{"id":20042867,"url":"https://github.com/topscoder/fourohme","last_synced_at":"2025-05-05T08:32:39.827Z","repository":{"id":163593820,"uuid":"639066134","full_name":"topscoder/fourohme","owner":"topscoder","description":"FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.","archived":false,"fork":false,"pushed_at":"2024-02-05T12:51:09.000Z","size":64,"stargazers_count":23,"open_issues_count":1,"forks_count":4,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-08T19:52:43.336Z","etag":null,"topics":["401","401-bypass","403","403-bypass","bugbounty","bugbountytips","bugbountytricks","cli","http","http-headers","osint","recon"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/topscoder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-05-10T17:28:35.000Z","updated_at":"2025-04-07T15:29:28.000Z","dependencies_parsed_at":"2024-02-05T13:53:29.452Z","dependency_job_id":null,"html_url":"https://github.com/topscoder/fourohme","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/topscoder%2Ffourohme","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/topscoder%2Ffourohme/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/topscoder%2Ffourohme/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/topscoder%2Ffourohme/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/topscoder","download_url":"https://codeload.github.com/topscoder/fourohme/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252466904,"owners_count":21752460,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["401","401-bypass","403","403-bypass","bugbounty","bugbountytips","bugbountytricks","cli","http","http-headers","osint","recon"],"created_at":"2024-11-13T10:53:59.239Z","updated_at":"2025-05-05T08:32:37.602Z","avatar_url":"https://github.com/topscoder.png","language":"Go","readme":"# FourOhMe\n\nFourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. \nIt tries to bypass the 40* status code by manipulating the HTTP request via HTTP headers and URL payloads.\n\n## Installation\n\nInstall Golang, then run:\n\n`go install -v github.com/topscoder/fourohme@latest`\n\n## Usage\n\nFourOhMe can be used in three ways:\n\n1. Reading URLs from a file:\n\n   ```\n   $ fourohme -file urls.txt\n   ```\n\n   where `urls.txt` is a file containing a list of URLs separated by newlines.\n\n2. Reading URLs from standard input (`STDIN`):\n\n   ```\n   $ cat urls.txt | fourohme\n   ```\n\n   where `urls.txt` is a file containing a list of URLs separated by newlines.\n   \n   Or attach in your favourite chain commands:\n   \n   ```\n   $ cat domains.txt | subfinder | httpx -mc 401,402,403,404,405 -silent | fourohme \n   ```\n\n3. Reading single URL:\n\n    ```\n    $ fourohme -url https://foo.bar\n    ```\n\n## Options\n\n- `-file`: Path to a file containing URLs.\n- `-force`: Force the scanner to scan all URL's regardless of the initial HTTP status code.\n- `-silent`: Don't print shizzle. Only what matters.\n- `-threads`: The amount of threads to be used to execute the HTTP requests. Be gentle or get blocked. (default 4)\n- `-url`: URL to make requests to\n\n## Output\n\nFourOhMe prints the responses of each request in a colored format. A successful response (HTTP status code 200) is printed in green, while an unsuccessful response is printed in red.\n\n## Contributing\n\nContributions are welcome! If you find a bug or want to suggest a new feature, please open an issue or submit a pull request.\n\n## TODO\n\n- [ ] Add a WAF check\n- [ ] Add content check filter false positives (\"The requested URL was rejected\")\n- [ ] Try to filter false positives by checking the content-length\n\n## License\n\nFourOhMe is released under the [MIT License](https://github.com/topscoder/fourohme/blob/main/LICENSE).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftopscoder%2Ffourohme","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftopscoder%2Ffourohme","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftopscoder%2Ffourohme/lists"}