{"id":48038477,"url":"https://github.com/0xbugatti/400ok","last_synced_at":"2026-04-04T14:02:42.687Z","repository":{"id":346462275,"uuid":"1141985480","full_name":"0xBugatti/400OK","owner":"0xBugatti","description":"When \"403 Forbidden\" stands between you and your target, 400OK breaks through with 22 bypass techniques and 4,400+ payloads.","archived":false,"fork":false,"pushed_at":"2026-04-04T11:58:43.000Z","size":11917,"stargazers_count":25,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-04T13:26:15.143Z","etag":null,"topics":["403","403-bypass","bugbounty","evasion","htb","offsec","oscp","oswe","pentest","pentesting-tools","waf-bypass"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xBugatti.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-25T19:10:22.000Z","updated_at":"2026-04-04T11:58:31.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/0xBugatti/400OK","commit_stats":null,"previous_names":["0xbugatti/400ok"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/0xBugatti/400OK","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xBugatti%2F400OK","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xBugatti%2F400OK/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xBugatti%2F400OK/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xBugatti%2F400OK/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xBugatti","download_url":"https://codeload.github.com/0xBugatti/400OK/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xBugatti%2F400OK/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31402277,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["403","403-bypass","bugbounty","evasion","htb","offsec","oscp","oswe","pentest","pentesting-tools","waf-bypass"],"created_at":"2026-04-04T14:01:04.917Z","updated_at":"2026-04-04T14:02:42.670Z","avatar_url":"https://github.com/0xBugatti.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Version-2.0--Ultimate-blue?style=for-the-badge\" alt=\"Version\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Go-1.23+-00ADD8?style=for-the-badge\u0026logo=go\" alt=\"Go\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/License-MIT-green?style=for-the-badge\" alt=\"License\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Platform-Cross--Platform-orange?style=for-the-badge\" alt=\"Platform\"/\u003e\n\u003c/p\u003e\n\n```\n    ██╗  ██╗ ██████╗  ██████╗  ██████╗ ██╗  ██╗\n    ██║  ██║██╔═████╗██╔═████╗██╔═══██╗██║ ██╔╝\n    ███████║██║██╔██║██║██╔██║██║   ██║█████╔╝\n    ╚════██║████╔╝██║████╔╝██║██║   ██║██╔═██╗\n         ██║╚██████╔╝╚██████╔╝╚██████╔╝██║  ██╗\n         ╚═╝ ╚═════╝  ╚═════╝  ╚═════╝ ╚═╝  ╚═╝\n                                    ULTIMATE EDITION\n```\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eUltra Comprehensive 403/401 Bypass Tool \u003c/b\u003e\u003cbr\u003e\n  \u003ci\u003e22 Techniques | 4,400+ Payloads \u003c/i\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#-quick-start\"\u003eQuick Start\u003c/a\u003e |\n  \u003ca href=\"#-features\"\u003eFeatures\u003c/a\u003e |\n  \u003ca href=\"#-techniques\"\u003eTechniques\u003c/a\u003e |\n  \u003ca href=\"#-usage\"\u003eUsage\u003c/a\u003e |\n  \u003ca href=\"#-why-400ok\"\u003eWhy 400OK?\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## What is 400OK?\n\nEver hit a **403 Forbidden** and thought \"there's gotta be a way around this\"? Yeah, we've all been there.\n\n**400OK Ultimate Edition** is your Swiss Army knife for access control bypass testing. Born from the fusion of the best bypass tools (`nomore403` + `byp4xx` + the legendary Monster script), this beast packs **22 unique bypass techniques** and over **4,400 payloads** into a single, lightning-fast Go binary.\n\nWhether you're hunting bugs, doing a pentest, or just curious about that forbidden admin panel - 400OK has your back.\n\n```\nOne tool to rule them all, one tool to find them,\nOne tool to bypass all and in the 200 bind them.\n```\n\n---\n\n## Quick Start\n\n### Option 1: Download \u0026 Run (Recommended)\n\n```bash\n# Download the latest release\nwget https://github.com/0xbugatti/400OK/releases/latest/download/400OK-linux-amd64.tar.gz\n\n# Extract and run\ntar -xzf 400OK-linux-amd64.tar.gz\ncd 400OK\n./400OK -u https://target.com/admin\n```\n\n### Option 2: Build from Source\n\n```bash\n# Clone the repo\ngit clone https://github.com/0xbugatti/400OK.git\ncd 400OK\n\n# Build it\ngo build -o 400OK\n\n# Run it\n./400OK -u https://target.com/admin\n```\n\n### Option 3: Go Install\n\n```bash\ngo install github.com/0xbugatti/400OK@latest\n```\n\n**That's it.** You're ready to bypass some access controls.\n\n---\n\n## Features\n\n| Feature                        | Description                                                |\n| :----------------------------- | :--------------------------------------------------------- |\n| **22 Bypass Techniques** | From verb tampering to Unicode encoding - we've got it all |\n| **4,400+ Payloads**      | The most comprehensive payload collection assembled        |\n| **Auto-Calibration**     | Smart filtering eliminates false positives automatically   |\n| **Blazing Fast**         | Native Go HTTP client with 50+ concurrent goroutines       |\n| **JSON Export**          | Export findings to JSON for your reports                   |\n| **Burp Integration**     | Import requests directly from Burp Suite                   |\n| **Graceful Exit**        | Ctrl+C shows summary before exit                           |\n| **Proxy Support**        | Route through Burp, ZAP, or any proxy                      |\n| **Rate Limit Aware**     | Auto-stops on 429 responses                                |\n| **Technique Selection**  | Include or exclude specific techniques                     |\n\n---\n\n## Techniques\n\n400OK comes loaded with **22 bypass techniques** organized into three tiers:\n\n### Core Techniques (Low Noise)\n\n| Technique                 | Flag                | What It Does                                       | Requests |\n| :------------------------ | :------------------ | :------------------------------------------------- | :------- |\n| **Verb Tampering**  | `verbs`           | Tests 86 HTTP methods (GET, POST, PATCH, POUET...) | 86       |\n| **Verb Case**       | `verbs-case`      | Method capitalization tricks (get, GeT, gET)       | ~20      |\n| **Headers**         | `headers`         | 53 bypass headers with 24 IP variations            | ~1,200   |\n| **End Paths**       | `endpaths`        | Path suffixes (/, /., /?, /..;/)                   | 72       |\n| **Mid Paths**       | `midpaths`        | Path traversal patterns inserted mid-URL           | 245      |\n| **HTTP Versions**   | `http-versions`   | HTTP/1.0 vs HTTP/1.1 vs HTTP/2                     | 6        |\n| **Path Case**       | `path-case`       | Case manipulation (/Admin, /ADMIN, /aDmIn)         | Variable |\n| **Double Encoding** | `double-encoding` | %252e instead of %2e                               | Variable |\n| **Bug Bounty Tips** | `bugbounty-tips`  | 13 proven techniques from real bounties            | 13       |\n\n### Monster Exclusive Techniques (Medium Noise)\n\n| Technique               | Flag              | What It Does                             | Requests |\n| :---------------------- | :---------------- | :--------------------------------------- | :------- |\n| **IPv6 Bypass**   | `ipv6`          | IPv6 localhost representations           | 10       |\n| **Host Header**   | `host-header`   | Virtual host routing manipulation        | 19       |\n| **Unicode/IIS**   | `unicode`       | Overlong UTF-8 encoding for IIS          | 23       |\n| **WAF Bypass**    | `waf-bypass`    | WAF rule evasion patterns                | 6        |\n| **Via Header**    | `via-header`    | Via header manipulation                  | 5        |\n| **Forwarded**     | `forwarded`     | RFC 7239 Forwarded header                | 8        |\n| **Cache Control** | `cache-control` | Cache manipulation bypass                | 6        |\n| **Accept Header** | `accept-header` | Content negotiation tricks               | 6        |\n| **Protocol**      | `protocol`      | HTTP/HTTPS protocol switching            | 2        |\n| **Port**          | `port`          | Non-standard port testing                | 8        |\n| **Wayback**       | `wayback`       | Check Wayback Machine for archived pages | API      |\n\n### Heavy Hitters (High Noise - Use Selectively)\n\n| Technique               | Flag              | What It Does                               | Requests |\n| :---------------------- | :---------------- | :----------------------------------------- | :------- |\n| **Extensions**    | `extensions`    | 926 file extensions (.php, .aspx, .bak...) | 926      |\n| **Default Creds** | `default-creds` | 1,909 credential pairs via HTTP Basic Auth | 1,909    |\n\n---\n\n## Usage\n\n### Basic Scan (All Techniques)\n\n```bash\n./400OK -u https://target.com/admin\n```\n\n### Select Specific Techniques\n\n```bash\n# Only test bug bounty tips and header manipulation\n./400OK -u https://target.com/admin -k bugbounty-tips,headers,verbs\n```\n\n### Exclude Noisy Techniques\n\n```bash\n# Run everything EXCEPT default credentials and extensions\n./400OK -u https://target.com/admin -e default-creds,extensions\n```\n\n### With Proxy (Burp Suite)\n\n```bash\n./400OK -u https://target.com/admin -x http://127.0.0.1:8080\n```\n\n### Custom Headers\n\n```bash\n./400OK -u https://target.com/admin -H \"Authorization: Bearer eyJ...\" -H \"X-Custom: value\"\n```\n\n### Export to JSON\n\n```bash\n./400OK -u https://target.com/admin -j results.json\n```\n\n### Stealth Mode\n\n```bash\n# Slow and quiet - 500ms delay, only 10 concurrent requests, random user-agent\n./400OK -u https://target.com/admin -d 500 -m 10 --random-agent -k bugbounty-tips,headers\n```\n\n### From Burp Suite Request File\n\n```bash\n./400OK --request-file burp_request.txt\n```\n\n### Pipe Multiple URLs\n\n```bash\ncat urls.txt | ./400OK\n```\n\n---\n\n## Scan Profiles\n\n### Quick Scan (Bug Bounty)\n\n*Fast, low noise, high-value techniques*\n\n```bash\n./400OK -u https://target.com/admin -k verbs,headers,bugbounty-tips -d 100\n```\n\n### Standard Scan (Pentest)\n\n*Balanced - excludes the noisiest techniques*\n\n```bash\n./400OK -u https://target.com/admin -e default-creds -x http://127.0.0.1:8080\n```\n\n### Full Arsenal (Lab Environment)\n\n*Everything, including the kitchen sink*\n\n```bash\n./400OK -u https://target.com/admin -v\n```\n\n### Ninja Mode (Stealth)\n\n*Minimal footprint, maximum patience*\n\n```bash\n./400OK -u https://target.com/admin -k bugbounty-tips,headers -d 1000 -m 5 --random-agent\n```\n\n---\n\n## All Flags\n\n```\nREQUIRED:\n  -u, --uri              Target URL (e.g., https://target.com/admin)\n\nTECHNIQUE SELECTION:\n  -k, --technique        Include only these techniques (comma-separated)\n  -e, --exclude          Exclude these techniques (comma-separated)\n                         Note: -k and -e are mutually exclusive\n\nREQUEST OPTIONS:\n  -H, --header           Custom headers (repeatable)\n  -t, --http-method      Force specific HTTP method\n  -a, --user-agent       Custom User-Agent string\n  --random-agent         Use random User-Agent per request\n  -i, --bypass-ip        IP to inject in bypass headers\n\nPERFORMANCE:\n  -m, --max-goroutines   Max concurrent requests (default: 50)\n  -d, --delay            Delay between requests in ms (default: 0)\n  --timeout              Request timeout in ms (default: 6000)\n  -l, --rate-limit       Stop on 429 responses\n\nPROXY \u0026 NETWORK:\n  -x, --proxy            Proxy URL (e.g., http://127.0.0.1:8080)\n  -r, --redirect         Follow redirects\n  --http                 Use HTTP instead of HTTPS\n\nOUTPUT:\n  -v, --verbose          Show all responses (not just bypasses)\n  --unique               Show only unique status/length combinations\n  -j, --json             Export results to JSON file\n  -s, --summary          Show scan summary (default: true)\n  --no-banner            Hide the startup banner\n\nINPUT:\n  -f, --folder           Custom payloads folder location\n  --request-file         Load request from Burp-style file\n  --status               Filter by status codes (e.g., 200,301,403)\n```\n\n---\n\n## How It Works\n\n### 1. Auto-Calibration\n\n400OK first makes a baseline request to understand the \"normal\" response. Any bypass attempt that returns the same content length is filtered out - no more wading through thousands of false positives.\n\n### 2. Parallel Execution\n\nUsing Go's goroutines, 400OK fires off 50+ requests simultaneously (configurable). This means scanning completes in seconds, not hours.\n\n### 3. Smart Filtering\n\nResults are deduplicated and only genuinely different responses are shown. The tool tracks:\n\n- Status codes\n- Content lengths\n- Response patterns\n\n### 4. Graceful Handling\n\nPress Ctrl+C at any time - 400OK will show you what it found so far before exiting cleanly.\n\n---\n\n## Why 400OK?\n\nWe compared 400OK against every major bypass tool. Here's how it stacks up:\n\n| Feature                    | bypass-403.sh | byp4xx | nomore403 | **400OK Ultimate** |\n| :------------------------- | :-----------: | :-----: | :-------: | :----------------------: |\n| **Techniques**       |      ~20      |    9    |     8     |       **22**       |\n| **Total Payloads**   |      ~20      |  3,480  |   1,420   |     **4,400+**     |\n| **HTTP Methods**     |       3       |   84   |    17    |       **86**       |\n| **Auto-Calibration** |      No      |   No   |    Yes    |      **Yes**      |\n| **IPv6 Bypass**      |      No      |   No   |    No    |      **Yes**      |\n| **Unicode/IIS**      |      No      |   No   |    No    |      **Yes**      |\n| **Wayback Check**    |      No      |   No   |    No    |      **Yes**      |\n| **WAF Bypass**       |      No      |   No   |    No    |      **Yes**      |\n| **JSON Export**      |      No      |   No   |    No    |      **Yes**      |\n| **Concurrency**      |       1       | Limited |    50    |      **50+**      |\n| **Performance**      |     Slow     |  Fast  |   Fast   |    **Fastest**    |\n\n**400OK Ultimate = Best of All Worlds**\n\n---\n\n## Payload Files\n\n400OK ships with a comprehensive payload collection:\n\n| File             |            Count | Purpose                          |\n| :--------------- | ---------------: | :------------------------------- |\n| `httpmethods`  |               86 | HTTP verb tampering              |\n| `headers`      |               53 | Bypass header names              |\n| `endpaths`     |               72 | Path suffix patterns             |\n| `midpaths`     |              245 | Path traversal patterns          |\n| `useragents`   |              999 | User-Agent rotation              |\n| `extensions`   |              926 | File extension enumeration       |\n| `defaultcreds` |            1,909 | Default username:password pairs  |\n| `ipv6`         |               10 | IPv6 localhost representations   |\n| `unicode`      |               23 | Overlong UTF-8 encodings         |\n| `waf`          |                6 | WAF bypass patterns              |\n| `hostvalues`   |               19 | Host header values               |\n| `via`          |                5 | Via header values                |\n| `forwarded`    |                8 | Forwarded header values          |\n| `cache`        |                6 | Cache-Control values             |\n| `accept`       |                6 | Accept header values             |\n| `ports`        |                8 | Port variations                  |\n| **Total**  | **4,400+** | **Comprehensive coverage** |\n\n---\n\n## Bug Bounty Techniques (Built-in)\n\nThese 13 battle-tested techniques come hardcoded in 400OK:\n\n| # | Pattern                    | Description               |\n| :-: | :------------------------- | :------------------------ |\n| 1 | `/%2e/{{path}}`          | URL encoded dot           |\n| 2 | `/%ef%bc%8f{{path}}`     | Unicode fullwidth slash   |\n| 3 | `{{path}}?`              | Query string terminator   |\n| 4 | `{{path}}??`             | Double query string       |\n| 5 | `{{path}}//`             | Double trailing slash     |\n| 6 | `{{path}}/`              | Trailing slash            |\n| 7 | `/./{{path}}/./`         | Dot slash wrappers        |\n| 8 | `{{path}}/.randomstring` | Hidden file pattern       |\n| 9 | `{{path}}..;/`           | Semicolon path with slash |\n| 10 | `{{path}}..;`            | Semicolon path terminator |\n| 11 | `/.;/{{path}}`           | Semicolon prefix          |\n| 12 | `/.;/{{path}}/.;/`       | Semicolon wrapper         |\n| 13 | `/;foo=bar/{{path}}`     | Parameter injection       |\n\n---\n\n## Troubleshooting\n\n### Too many results?\n\nThe auto-calibration should filter false positives. If you're still seeing noise:\n\n```bash\n# Use unique mode\n./400OK -u \u003ctarget\u003e --unique\n\n# Or increase delay to avoid rate-based inconsistencies\n./400OK -u \u003ctarget\u003e -d 200\n```\n\n### Scan too slow?\n\n```bash\n# Increase concurrent requests (be careful with this)\n./400OK -u \u003ctarget\u003e -m 100\n```\n\n### Getting rate limited?\n\n```bash\n# Enable rate limit detection and add delay\n./400OK -u \u003ctarget\u003e -l -d 500\n```\n\n### Want to see everything?\n\n```bash\n# Verbose mode shows all responses\n./400OK -u \u003ctarget\u003e -v\n```\n\n---\n\n## Examples: Real-World Scenarios\n\n### Scenario 1: Quick Bug Bounty Recon\n\nYou found `/admin` returning 403. Quick check with low-noise techniques:\n\n```bash\n./400OK -u https://target.com/admin -k bugbounty-tips,verbs,headers -d 100\n```\n\n### Scenario 2: Comprehensive Pentest\n\nYou have authorization and want thorough testing through Burp:\n\n```bash\n./400OK -u https://target.com/admin -x http://127.0.0.1:8080 -H \"Authorization: Bearer token123\" -e default-creds\n```\n\n### Scenario 3: Checking for IIS Unicode Bypass\n\nTarget is running IIS and you suspect unicode normalization issues:\n\n```bash\n./400OK -u https://target.com/admin -k unicode,path-case,extensions\n```\n\n### Scenario 4: 401 Unauthorized Testing\n\nEndpoint returns 401 - test for weak/default credentials:\n\n```bash\n./400OK -u https://target.com/admin -k default-creds -v\n```\n\n### Scenario 5: WAF Bypass Assessment\n\nTesting if WAF can be evaded:\n\n```bash\n./400OK -u https://target.com/admin -k waf-bypass,bugbounty-tips,double-encoding,headers\n```\n\n---\n\n## Legal Disclaimer\n\n**400OK is designed for authorized security testing only.**\n\nBefore using this tool:\n\n1. **Get explicit written permission** from the target system owner\n2. **Understand your scope** - know what you're allowed to test\n3. **Know your local laws** - unauthorized access is illegal\n4. **Use responsibly** - don't cause denial of service\n5. **Respect rate limits** - be a good internet citizen\n\n**Unauthorized use may violate:**\n\n- Computer Fraud and Abuse Act (CFAA) - USA\n- Computer Misuse Act - UK\n- Similar legislation in other jurisdictions\n\nThe authors are not responsible for misuse of this tool. Use responsibly.\n\n---\n\n## Credits\n\n400OK Ultimate Edition stands on the shoulders of giants:\n\n- **[devploit](https://github.com/devploit)** - Original `nomore403` creator\n- **[lobuhi](https://github.com/lobuhi)** - `byp4xx` creator\n- **[@me_dheeraj](https://twitter.com/me_dheeraj)** - Monster script techniques\n- **The Bug Bounty Community** - For discovering and sharing these techniques\n- **You** - For using this tool responsibly\n\n---\n\n## Contributing\n\nFound a new bypass technique? Have an idea for improvement?\n\n1. Fork the repo\n2. Create your feature branch (`git checkout -b feature/amazing-bypass`)\n3. Commit your changes (`git commit -m 'Add amazing bypass technique'`)\n4. Push to the branch (`git push origin feature/amazing-bypass`)\n5. Open a Pull Request\n\n---\n\n## Contact\n\n- **GitHub**: [@0xbugatti](https://github.com/0xbugatti)\n- **Issues**: [Report bugs or request features](https://github.com/0xbugatti/400OK/issues)\n\n---\n\n## License\n\nMIT License - Use it, modify it, share it. Just don't be evil with it.\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003eBuilt with determination by 0xBUGATTI\u003c/b\u003e\u003cbr\u003e\n  \u003ci\u003e\"Because 403 is just a suggestion\"\u003c/i\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Made%20with-Go-00ADD8?style=flat-square\u0026logo=go\" alt=\"Made with Go\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/For-Pentesters-black?style=flat-square\u0026logo=hackaday\" alt=\"For Pentesters\"/\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xbugatti%2F400ok","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xbugatti%2F400ok","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xbugatti%2F400ok/lists"}