Skip to content

Latest commit

 

History

History
68 lines (42 loc) · 1.86 KB

README.md

File metadata and controls

68 lines (42 loc) · 1.86 KB

FourOhMe

FourOhMe is a tool for testing HTTP headers on a website in order to try to bypass 40* HTTP codes. It tries to bypass the 40* status code by manipulating the HTTP request via HTTP headers and URL payloads.

Installation

Install Golang, then run:

go install -v github.com/topscoder/fourohme@latest

Usage

FourOhMe can be used in three ways:

  1. Reading URLs from a file:

    $ fourohme -file urls.txt
    

    where urls.txt is a file containing a list of URLs separated by newlines.

  2. Reading URLs from standard input (STDIN):

    $ cat urls.txt | fourohme
    

    where urls.txt is a file containing a list of URLs separated by newlines.

    Or attach in your favourite chain commands:

    $ cat domains.txt | subfinder | httpx -mc 401,402,403,404,405 -silent | fourohme 
    
  3. Reading single URL:

    $ fourohme -url https://foo.bar
    

Options

  • -file: Path to a file containing URLs.
  • -force: Force the scanner to scan all URL's regardless of the initial HTTP status code.
  • -silent: Don't print shizzle. Only what matters.
  • -threads: The amount of threads to be used to execute the HTTP requests. Be gentle or get blocked. (default 4)
  • -url: URL to make requests to

Output

FourOhMe prints the responses of each request in a colored format. A successful response (HTTP status code 200) is printed in green, while an unsuccessful response is printed in red.

Contributing

Contributions are welcome! If you find a bug or want to suggest a new feature, please open an issue or submit a pull request.

TODO

  • Add a WAF check
  • Add content check filter false positives ("The requested URL was rejected")
  • Try to filter false positives by checking the content-length

License

FourOhMe is released under the MIT License.