{"id":13845150,"url":"https://github.com/CHINA-china/Unauthorized","last_synced_at":"2025-07-12T01:31:47.849Z","repository":{"id":190635288,"uuid":"610663604","full_name":"CHINA-china/Unauthorized","owner":"CHINA-china","description":"前端未授权访问检测工具，自动提取JS泄露的接口进行测试。","archived":false,"fork":false,"pushed_at":"2023-08-25T13:52:45.000Z","size":763,"stargazers_count":32,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-11-21T18:38:54.831Z","etag":null,"topics":["hack","hacks","python3","security","security-tools","unauthorized"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CHINA-china.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-03-07T08:25:36.000Z","updated_at":"2024-08-13T06:44:42.000Z","dependencies_parsed_at":null,"dependency_job_id":"f22f0505-4a6f-4d3e-a59f-25e361d43561","html_url":"https://github.com/CHINA-china/Unauthorized","commit_stats":null,"previous_names":["china-china/unauthorized"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CHINA-china/Unauthorized","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHINA-china%2FUnauthorized","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHINA-china%2FUnauthorized/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHINA-china%2FUnauthorized/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHINA-china%2FUnauthorized/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CHINA-china","download_url":"https://codeload.github.com/CHINA-china/Unauthorized/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CHINA-china%2FUnauthorized/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264923080,"owners_count":23683716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hack","hacks","python3","security","security-tools","unauthorized"],"created_at":"2024-08-04T17:03:14.498Z","updated_at":"2025-07-12T01:31:47.043Z","avatar_url":"https://github.com/CHINA-china.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# Unauthorized\n\n### 一款高效率的前端未授权访问检测工具\n\n![logo](https://github.com/CHINA-china/Unauthorize/blob/master/static/logo.png?raw=true)\n\n## 免责声明\n- 工具仅可用作学习，以及经过授权的渗透测试，否则后果自负。\n\n## 工具特点\n\n- 内置常见高频未授权访问路径字典\n- 自动从前端js文件中提取泄露的接口进行测试\n- 采用selenium框架实现对“#”传参网址的测试\n\n## 环境搭建\n\n- **安装依赖库**\n```\npip install -r requirements.txt\n```\n\n- **下载浏览器driver驱动**\n\n- 查看浏览器版本\n![chrome](https://github.com/CHINA-china/Unauthorize/blob/master/static/picture/Install/chrome.png?raw=true)\n- 下载对应版本驱动（若没有对应版本，可下载相近版本）\n```\n下载地址：https://registry.npmmirror.com/binary.html?path=chromedriver/                                  \n```\n\n![chrome](https://github.com/CHINA-china/Unauthorize/blob/master/static/picture/Install/drive1.png?raw=true)\n\n![chrome](https://github.com/CHINA-china/Unauthorize/blob/master/static/picture/Install/drive2.png?raw=true)\n- 将driver移动到python3根目录\n![chrome](https://github.com/CHINA-china/Unauthorize/blob/master/static/picture/Install/python3.png?raw=true)\n\n## 使用\n\n- **简单使用**\n\n- ❌使用姿势--\u003e直接传入域名\n- ✔使用姿势--\u003e将需要测试的网址先用浏览器访问一遍，再复制地址传入\n```\ncd Unauthorized\npython Unauthorized.py -u http://example.com\n```\n- **扩展使用**\n\n- 自定义常见未授权路径字典\n```\n将需要添加的路径按格式添加到dict目录下的dict.txt即可\n参数解释：\n\"info\"：提示信息。\n\"method\"：请求方法。\n\"url\"：测试未授权访问的路径。\n\"state\"：响应码，作为判断未授权的条件之一。\n\"re\"：正则匹配关键字，作为判断未授权的条件之一。\n```\n- 不匹配某些js、path\n```\n将需要去除的js关键字加入到key目录下的JsKey.txt即可\n将需要去除的path关键字加入到key目录下的PathKey.txt即可\n```\n\n- 设置超时时间（-t，默认为0.5秒）\n```\ncd Unauthorized\npython Unauthorized.py -u http://example.com -t 3\n\n# 该参数会影响到检测结果，请根据网页打开速度的快慢适当调节\n# 当网址打开较慢时可将超时间调大，确保网址正常打开\n```\n\n- 设置线程数量（-T，默认为50线程）\n```\ncd Unauthorized\npython Unauthorized.py -u http://example.com -T 100\n```\n- 只检测字典内路径（-c，程序会爬取path依次与字典内url拼接）\n```\ncd Unauthorized\npython Unauthorized.py -u http://example.com -c\n```\n\n- 对单个js内泄露的path检测（-d，程序会将path与参数值拼接）\n```\ncd Unauthorized\n# 网站为 http://example.com  普通格式\npython Unauthorized.py -u http://example.com/js/test.js -d http://example.com\n# 网站为 http://example.com/#/login  #号格式\npython Unauthorized.py -u http://example.com/js/test.js -d http://example.com/#\n# 网站为 http://example.com/web/  目录格式\npython Unauthorized.py -u http://example.com/js/test.js -d http://example.com/web\n```\n\n- **效果展示**\n![demo1](https://github.com/CHINA-china/Unauthorize/blob/master/static/picture/demo/demo1.png?raw=true)\n![demo2](https://github.com/CHINA-china/Unauthorize/blob/master/static/picture/demo/demo2.png?raw=true)\n\n\n## 更新\n\nv20230825\n1. 优化了输出结果。\n2. 新增只对字典内路径进行拼接测试。\n\nv20230325\n1. 优化了path匹配正则。\n2. 新增对单个js文件内的path未授权测试。\n\nv20230319\n1. 修复一些问题，增加进度条可视化。\n\nv20230315\n1. 增加自定义超时时间、线程数量功能。\n2. 增加自定义关键字功能，程序将不匹配含关键字的js、path。\n\n\nv20230308\n1. 优化js提取，解决js重复提取问题。\n2. 去除自定义字典功能，新增自动输出html报告功能。\n\n\n## 引用\n- 默认字典来自以下优秀项目：\n  1. RouteVulScan (https://github.com/F6JO/RouteVulScan)\n\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCHINA-china%2FUnauthorized","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FCHINA-china%2FUnauthorized","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCHINA-china%2FUnauthorized/lists"}