Skip to content

Instantly share code, notes, and snippets.

View blueorionn's full-sized avatar

Swadhin Tandi blueorionn

2 followers · 0 following
View GitHub Profile
@blueorionn
blueorionn / bypass-403.md
Created July 18, 2025 19:22
Comprehensive Guide to Bypassing 403 Forbidden Restriction

Comprehensive Guide to Bypassing 403 Forbidden Restriction

Understanding how to bypass 403 errors is an indispensable skill for penetration testers, enabling them to identify and report critical vulnerabilities within web applications responsibly. The successful circumvention of a 403 restriction can have severe consequences, including unauthorized access to sensitive data, widespread data breaches, and exposure of confidential customer information.

In this article, we will explore several techniques for bypassing the 403 restriction.

1.HTTP Method Tampering

Web servers frequently implement access restrictions based on the HTTP method used in a request. Due to misconfigurations, a resource that is explicitly forbidden when accessed via common methods like GET might become unexpectedly accessible through methods such as POST, HEAD, OPTIONS, PUT, or DELETE.

@blueorionn
blueorionn / ip_obfuscator.py
Created July 13, 2025 14:30
Python script to obfuscate ip
# Copyright (c) 2025-present, Swadhin
# Python script to obfuscate ip
import sys
import random
def convert_to_octects(ip: str) -> list[str]:
"""
Splits an IPv4 address into its octets.
@blueorionn
blueorionn / has_multiple_http.py
Created May 19, 2025 09:38
Python script that filters URLs containing two or more http:// or https:// occurrences
# Copyright (c) 2025-present, Swadhin
# Python script that filters URLs containing two or more http:// or https:// occurrences
import re
import sys
def has_multiple_http(url):
"""Check if URL contains 2+ http/https occurrences."""
http_count = len(re.findall(r'https?:\/\/', url, re.IGNORECASE))
return http_count >= 2
@blueorionn
blueorionn / open-redirect.sh
Last active May 19, 2025 04:36
Code block to grep open redirect url patterns
# Copyright (c) 2025-present, Swadhin
# Code block to grep open redirect url patterns
grep -Pi "(?<=\?|&)(?:return|continue|redirect|next|url|destination|r|u|goto|path|view|file|link|out|image_url|callback|ret|target|from_url|forward|redir|rel|location|filepath|download_url|host|domain|cgi|data|q|page|id|action|cmd|req|state|token|code|hash|api|user|email|name|lang|format|type|mode|debug|test|version|v|ver|save|load|upload|download|backup|reset|close|open|verify|confirm|allow|deny|subscribe|follow|like|vote|flag|report|comment|post|date|time|year|month|day|hour|minute|second|week|today|now|before|after|since|until|location|address|street|road|place|venue|shop|store|school|office|company|business|group|team|member|leader|manager|director|executive|president|account|bank|payment|pay|fee|price|rate|discount|credit|balance|currency|cash|money|dollar|euro|pound|yen|bitcoin|crypto)[_\-]?(?:url|uri|to|path|src|ref|id|key|val|value|var|name|addr|host|domain|link|file|img|image|page|num|no|nr)?=([^& \"]+)"
@blueorionn
blueorionn / extract-endpoints-from-sitemap.py
Created May 8, 2025 06:03
Extract URL endpoints from sitemap recursively
# Copyright (c) 2025-present, Swadhin
# Extract URL endpoints from sitemap recursively
# NOTE: Some websites may use different XML namespaces or structures in their sitemaps.
# Adjust the parsing logic accordingly if you encounter issues with specific sitemaps.
import argparse
import sys
import requests
import xml.etree.ElementTree as ET
@blueorionn
blueorionn / external-url-from-html-page.js
Created May 7, 2025 03:41
Extract External URLs from single HTML page
// Copyright (c) 2025-present, Swadhin
// biome-ignore lint/complexity/useArrowFunction: Use function keyword for legacy support.
(function () {
const currentHost = window.location.host;
const html = document.documentElement.innerHTML;
// Regex to find all http(s) URLs
const urlRegex = /https?:\/\/[^\s"'<>]+/g;
const allMatches = Array.from(html.matchAll(urlRegex), m => m[0]);
@blueorionn
blueorionn / information-disclosure.txt
Created May 6, 2025 08:38
Information disclosure wordlist
# Copyright (c) 2025-present, Swadhin
# Admin Panel URLs
/admin
/administrator
/login
/admin.php
/administrator.php
/login.php
/admin/login.php
@blueorionn
blueorionn / html-tags.txt
Created May 1, 2025 01:53
A comprehensive collection of HTML tags.
html
head
title
body
meta
link
style
base
article
aside
@blueorionn
blueorionn / user-agents.txt
Last active April 14, 2025 10:58 — forked from pzb/user-agents.txt
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.94 Chrome/37.0.2062.94 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) Version/8.0.8 Safari/600.8.9
Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0)
@blueorionn
blueorionn / html-on-attributes.txt
Created April 14, 2025 08:41
A comprehensive collection of HTML on-* attributes, providing a quick reference for event handling in HTML elements.
onafterprint
onbeforeprint
onbeforeunload
onerror
onhashchange
onload
onmessage
onoffline
ononline
onpagehide