Offensive Security Tool: dontgo403

by | Apr 14, 2023 | Tools

Post Views: 9,187

Premium Content

Patreon
Reading Time: 2 Minutes

Description

DontGo403 by devploit is a tool designed to help Pentesters and Red Teams identify vulnerabilities in web servers that could be exploited to gain unauthorized access to resources. The tool does this by bypassing HTTP error code 403 responses, which are typically used to indicate that a user is not authorized to access a particular resource or webpage.

DontGo403, can send multiple requests to a web server, each with a different User-Agent string, to identify a User-Agent string that is not being blocked by the server. By doing so, they can bypass the 403 error code and potentially gain access to restricted resources.

See Also: So you want to be a hacker?
Offensive Security Courses

Installation

Grab the latest release for your OS from RELEASES

Or compile by your own:

git clone https://github.com/devploit/dontgo403; cd dontgo403; go get; go build

 

Trending: Offensive Security Tool: Mythic

Trending: Offensive Security Tool: dontgo403

Customization

If you want to edit or add new bypasses, you can add it directly to the specific file in payloads folder and the tool will use it.

 

Options

./dontgo403 -h

Command line application that automates different ways to bypass 40X codes.

Usage:
  dontgo403 [flags]

Flags:
  -b, --bypassIp string       Try bypass tests with a specific IP address (or hostname). i.e.: 'X-Forwarded-For: 192.168.0.1' instead of 'X-Forwarded-For: 127.0.0.1'
  -d, --delay int             Set a delay (in ms) between each request. Default: 0ms
  -f, --folder string         Define payloads folder (if it's not in the same path as binary)
  -H, --header strings        Add a custom header to the requests (can be specified multiple times)
  -h, --help                  help for dontgo403
      --http                  Set HTTP schema for request-file requests (default HTTPS)
  -t, --httpMethod string     HTTP method to use (default 'GET')
  -m, --max_goroutines int    Set the max number of goroutines working at same time. Default: 50 (default 50)
  -p, --proxy string          Proxy URL. For example: http://127.0.0.1:8080
  -r, --request-file string   Path to request file to load flags from
  -u, --uri string            Target URL
  -a, --useragent string      Set the User-Agent string (default 'dontgo403')
  -v, --verbose               Set verbose mode ON (default OFF)

See Also: Write up: How do QR Codes work and how criminal hackers use them to generate phishing attacks – Demo

Example of usage

Clone the repo from here: GitHub Link
Merch

Recent Tools

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This