NoMore403
介绍
nomore403是一款创新工具,旨在帮助网络安全专业人士和爱好者绕过 Web 安全评估期间遇到的 HTTP 40X 错误。与其他解决方案不同,nomore403它自动化各种技术来无缝地绕过这些访问限制,提供从标头操纵到方法篡改的广泛策略。
先决条件
在安装并运行之前nomore403,请确保您具备以下条件:
-
您的计算机上安装了 Go 1.15 或更高版本。
从源代码编译
如果您更喜欢自己编译该工具:
git clone https://github.com/devploit/nomore403cd nomore403go getgo build
用法
输出示例
________ ________ ________ ________ ________ ________ ________ ________ ________╱ ╲╱ ╲╱ ╱ ╲╱ ╲╱ ╲╱ ╲╱ ╱ ╲╱ ╲╱__ ╲╱ ╱ ╱ ╱ ╱ ╱ ╱ ╱ __╱ ╱ ╱ ╱__ ╱╱ ╱ ╱ ╱ _╱ __/____ ╱ ╱ ╱╱____╱╲________╱╲________╱Target: https://domain.com/adminHeaders: falseProxy: falseUser Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/7.0; 1ButtonTaskbar)Method: GETPayloads folder: payloadsCustom bypass IP: falseFollow Redirects: falseRate Limit detection: falseVerbose: falseDEFAULT REQUEST ━━━━━━━━━━━━━403 429 bytes https://domain.com/adminVERB TAMPERING ━━━━━━━━━━━━━━HEADERS ━━━━━━━━━━━━━━━━━━━━━CUSTOM PATHS ━━━━━━━━━━━━━━━━200 2047 bytes https://domain.com/;///..adminHTTP VERSIONS ━━━━━━━━━━━━━━━403 429 bytes HTTP/1.0403 429 bytes HTTP/1.1403 429 bytes HTTP/2CASE SWITCHING ━━━━━━━━━━━━━━200 2047 bytes https://domain.com/%61dmin
./nomore403 -u https://domain.com/admin./nomore403 -u https://domain.com/admin -x http://127.0.0.1:8080 -v./nomore403 -u https://domain.com/admin -H "Environment: Staging" -b 8.8.8.8./nomore403 -u https://domain.com/admin -m 10 -d 200./nomore403 -hCommand line application that automates different ways to bypass 40X codes.Usage:nomore403 [flags]Flags:-i, --bypass-ip string Use a specified IP address or hostname for bypassing access controls. Injects this IP in headers like 'X-Forwarded-For'.-d, --delay int Specify a delay between requests in milliseconds. Helps manage request rate (default: 0ms).-f, --folder string Specify the folder location for payloads if not in the same directory as the executable.-H, --header strings Add one or more custom headers to requests. Repeatable flag for multiple headers.-h, --help help for nomore403--http Use HTTP instead of HTTPS for requests defined in the request file.-t, --http-method string Specify the HTTP method for the request (e.g., GET, POST). Default is 'GET'.-m, --max-goroutines int Limit the maximum number of concurrent goroutines to manage load (default: 50). (default 50)--no-banner Disable the display of the startup banner (default: banner shown).-x, --proxy string Specify a proxy server for requests, e.g., 'http://server:port'.--random-agent Enable the use of a randomly selected User-Agent.-l, --rate-limit Halt requests upon encountering a 429 (rate limit) HTTP status code.-r, --redirect Automatically follow redirects in responses.--request-file string Load request configuration and flags from a specified file.-u, --uri string Specify the target URL for the request.-a, --user-agent string pecify a custom User-Agent string for requests (default: 'nomore403').-v, --verbose Enable verbose output for detailed request/response logging.
原文始发于微信公众号(Ots安全):NoMore403 自动化 Bypass 403/40X
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论