP METHODS
TRACE: 405
CONNECT: 400
PUT: 405
POST: 405
OPTIONS: 405
DELETE: 405
HEAD: 200
GET: 403

[+] VERB TAMPERING
Forwarded localhost: 403
X-Forwarded-By localhost: 403
X-Forwarded-Server 127.0.0.1: 403
X-Real-IP 127.0.0.1: 403
X-Forwarded-Host 127.0.0.1: 403
X-Original-URL /admin: 403
X-Host localhost: 403
Forwarded 127.0.0.1: 403
True-Client-IP 127.0.0.1: 403
X-Override-URL /admin: 403
X-Forwarded 127.0.0.1: 403
X-HTTP-Host-Override 127.0.0.1: 403
X-Forwarded localhost: 403
X-Host 127.0.0.1: 403
X-Client-IP 127.0.0.1: 200 <---- 200, OK
Client-IP 127.0.0.1: 403
X-Forwarded-For 127.0.0.1: 403
X-Remote-Addr 127.0.0.1: 403
X-Forwarded-By 127.0.0.1: 403
Forwarded-For-Ip 127.0.0.1: 403
X-Forwarded-Host localhost: 403
X-Forwarded-For localhost: 403
Forwarded-For 127.0.0.1: 403
Referer /admin: 403
Forwarded-For localhost: 403
X-Forwarded-For-Original localhost: 403
X-Rewrite-URL /admin: 403
X-Remote-IP 127.0.0.1: 403
X-Forwarded-Server localhost: 403
X-Originating-IP 127.0.0.1: 403
X-HTTP-Method-Override PUT: 403
X-Forward 127.0.0.1: 403
X-Remote-Addr localhost: 403
X-Custom-IP-Authorization 127.0.0.1: 403
X-Forwarded-For-Original 127.0.0.1: 403
X-Forward localhost: 403
X-Forward-For 127.0.0.1: 403

[+] CUSTOM PATHS
End path ..\;/: 404
End path //: 403
End path : 403
End path ??: 403
End path : 403
End path ?: 403
End path /: 403
End path /.: 403
Mid path /.\;/: 404
Mid path \;foo=bar/: 403
Mid path /./: 403
Mid path /%2e/: 403

Contact

Twitter, Telegram

Comments
  • Errors

    Errors

    Hi,

    The Tool is super cool & super fast really appreciate The Time For Creating This Tool, But am Facing an issues With This Tool, The First issue as, when i run The Tool it works Fine But it comes in CUSTOM PATHS Exploit and it shows Me This Error `panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x7518b4]

    goroutine 2396 [running]: dontgo403/cmd.requestMidPaths.func1({0xc000fcb2dc, 0x4}) /opt/tools/dontgo403/cmd/requester.go:268 +0x474 created by dontgo403/cmd.requestMidPaths /opt/tools/dontgo403/cmd/requester.go:250 +`

    The Second issue is, sometimes The Tool Works Fine But it gives me This Error 2022/01/18 22:00:34 Patch "https://www.google.com/": dial tcp: i/o timeout

    opened by OmarKhaled511 6
  • Tag the source

    Tag the source

    It would be very helpful if you could tag releases as well. This would enable distributions to fetch the source from GitHub instead of working with git checkouts.

    Thanks

    opened by fabaff 5
  • Fix README 'contributions welcome' link

    Fix README 'contributions welcome' link

    Noticed that the README Contributions Welcome badge linked to https://github.com/dwyl/esta/issues so I updated it to point here...

    Thx for this great tool!

    opened by MNThomson 1
  • ` open payloads/httpmethods: no such file or directory` issue

    ` open payloads/httpmethods: no such file or directory` issue

    Hi, When I run the below error occurred.

    ./dontgo403 -u https://www.target.com/shoppingcart
    
    [####] HTTP METHODS [####]
    2022/09/14 23:03:47 open payloads/httpmethods: no such file or directory
    
    opened by s41n1k 1
  • invalid URL escape

    invalid URL escape "%"

    I am getting this when program starting CUSTOM PATHS

    [####] CUSTOM PATHS [####]
    2022/09/11 13:37:26 parse "https://REDACTED.DOMAIN/admin.php%": invalid URL escape "%"
    
    opened by cyb3rsalih 1
  • Add tilda ~ to endpaths payloads

    Add tilda ~ to endpaths payloads

    ~ is a common suffix added to filenames for backup or temporary copies of files. This may be a manual backup or one created by an editor or other tool, I remember getting web application source code with this trick

    opened by gister9000 1
  • Add tilda ~ to endpaths payloads

    Add tilda ~ to endpaths payloads

    ~ is a common suffix added to filenames for backup or temporary copies of files. This may be a manual backup or one created by an editor or other tool, I remember getting web application source code with this trick

    opened by gister9000 1
  • feat: add github action to release binary on new versions

    feat: add github action to release binary on new versions

    This PR adds a GitHub action that automatically builds dontgo403 at each new tag version pushed. The binaries will be available at https://github.com/devploit/dontgo403/releases

    You can see how the action behaves on my fork of the project: https://github.com/eze-kiel/dontgo403/runs/5423836405, and the release here: https://github.com/eze-kiel/dontgo403/releases

    opened by eze-kiel 0
  • requester.go: Corrected wording

    requester.go: Corrected wording

    • Replaced "HTTP METHODS" with "VERB TAMPERING"
    • Replaced "VERB TAMPERING" with "HEADERS"

    According to every source I could find, verb tampering is used to refer to an attack that focuses on tinkering with the HTTP Method. The part of the code that had that title, actually attempted header-based bypasses, so this pr should fix that.

    opened by ItsIgnacioPortal 0
  • Is this added to dontgo403?

    Is this added to dontgo403?

    I recently read article on 403 bypass here: https://medium.com/@abbasheybati1/403-bypass-lyncdiscover-microsoft-com-db2778458c33

    Iwant to know is dontgo403 does this or not? If not how i can add this?

    enhancement 
    opened by coolerspeex 3
Releases(0.5)
Owner
devploit
Security Auditor
devploit
efaceconv - Code generation tool for high performance conversion from interface{} to immutable type without allocations.

efaceconv High performance conversion from interface{} to immutable types without additional allocations This is tool for go generate and common lib (

Ivan 50 May 14, 2022
GoWrap is a command line tool for generating decorators for Go interfaces

GoWrap GoWrap is a command line tool that generates decorators for Go interface types using simple templates. With GoWrap you can easily add metrics,

Max Chechel 692 Nov 26, 2022
Perforator is a tool for recording performance metrics over subregions of a program using the Linux "perf" interface.

Perforator Perforator is a tool for recording performance metrics over subregions of a program (e.g., functions) using the Linux "perf" interface.

Zachary Yedidia 33 May 5, 2022
a tool for creating exploited media files for discord

Discord-Exploits A program for creating exploited media files for discord written in Go. Usage discord-exploits is a command line utility, meaning you

schmenn 219 Dec 29, 2021
A full-featured license tool to check and fix license headers and resolve dependencies' licenses.

SkyWalking Eyes A full-featured license tool to check and fix license headers and resolve dependencies' licenses. Usage You can use License-Eye in Git

The Apache Software Foundation 179 Nov 15, 2022
sigurls is a reconnaissance tool, it fetches URLs from AlienVault's OTX, Common Crawl, URLScan, Github and the Wayback Machine.

sigurls is a reconnaissance tool, it fetches URLs from AlienVault's OTX, Common Crawl, URLScan, Github and the Wayback Machine. DiSCLAIMER: fe

Alex Munene 128 May 22, 2021
A tool and library for using structural regular expressions.

Structural Regular Expressions sregx is a package and tool for using structural regular expressions as described by Rob Pike (link).

Zachary Yedidia 40 Sep 21, 2022
TUI grep tool respect for IntelliJ

ilse TUI grep tool respect for IntelliJ Requirements ripgrep for fast grep bat for beautiful preview Features support HeadMatch(FirstMatch), WordMatch

momochi29 35 Sep 27, 2022
A tool to check problems about meta files of Unity

A tool to check problems about meta files of Unity on Git repositories, and also the tool can do limited autofix for meta files of auto-generated files.

DeNA 63 Nov 23, 2022
A tool to find redirection chains in multiple URLs

UnChain A tool to find redirection chains in multiple URLs Introduction UnChain automates process of finding and following `30X` redirects by extracti

RedCode Labs 78 Nov 9, 2022
⚖️ A tool for transpiling C to Go.

A tool for converting C to Go. The goals of this project are: To create a generic tool that can convert C to Go. To be cross platform (linux and mac)

Elliot Chance 1.9k Nov 18, 2022
Go tool to modify struct field tags

Go tool to modify/update field tags in structs. gomodifytags makes it easy to update, add or delete the tags in a struct field. You can easily add new tags, update existing tags (such as appending a new key, i.e: db, xml, etc..) or remove existing tags

Fatih Arslan 1.9k Nov 28, 2022
🤖🤝A tool to test and analyze storage and retrieval deal capability on the Filecoin network.

Dealbot A tool to test and analyze storage and retrieval deal capability on the Filecoin network. Getting Started Clone the repo and build: git clone

Filecoin 29 Sep 10, 2022
A simple tool to auto remove unused imports in rust

rust_strip A simple tool to remove unused imports in RUST. Call Cargo build/test Process the warning logs of unused imports Then replace the involved

sundyli 7 Oct 15, 2022
A tool to filter URLs by parameter count or size

GoFilter A tool to filter URLs by parameter count or size. This tool requires unique sorted URL list. For example: cat hosts.txt | sort -u > sorted &&

Ayberk ESER 7 Sep 10, 2021
A simple business indicator tool that uses a sliding window to detect whether the indicator exceeds the threshold

melon A simple business indicator tool that uses a sliding window to detect whether the indicator exceeds the threshold Usage //create the metric //th

believe 4 Jul 11, 2021
A Golang tool to whitelist ASN's based on organization name

A Golang tool to whitelist ASN's based on organization name. This works by providing a list of ASN org names. This tool uses goPacket to monitor incoming traffic, capturing the IP's and checking the IP to see if it is a part of a whitelisted ASN. If it is not, it blocks that connection and future connections using iptables.

JP 14 Jul 23, 2022
Chaos Engineering tool for introducing failure into syscalls

Syscall monkey Chaos Engineering tool for tampering with syscalls.

null 7 Jun 11, 2022
tool for working with numbers and units

tool for working with numbers and units

null 36 Nov 26, 2022