{"id":17922118,"url":"https://github.com/carlospolop/fuzzhttpbypass","last_synced_at":"2025-04-06T20:10:49.219Z","repository":{"id":104205661,"uuid":"172796757","full_name":"carlospolop/fuzzhttpbypass","owner":"carlospolop","description":"This tool use fuuzzing to try to bypass unknown authentication methods, who knows...","archived":false,"fork":false,"pushed_at":"2024-08-09T14:58:45.000Z","size":34,"stargazers_count":246,"open_issues_count":6,"forks_count":40,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-30T17:11:18.072Z","etag":null,"topics":["authentication","bypass","fuzzing","http","wfuzz"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/carlospolop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-26T21:54:21.000Z","updated_at":"2025-03-28T11:20:25.000Z","dependencies_parsed_at":"2024-12-25T14:13:11.725Z","dependency_job_id":null,"html_url":"https://github.com/carlospolop/fuzzhttpbypass","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlospolop%2Ffuzzhttpbypass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlospolop%2Ffuzzhttpbypass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlospolop%2Ffuzzhttpbypass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/carlospolop%2Ffuzzhttpbypass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/carlospolop","download_url":"https://codeload.github.com/carlospolop/fuzzhttpbypass/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247543591,"owners_count":20955865,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","bypass","fuzzing","http","wfuzz"],"created_at":"2024-10-28T20:37:41.763Z","updated_at":"2025-04-06T20:10:49.190Z","avatar_url":"https://github.com/carlospolop.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# FuzzHTTPBypass\n\nThis tool use fuuzzing to try to bypass unknown authentication methods, who knows...\n\nThis is mainly for CTFs.\n\n## Installation\n\nYou only need to have installed **wfuzz**\n\n```bash\npip3 install wfuzz\n```\n\n## Features\n\n- [+] Get and show **GET code**, **cookies sent** by server and **content if redirect** (all of this in the provided url)\n- [+] Fuzz **HTTP Verbs(Methods)**: *GET, HEAD, POST, DELETE, CONNECT, OPTIONS, TRACE, PUT, INVENTED*\n- [+] Fuzz **HTTP Headers**: *Forwarded, X-Forwarded-For, X-ProxyUser-Ip, Referer, User-Agent, Cookies*\n- [+] Fuzz **HTTP Authentication**: *Basic and NTLM*\n- [+] **Filter** by code or by words (appearing or not)\n- [+] **Autocontained**\n\n## Example\n\nShow responses that do not return code 403 of url http://example.com/index.php\n\n`./fuzzhttpbypass.py -f notcontains,403 -u http://example.com/index.php`\n\nResponses that do not contains the code 240 (show all) in http://example.com/index.php\n\n`./fuzzhttpbypass.py -f notcontains,240 -u http://example.com/index.php`\n\nResponses that do not contains the word \"Invalid\" in http://example.com/index.php (Currently, the Wfuzz API has problems with spaces so we can't use them)\n\n`./fuzzhttpbypass.py -f notcontains,Invalid -u http://example.com/index.php`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcarlospolop%2Ffuzzhttpbypass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcarlospolop%2Ffuzzhttpbypass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcarlospolop%2Ffuzzhttpbypass/lists"}