Forbidden-Buster - A Tool Designed To Automate Various Techniques In Order To Bypass HTTP 401 And 403 Response Codes And Gain Access To Unauthorized Areas In The System

Forbidden Buster is a tool designed to automate various techniques in order to bypass HTTP 401 and 403 response codes and gain access to unauthorized areas in the system. This code is made for security enthusiasts and professionals only. Use it at your own risk.

• Probes HTTP 401 and 403 response codes to discover potential bypass techniques.
• Utilizes various methods and headers to test and bypass access controls.
• Customizable through command-line arguments.

Install requirements

pip3 install -r requirements.txt

Run the script

python3 forbidden_buster.py -u http://example.com

Forbidden Buster accepts the following arguments:

  -h, --help            show this help message and exit
  -u URL, --url URL     Full path to be used
  -m METHOD, --method METHOD
                        Method to be used. Default is GET
  -H HEADER, --header HEADER
                        Add a custom header
  -d DATA, --data DATA  Add data to requset body. JSON is supported with escaping
  -p PROXY, --proxy PROXY
                        Use Proxy
  --rate-limit RATE_LIMIT
                        Rate limit (calls per second)
  --include-unicode     Include Unicode fuzzing (stressful)
  --include-user-agent  Include User-Agent fuzzing (stressful)

Example Usage:

python3 forbidden_buster.py --url "http://example.com/secret" --method POST --header "Authorization: Bearer XXX" --data '{\"key\":\"value\"}' --proxy "http://proxy.example.com" --rate-limit 5 --include-unicode --include-user-agent

• Hacktricks - Special thanks for providing valuable techniques and insights used in this tool.
• SecLists - Credit to danielmiessler's SecLists for providing the wordlists.
• kaimi - Credit to kaimi's "Possible IP Bypass HTTP Headers" wordlist.

Zenbuster - Multi-threaded URL Enumeration/Brute-Forcing Tool

ZenBuster is a multi-threaded, multi-platform URL enumeration tool written in Python by Zach Griffin (@0xTas).

I wrote this tool as a way to deepen my familiarity with Python, and to help increase my understanding of Cybersecurity tooling in general. ZenBuster may not be the fastest or most comprehensive tool of its kind. It is however, simple to use, decently flexible, and in practice only marginally slower than other "tried-and-true" tools like Gobuster. Personally, I have been using it to help me solve CTF challenges on platforms like TryHackMe, and have found my implementation to be satisfactorily reliable.

This software is intended for use in CTF challenges, or by security professionals to gather information on their targets:

• It is capable of brute-force enumerating subdomains and also URI resources (directories/files).
• Both methods of enumeration require use of an appropriate wordlist or dictionary file.
• Features Include:
  1. Hostname format supports standard, IPv4, and IPv6.
  2. Support for logging results to a file with -O [filename].
  3. Specifying custom ports for nonstandard webservers with -p .
  4. Optional file extensions in directory mode with -x .
  5. Quiet mode for less distracting output with -Q.
  6. Color can be disabled for less distracting output with -nc/-nl.
  7. Tested on Python versions 3.9 and 3.10, with theoretical support for versions >= 3.6

CAUTION/DISCLAIMER

ZenBuster is capable of producing a potentially unwelcome number of HTTP requests in a short amount of time.

The developers and contributors are not liable or responsible for any damage caused by misuse or abuse of this software.

Please Enumerate Responsibly!

License

ZenBuster is licensed under the GNU GPLv3 License, see here for more information.

Credits

Yin-Yang ASCII art in the banners were created by Joan G. Stark (jgs) and Hayley Jane Wakenshaw (hjw). Modifications were made by me, when specified with: 'zg'.

Installation

Firstly, ensure that Python version >= 3.6 is installed, then clone the repository with:

git clone https://github.com/0xTas/zenbuster.git

Next, cd zenbuster.

Dependencies

ZenBuster relies on 3 external libraries to function, and it is recommended to install these with:

pip install -r requirements.txt

The modules that will be installed and their purposes are as follows:

1. Python requests

   • The backbone of each enumeration request. Without this, the script will not function.

2. termcolor

   • Enables colored terminal output. Non-critical, the script can still run without color if this is not present.

3. colorama (Windows only)

   • Primes the Windows terminal to accept ANSI color codes (from Termcolor). Non-critical.

These dependencies may be installed manually, with pip using requirements.txt, or via interaction with the script upon first run.

Usage

Once dependencies have been installed, you can run the program in the following ways:

On Linux (+Mac?):

./zenbuster.py [options] or python3 zenbuster.py [options]

On Windows:

python zenbuster.py [options]

[Options]

Example Usage

./zenbuster.py -d -w /usr/share/wordlists/dirb/common.txt -u target.thm -v

python3 zenbuster.py -w ../subdomains.txt --host target.thm --ssl -O myResults.log

zenbuster -w subdomains.txt -u target.thm --quiet (With .bashrc alias)

Planned Features/Improvements

• Increased levels of optional verbosity.
• Allow optional throttling of task thread-count.
• Allow users to modify the list of ignored status codes.
• Allow greater user control over various request headers.
• Allow optional ignoring of responses based on content-length.
• Expand subdomain enumeration to include OSINT methods instead of just brute-forcing.
• Explore a more comprehensive and source-readable solution to fancy colored output (possibly using rich).

Known Issues/Limitations

• Enumerating long endpoints may result in ugly terminal output due to line-wraping on smaller console windows. Logging to a file is recommended, especially on Windows.
• If target host is a vHost on a shared webserver, enumeration via IP may not function as expected. Use domain/hostname instead.