Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/topscoder/fourohme

FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.
https://github.com/topscoder/fourohme

401 401-bypass 403 403-bypass bugbounty bugbountytips bugbountytricks cli http http-headers osint recon

Last synced: about 1 month ago
JSON representation

FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. Written in Go, so easy to install and fast out of the box.

Awesome Lists containing this project

README

        

# FourOhMe

FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes.
It tries to bypass the 40* status code by manipulating the HTTP request via HTTP headers and URL payloads.

## Installation

Install Golang, then run:

`go install -v github.com/topscoder/fourohme@latest`

## Usage

FourOhMe can be used in three ways:

1. Reading URLs from a file:

```
$ fourohme -file urls.txt
```

where `urls.txt` is a file containing a list of URLs separated by newlines.

2. Reading URLs from standard input (`STDIN`):

```
$ cat urls.txt | fourohme
```

where `urls.txt` is a file containing a list of URLs separated by newlines.

Or attach in your favourite chain commands:

```
$ cat domains.txt | subfinder | httpx -mc 401,402,403,404,405 -silent | fourohme
```

3. Reading single URL:

```
$ fourohme -url https://foo.bar
```

## Options

- `-file`: Path to a file containing URLs.
- `-force`: Force the scanner to scan all URL's regardless of the initial HTTP status code.
- `-silent`: Don't print shizzle. Only what matters.
- `-threads`: The amount of threads to be used to execute the HTTP requests. Be gentle or get blocked. (default 4)
- `-url`: URL to make requests to

## Output

FourOhMe prints the responses of each request in a colored format. A successful response (HTTP status code 200) is printed in green, while an unsuccessful response is printed in red.

## Contributing

Contributions are welcome! If you find a bug or want to suggest a new feature, please open an issue or submit a pull request.

## TODO

- [ ] Add a WAF check
- [ ] Add content check filter false positives ("The requested URL was rejected")
- [ ] Try to filter false positives by checking the content-length

## License

FourOhMe is released under the [MIT License](https://github.com/topscoder/fourohme/blob/main/LICENSE).