4-ZERO-3: Tool to bypass 403/401
4-ZERO-3 Tool to bypass 403/401. This script contains all the possible techniques to do the same.
- NOTE: If you see multiple [200 Ok]/bypasses as output, you must check the Content-Length. If the content-length is the same for multiple [200 Ok]/bypasses means false positive. Reason can be “301/302” or “../” [Payload] DON’T PANIC.
- The script will print cURL PAYLOAD if possible bypass found.
Download
git clone https://github.com/Dheerajmadhukar/4-ZERO-3.git
Use
Usage / Modes
- Scan with specific payloads:
- [ –header ] Support HEADER based bypasses/payloads
root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --header
- [ –protocol ] Support PROTOCOL based bypasses/payloads
root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --protocol
- [ –port ] Support PORT based bypasses/payloads
root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --port
- [ –HTTPmethod ] Support HTTP Method based bypasses/payloads
root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret –HTTPmethod
- [ –encode ] Support URL Encoded bypasses/payloads
root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --encode
- [ –SQLi ] Support MySQL mod_Security & libinjection bypasses/payloads [** New **]
root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --SQLi
- [ –header ] Support HEADER based bypasses/payloads
- Complete Scan {includes all exploits/payloads} for an endpoint [ –exploit ]
root@me_dheeraj:$ bash 403-bypass.sh -u https://target.com/secret --exploit
Copyright (c) 2021 me_dheeraj
