dontgo403 is a tool to bypass 40X errors.
Grab the latest release for your OS from RELEASES
Or compile by your own:
git clone https://github.com/devploit/dontgo403; cd dontgo403; go get; go buildIf you want to edit or add new bypasses, you can add it directly to the specific file in payloads folder and the tool will use it.
./dontgo403 -h
Command line application that automates different ways to bypass 40X codes.
Usage:
dontgo403 [flags]
Flags:
-b, --bypassIp string Try bypass tests with a specific IP address (or hostname). i.e.: 'X-Forwarded-For: 192.168.0.1' instead of 'X-Forwarded-For: 127.0.0.1'
-d, --delay int Set a delay (in ms) between each request. Default: 0ms
-f, --folder string Define payloads folder (if it's not in the same path as binary)
-H, --header strings Add a custom header to the requests (can be specified multiple times)
-h, --help help for dontgo403
--http Set HTTP schema for request-file requests (default HTTPS)
-t, --httpMethod string HTTP method to use (default 'GET')
-m, --max_goroutines int Set the max number of goroutines working at same time. Default: 50 (default 50)
-p, --proxy string Proxy URL. For example: http://127.0.0.1:8080
-r, --request-file string Path to request file to load flags from
-u, --uri string Target URL
-a, --useragent string Set the User-Agent string (default 'dontgo403')
-v, --verbose Set verbose mode ON (default OFF)Basic usage:
./dontgo403 -u https://domain.com/adminVerbose mode + proxy enabled:
./dontgo403 -u https://domain.com/admin -p http://127.0.0.1:8080 -vParse request from Burp:
./dontgo403 -r request.txtUse custom header + specific IP address for bypasses:
./dontgo403 -u https://domain.com/admin -H "Environment: Staging" -b 8.8.8.8Set new max of goroutines + add delay between requests:
./dontgo403 -u https://domain.com/admin -m 10 -d 200