Search the Community

Bypass 4xx HTTP response status codes and more. Based on PycURL. Script uses multithreading and is based on brute forcing, so it might have some false positive results. Script has colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. To manually filter out false positive results, for each unique content length, run the provided cURL command and check the response. If it does not result in bypass, just ignore all the results with the same content length. v9.4 Bug fixes and slight improvements. Python tool for brute forcing 4xx response status codes. Based on PycURL. [hide][Hidden Content]]

0.8: New year, new release Latest Main functions refactorization Correct wordling Update golang.org/x/text from 0.3.7 to 0.3.8 to fix a security vulnerability Added feature: parse from requestFile (BurpSuite's Repeater syntax) Some minor errors fix [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v9.1 Reintroduced PycURL as it is less prone to exceptions and because Python Requests fixed their double header bug. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes and more. Script uses multithreading and is based on brute forcing, so it might have some false positive results. Script has colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. To manually filter out false positive results, for each unique content length, run the provided cURL command and check the response. If it does not result in bypass, just ignore all the results with the same content length. v8.4 Latest Package install. Removed PycURL as it was redundant, Python Requests does the same job. Python tool for brute forcing 4xx response status code [hide][Hidden Content]]

What does HTTP Response Status Code Says? List Of Most Commonly Shown Status Code Along With Their Saying 100 : Continue 101 : Switching Protocol 102: Processing (WebDAV) 103 : Early Hints 200: OK 201 : Created 202 : Accepted 203 : Non-Authoritative Information 204 : No Content 205 : Reset Content 206 : Partial Content 207 : Multi-Status (WebDAV) 208 : Already Reported (WebDAV) 226 : IM Used (HTTP Delta encoding) 300 : Multiple Choice 301 : Moved Permanently 302 : Found 303 : See Other 304 : Not Modified 305 : Use Proxy 306 : unused 307 : Temporary Redirect 308 : Permanent Redirect 400 : Bad Request 401 : Unauthorized 402 : Payment Required . 403 : Forbidden 404 : Not Found 405 : Method Not Allowed 406 : Not Acceptable 407 : Proxy Authentication Required 408 : Request Timeout 409 : Conflict 410 : Gone 411 : Length Required 412 : Precondition Failed 413 : Payload Too Large 414 : URI Too Long 415 : Unsupported Media Type 416 : Range Not Satisfiable 417 : Expectation Failed 418 : I'm a teapot 421 : Misdirected Request 422 : Unprocessable Entity (WebDAV) 423 : Locked (WebDAV) 424 : Failed Dependency (WebDAV) 425 : Too Early 426 : Upgrade Required 428 : Precondition Required 429 : Too Many Requests 431 : Request Header Fields Too Large 451 : Unavailable For Legal Reasons 500 : Internal Server Error 501 : Not Implemented 502 : Bad Gateway 503 : Service Unavailable 504 : Gateway Timeout 505 : HTTP Version Not Supported 506 : Variant Also Negotiates 507 : Insufficient Storage (WebDAV) 508 : Loop Detected (WebDAV) 510 : Not Extended 511 : Network Authentication Required HTTP Response Status Codes Indicates Whether A Specific HTTP Request Has Been Successfully Completed ==============================

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v7.8 Default number of parallel threads fix, added base domain IPs, and some other optimizations. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v7.5 Added stats at finish. Lots of bug fixes, improvements, and new tests added. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v6.3 Fixed some issues in URL encoding bypasses and added new ones, and added more HTTP header and URL path bypasses. Added option to filter false-positive results by content length. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.8 Added port overrides, and added more HTTP request headers. [hide][Hidden Content]]

Carbon Black Response IR tool for hunting threats in an environment What is it? AutoResponder is a tool aimed to help people to carry out their Incident Response tasks WITH the help of Carbon Black Response's awesome capabilities and WITHOUT much bothering IT/System/Network Teams What can it do? Module ✔️ / ❌ Delete Files ✔️ Delete Registry Values ✔️ Delete Win32 Service Entries ✔️ Delete Scheduled Task Entries ✔️ Detailed Sensor List Export ✔️ Find Files ✔️ Find Registry Values ✔️ Download Files ✔️ Download A list of Win32 Service Entries ✔️ Download A list of Scheduled Task Entries ✔️ Download A list of WMI Entries ✔️ Isolate/Unisolate Sensors ✔️ Kill Running Processes ✔️ Restart Sensors ✔️ Restart Endpoints ✔️ Generate CSV reports ✔️ Scan Collected binaries with THOR APT Scanner ✔️ Delete WMI Entries ❌ Solve the whole case and generate a nice report so we can all have a cold beer ❌ [hide][Hidden Content]]

Dontgo403 is a tool to bypass 40X errors. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.7 Heavy refactoring of encoding option, and some tweaks. Added some new ideas in “to do” list. [hide][Hidden Content]]

Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.4 Description/text updates. Added scheme-override bypass. [hide][Hidden Content]]

Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.3 Added scheme-override bypass. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.2 Few minor fixes. [hide][Hidden Content]]

Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.1 Comma-separated values can now be used to specify tests. [hide][Hidden Content]]

Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v5.0 Added proxy option, and did some small tweaks. [hide][Hidden Content]]

Forbidden Bypass 4xx HTTP response status codes. Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with ‘Content-Length: 0’ header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two ‘Host’ headers, various URL path bypasses, basic-authentication/authorization including null session, broken URL parser check. Changelog v4.3 Regular expression fix. Content length fixes for cURL on Windows. Code rebase lots of fixes and broken URL parser testing. [hide][Hidden Content]]

Bypass 4xx HTTP response status codes. To see all the test cases, check the source code - follow the NOTE comments. Script uses multithreading, and is based on brute forcing so might have some false positives. Script uses colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. Extend this script to your liking. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help! Tests: various HTTP methods, various HTTP methods with 'Content-Length: 0' header, cross-site tracing (XST) with HTTP TRACE and TRACK methods, file upload with HTTP PUT method, various HTTP method overrides, various HTTP headers, various URL overrides, URL override with two 'Host' headers, various URL path injections, basic authentication/authorization including null session. [hide][Hidden Content]]

SourceWolf Amazingly fast response crawler to find juicy stuff in the source code! What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests or from the local response files (if any). Brute forcing host using a wordlist. Get the status codes for a list of URLs / Filtering out the live domains from a list of hosts. All the features mentioned above execute with great speed. SourceWolf uses the Session module from the requests library, which means, it reuses the TCP connection, making it really fast. SourceWolf provides you with an option to crawl the responses files locally so that you aren’t sending requests again to an endpoint, whose response you already have a copy of. The final endpoints are in a complete form with a host like [Hidden Content] are not as /api/admin. This can come useful when you are scanning a list of hosts. Changelog v1.8 new-features: SourceWolf can now grab github and linkedin profiles along with social media links! [hide][Hidden Content]]

SourceWolf Amazingly fast response crawler to find juicy stuff in the source code! What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests or from the local response files (if any). Brute forcing host using a wordlist. Get the status codes for a list of URLs / Filtering out the live domains from a list of hosts. All the features mentioned above execute with great speed. SourceWolf uses the Session module from the requests library, which means, it reuses the TCP connection, making it really fast. SourceWolf provides you with an option to crawl the responses files locally so that you aren’t sending requests again to an endpoint, whose response you already have a copy of. The final endpoints are in a complete form with a host like [Hidden Content] are not as /api/admin. This can come useful when you are scanning a list of hosts. Changelog v1.3 Bug which did not allow detecting const variables fixed! [hide][Hidden Content]]

AMIRA: Automated Malware Incident Response & Analysis AMIRA is a service for automatically running the analysis on theOSXCollector output files. The automated analysis is performed viaOSXCollector Output Filters, in particular The One Filter to Rule Them All: the Analyze Filter. AMIRA takes care of retrieving the output files from an S3 bucket, running the Analyze Filter and then uploading the results of the analysis back to S3 (although one could envision as well attaching them to the related JIRA ticket). Prerequisites tox The following steps assume you have tox installed on your machine. If this is not the case, please run: $ sudo pip install tox OSXCollector Output Filters configuration file AMIRA uses OSXCollector Output Filters to do the actual analysis, so you will need to have a valid osxcollector.yaml configuration file in the working directory. The example configuration file can be found in the OSXCollector Output Filters. The configuration file mentions the location of the file hash and the domain blacklists. Make sure that the blacklist locations mentioned in the configuration file are also available when running AMIRA. AWS credentials AMIRA uses boto to interface with AWS. You can supply the credentials using either of the possible boto config files. The credentials should allow reading and deleting SQS messages from the SQS queue specified in the AMIRA config as well as the read access to the objects in the S3 bucket where the OSXCollector output files are stored. To be able to upload the analysis results back to the S3 bucket specified in the AMIRA configuration file, the credentials should also allow write access to this bucket. AMIRA Architecture The service uses the S3 bucket event notifications to trigger the analysis. You will need to configure an S3 bucket for the OSXCollector output files, so that when a file is added there the notification will be sent to an SQS queue (AmiraS3EventNotifications in the picture below). AMIRA periodically checks the queue for any new messages and upon receiving one it will fetch the OSXCollector output file from the S3 bucket. It will then run the Analyze Filter on the retrieved file. The Analyze Filter runs all the filters contained in the OSXCollector Output Filters package sequentially. Some of them communicate with the external resources, like domain and hashes blacklists (or whitelists) and threat intel APIs, e.g. VirusTotal,OpenDNS Investigate or ShadowServer. The original OSXCollector output is extended with all of this information and the very last filter run by the Analyze Filter summarizes all of the findings into a human-readable form. After the filter finishes running, the results of the analysis will be uploaded to the Analysis Results S3 bucket. The overview of the whole process and the system components involved in it are depicted below: Using AMIRA The main entry point to AMIRA is in the amira/amira.py module. You will first need to create an instance of AMIRA class by providing the AWS region name, where the SQS queue with the event notifications for the OSXCollector output bucket is, and the SQS queue name: from amira.amira import AMIRA amira = AMIRA('us-west-1', 'AmiraS3EventNotifications') Then you can register the analysis results uploader, e.g. the S3 results uploader: from amira.s3 import S3ResultsUploader s3_results_uploader = S3ResultsUploader('amira-results-bucket') amira.register_results_uploader(s3_results_uploader) Finally, run AMIRA: amira.run() Go get some coffee, sit back, relax and wait till the analysis results pop up in the S3 bucket! Download: [Hidden Content]

HTTP response splitting [Hidden Content]