Update logo and minor refactor changes

devploit · devploit · commit 26a95c1e0bb9 · 2025-04-17T11:22:29.000+02:00
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 <p align="center">
-  <img src="https://i.imgur.com/NtlwDVT.png" width="600" height="200" alt="logo">
+  <img src="https://i.imgur.com/F4D1zhr.png" width="350" height="200" alt="logo">
 </p>
 
 <h1 align="center">NoMore403</h1>
@@ -8,10 +8,45 @@
   <a href="https://github.com/devploit/nomore403/issues"><img alt="contributions welcome" src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a>
 </p>
 
+## Table of Contents
+- [Introduction](#introduction)
+- [Features](#features)
+- [Implemented Bypass Techniques](#implemented-bypass-techniques)
+- [Prerequisites](#prerequisites)
+- [Installation](#installation)
+- [How It Works](#how-it-works)
+- [Customization](#customization)
+- [Usage](#usage)
+- [Options](#options)
+- [Common Use Cases](#common-use-cases)
+- [Contributing](#contributing)
+- [Security Considerations](#security-considerations)
+- [License](#license)
+- [Acknowledgments](#acknowledgments)
+- [Contact](#contact)
+
 ## Introduction
 
 `nomore403` is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, `nomore403` automates various techniques to seamlessly navigate past these access restrictions, offering a broad range of strategies from header manipulation to method tampering.
 
+## Features
+
+- **Auto-calibration**: Automatically detects server base responses to identify successful bypasses
+- **Multiple bypass techniques**: Implements 8 different techniques to bypass restrictions
+- **High concurrency**: Uses goroutines for fast and efficient testing
+- **Customizable**: Easily add new payloads and techniques
+
+## Implemented Bypass Techniques
+
+- **Verb Tampering**: Tests different HTTP methods to access protected resources
+- **Verb Case Switching**: Manipulates HTTP method capitalization to detect incorrect implementations
+- **Headers**: Injects headers designed for bypassing like X-Forwarded-For, X-Original-URL, etc.
+- **Custom Paths**: Tests alternative paths that can bypass access restrictions
+- **Path Traversal (midpaths)**: Inserts patterns in the middle of paths to confuse parsers
+- **Double-Encoding**: Uses double URL encoding to evade filters
+- **HTTP Versions**: Tests different HTTP versions (1.0, 1.1) to identify inconsistent behaviors
+- **Path Case Switching**: Manipulates uppercase/lowercase in paths to detect case-sensitive configurations
+
 ## Prerequisites
 
 Before you install and run `nomore403`, make sure you have the following:
@@ -34,10 +69,27 @@ go get
 go build
 ```
 
+## How It Works
+
+1. **Auto-calibration**: The tool makes a request to a non-existent path to determine the base response
+2. **Default request**: Makes a standard request to the target for comparison
+3. **Technique application**: Executes selected techniques in parallel
+4. **Result filtering**: Shows only responses that differ from the initial calibration (unless verbose mode is used)
+
 ## Customization
 
 To edit or add new bypasses, modify the payloads directly in the [payloads](https://github.com/devploit/nomore403/tree/main/payloads) folder. nomore403 will automatically incorporate these changes.
 
+### Payloads Folder Structure
+
+- **headers**: Headers used for bypassing
+- **ips**: IP addresses to inject in specific headers
+- **httpmethods**: Alternative HTTP methods
+- **endpaths**: Custom paths to add at the end of the target URL
+- **midpaths**: Patterns to insert in the middle of paths
+- **simpleheaders**: Common simple headers
+- **useragents**: List of User-Agents for rotation
+
 ## Usage
 
 ### Output example
@@ -107,14 +159,19 @@ Verbose:                false
 ### Use custom header + specific IP address for bypasses
 
 ```bash
-./nomore403 -u https://domain.com/admin -H "Environment: Staging" -b 8.8.8.8
+./nomore403 -u https://domain.com/admin -H "Environment: Staging" -i 8.8.8.8
 ```
 
 ### Set new max of goroutines + add delay between requests
 ```bash
 ./nomore403 -u https://domain.com/admin -m 10 -d 200
 ```
 
+### Filter by specific status codes
+```bash
+./nomore403 -u https://domain.com/admin --status 200,302
+```
+
 ## Options
 
 ```bash
@@ -148,12 +205,20 @@ Flags:
   -v, --verbose               Enable verbose output for detailed request/response logging (not based on auto-calibrate).
 ```
 
+## Common Use Cases
+
+- **Security Audits**: Identify misconfigurations in authentication systems
+- **Bug Bounty**: Discover bypasses in protected endpoints
+- **Penetration Testing**: Gain access to restricted areas during assessments
+- **Hardening**: Verify the robustness of implemented protections
+
 ## Contributing
 
 We welcome contributions of all forms. Here's how you can help:
 
- - Report bugs and suggest features.
- - Submit pull requests with bug fixes and new features.
+ - Report bugs and suggest features
+ - Submit pull requests with bug fixes and new features
+ - Add new payloads to existing folders
 
 ## Security Considerations
 
@@ -163,6 +228,13 @@ While nomore403 is designed for educational and ethical testing purposes, it's i
 
 nomore403 is released under the MIT License. See the [LICENSE](https://github.com/devploit/dontgo403/blob/main/LICENSE) file for details.
 
+## Acknowledgments
+
+NoMore403 draws inspiration from several projects in the web security space:
+- [Dontgo403](https://github.com/devploit/dontgo403) - The predecessor to NoMore403
+- The cybersecurity community for documenting and sharing bypass techniques
+- All contributors who have helped improve this tool
+
 ## Contact
 
 [![Twitter: devploit](https://img.shields.io/badge/-Twitter-blue?style=flat-square&logo=Twitter&logoColor=white&link=https://twitter.com/devploit/)](https://twitter.com/devploit/)
diff --git a/cmd/api.go b/cmd/api.go
@@ -49,7 +49,6 @@ type header struct {
 }
 
 // request makes an HTTP request using headers `headers` and proxy `proxy`.
-// If `method` is empty, it defaults to "GET".
 func request(method, uri string, headers []header, proxy *url.URL, rateLimit bool, timeout int, redirect bool) (int, []byte, error) {
 	if method == "" {
 		method = "GET"
@@ -84,7 +83,7 @@ func request(method, uri string, headers []header, proxy *url.URL, rateLimit boo
 		}
 	}
 
-	// Use  raw URL parser instead
+	// Use  raw URL parser
 	parsedURL, err := url.Parse(uri)
 	if err != nil {
 		log.Println(err)
@@ -134,7 +133,7 @@ func loadFlagsFromRequestFile(requestFile string, schema bool, verbose bool, tec
 	if err != nil {
 		log.Fatalf("Error reading request file: %v", err)
 	}
-	//Down HTTP/2 to HTTP/1/1
+	//Down HTTP/2 to HTTP/1.1
 	temp := strings.Split(string(content), "\n")
 	fistLine := strings.Replace(temp[0], "HTTP/2", "HTTP/1.1", 1)
 	content = []byte(strings.Join(append([]string{fistLine}, temp[1:]...), "\n"))
diff --git a/cmd/requester.go b/cmd/requester.go
@@ -44,7 +44,6 @@ type RequestOptions struct {
 }
 
 var _verbose bool
-var defaultSc int
 var defaultCl int
 var uniqueResults = make(map[string]bool)
 var uniqueResultsByTechnique = make(map[string]map[string]bool)
@@ -153,13 +152,11 @@ func printResult(result Result) {
 func showInfo(options RequestOptions) {
 	var statusCodeStrings []string
 
-	for _, code := range statusCodes {
-		statusCodeStrings = append(statusCodeStrings, code)
-	}
+	statusCodeStrings = append(statusCodeStrings, statusCodes...)
 	statusCodesString := strings.Join(statusCodeStrings, ", ")
 
 	if !nobanner {
-		fmt.Printf(color.MagentaString("━━━━━━━━━━━━━━ NOMORE403 CONFIGURATION ━━━━━━━━━━━━━━━━━━\n"))
+		fmt.Print(color.MagentaString("━━━━━━━━━━━━━━ NOMORE403 CONFIGURATION ━━━━━━━━━━━━━━━━━━\n"))
 		fmt.Printf("%s \t\t%s\n", "Target:", options.uri)
 		if len(options.reqHeaders) > 0 && len(options.reqHeaders[0]) != 0 {
 			for _, header := range options.headers {
@@ -252,7 +249,6 @@ func requestDefault(options RequestOptions) {
 
 	uniqueResultsMutex.Lock()
 	for _, result := range results {
-		defaultSc = result.statusCode
 		defaultCl = result.contentLength
 	}
 	uniqueResultsMutex.Unlock()
@@ -632,7 +628,7 @@ func requestDoubleEncoding(options RequestOptions) {
 			}
 
 			result := Result{
-				line:          fmt.Sprintf("%s", encodedUri),
+				line:          encodedUri,
 				statusCode:    statusCode,
 				contentLength: len(response),
 				defaultReq:    false,
@@ -794,10 +790,7 @@ func randomLine(filePath string) (string, error) {
 		return "", err
 	}
 	defer func(file *os.File) {
-		err := file.Close()
-		if err != nil {
-
-		}
+		_ = file.Close()
 	}(file)
 
 	var lines []string

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,6 @@ type header struct {`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	// request makes an HTTP request using headers `headers` and proxy `proxy`.
`52`		-// If `method` is empty, it defaults to "GET".
`53`	`52`	`func request(method, uri string, headers []header, proxy *url.URL, rateLimit bool, timeout int, redirect bool) (int, []byte, error) {`
`54`	`53`	`if method == "" {`
`55`	`54`	`method = "GET"`
`@@ -84,7 +83,7 @@ func request(method, uri string, headers []header, proxy *url.URL, rateLimit boo`
`84`	`83`	`}`
`85`	`84`	`}`
`86`	`85`
`87`		`- // Use raw URL parser instead`
	`86`	`+ // Use raw URL parser`
`88`	`87`	`parsedURL, err := url.Parse(uri)`
`89`	`88`	`if err != nil {`
`90`	`89`	`log.Println(err)`
`@@ -134,7 +133,7 @@ func loadFlagsFromRequestFile(requestFile string, schema bool, verbose bool, tec`
`134`	`133`	`if err != nil {`
`135`	`134`	`log.Fatalf("Error reading request file: %v", err)`
`136`	`135`	`}`
`137`		`- //Down HTTP/2 to HTTP/1/1`
	`136`	`+ //Down HTTP/2 to HTTP/1.1`
`138`	`137`	`temp := strings.Split(string(content), "\n")`
`139`	`138`	`fistLine := strings.Replace(temp[0], "HTTP/2", "HTTP/1.1", 1)`
`140`	`139`	`content = []byte(strings.Join(append([]string{fistLine}, temp[1:]...), "\n"))`