403-Bypass-Jagat Tool to bypass 403/401. This script contain all the possible techniques to do the same.
-
Note: If multiple
[200 OK]responses or bypasses appear in the output, please verify the Content-Length. If the Content-Length is identical for multiple[200 OK]responses or bypasses, it indicates a false positive. Possible reasons could include "301/302" redirects or "../" [Payload]. Do not panic. -
The script will output the
cURLpayload if a potential bypass is detected.
git clone https://github.com/jagat-singh-chaudhary/403-Bypass-Jagat.gitcd 403-Bypass-Jagatchmod +x 403-Bypass-Jagat.shsudo apt install figlet- If you are unable to see the logo as in the screenshot
Jagat_Singh:$ bash 403-Bypass-Jagat.sh -h
- Scan with specific payloads:
- [
--header] Support HEADER based bypasses/payloadsJagat_Singh:$ bash 403-Bypass-Jagat.sh -u https://target.com/secret --header
- [
--protocol] Support PROTOCOL based bypasses/payloadsJagat_Singh:$ bash 403-Bypass-Jagat.sh -u https://target.com/secret --protocol
- [
--port] Support PORT based bypasses/payloadsJagat_Singh:$ bash 403-Bypass-Jagat.sh -u https://target.com/secret --port
- [
--HTTPmethod] Support HTTP Method based bypasses/payloadsJagat_Singh:$ bash 403-Bypass-Jagat.sh -u https://target.com/secret --HTTPmethod
- [
--encode] Support URL Encoded bypasses/payloadsJagat_Singh:$ bash 403-Bypass-Jagat.sh -u https://target.com/secret --encode
- [
--SQLi] Support MySQL mod_Security & libinjection bypasses/payloads [** New **]Jagat_Singh:$ bash 403-Bypass-Jagat.sh -u https://target.com/secret --SQLi
- [
- Complete Scan {includes all exploits/payloads} for an endpoint [ --exploit ]
Jagat_Singh:$ bash 403-Bypass-Jagat.sh -u https://target.com/secret --exploit- apt install curl [Debian]
If you find our work helpful and would like to support us, consider buying us a coffee. Your support keeps us motivated and helps us create more awesome contents and Tools. ❤️
☕ Support Us Here: https://buymeacoffee.com/jagatsingh