/4oFour

A tech enumeration toolkit focused on 404 Not found pages.

Primary LanguageGoApache License 2.0Apache-2.0

4oFour

A tech enumeration toolkit for 404 Not found pages.

DescriptionFeaturesInstallationUsageContact Me

Static Badge Buy Me A Coffee



Description

4oFour is a command-line utility tool written in Go that helps enumerate technology stacks used by a target based on the unique 404 error pages they generate. By analyzing these error pages, 4oFour can identify key tech signatures and provide insights into the underlying infrastructure of a target system.

The tool currently supports the detection of 18 distinct technology signatures, with plans to expand support to additional technologies in future updates. 4oFour is designed for fast, automated tech stack discovery, offering an efficient way to gain valuable information about a target's environment.


Features

Tech Stack Enumeration

4oFour analyzes 404 error pages to identify the technologies running on a target system. With support for 18 distinct tech signatures, it provides a detailed overview of the stack based solely on error page characteristics.

Automated Detection

Simply input a target URL, and 4oFour will automatically scan for 404 error pages and detect recognizable patterns that reveal technology components, allowing for quick and efficient enumeration of tech stacks.

Signature Expansion

4oFour's detection capabilities are regularly updated. While it currently supports 18 tech signatures, the tool is designed to evolve with more signatures added soon, ensuring broad coverage of common and emerging technologies.

Installation

You can install Seize by cloning the repository and building it manually using the following steps (Make sure to have Go installed on your system):
git clone https://github.com/umair9747/4oFour.git
cd 4oFour
go build

Usage

Basic Usage

./4ofour -scan http://127.0.0.1/

Flags

  • -headers: Comma-separated custom headers (e.g., 'User-Agent:Go,Accept:/')
  • -scan: Comma-separated list of targets or file containing targets
  • -timeout: Timeout for HTTP requests (default 10s)
  • -workers: Number of concurrent workers (default 5)

Tool Output

The tool would produce a JSON output in the below format:

type Result struct {
	Target string   `json:"target"`
	Stacks []string `json:"techs"`
}

type Output struct {
	Results []Result `json:"results"`
	Errors  []string `json:"errors,omitempty"`
}

Example Output:

umair@root 4ofour % ./4ofour -scan http://127.0.0.1/

             4     |         |         
        -----------+---------+-----------
                   |    O    |         
        -----------+---------+-----------
                   |         |    four   

The tech enumeration toolkit for 404 Not found pages.
                                - Developed by 0x9747 (inspired by 0xdf)

{
  "results": [
    {
      "target": "http://127.0.0.1/somerandompathwhichmightnotexist",
      "techs": [
        "Laravel"
      ]
    }
  ]
}

Credits

I would like to give the credits for the idea to 0xdf_! If you haven't checked his amazing work on this research yet, I highly suggest you to go through his blog.

Contact Me

Have any suggestions, queries, feedback or just want to connect with me? Feel free to reach out using the below handles:

Also, if you'd like to support me for my future research works, please consider using this link for your donations!