Giters

Brum3ns / keypin

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

GitHub Light Keypin is a lightweight and highly customization tool, built to bypass forbidden pages. It supports the most common bypass techniques and also combined/adjust theses techniques for ore deep testing.

Features

  • Friendly configuration and customaziation
  • Supports different bypass techniques such as Verbs, headers and paths
  • Adjust payloads for the target depending how it's behavior for better detection
  • Detect and tries to bypass cached pages to avoid false negatives

Versions

  • v1.1 [InProgress] Will detect Webhosting service, cache detection and better request preformance to handle large amount of urls in a hige preformance speed without getting rate limited or IP blocked.
  • v1.0 Keypin works with all it's main options and does it's job as a 403/401 bypass tool.

Installation

go install github.com/Brum3ns/keypin@latest && cd "$HOME/.config/" && git clone https://github.com/Brum3ns/keypin.git

Usage

GitHub Light

Keypin help menu. Displays all options that are available

./keypin -h

Simple bypass mode

πŸ”‘ Effective and most common way to use. This will run all default scans and combines techniques.

./keypin -u https://www.example.com -p /admin

Attacking with custom Verb (HTTP method) and static header

πŸ”‘ Can be used if an early recon has been done and the user know that "X-Forward-For" is a valid supported header etc.

./keypin -u https://www.example.com -p /admin -H "X-Forward-For: 127.0.0.1" -m GET

Attacking a forbidden website on the root without a path given

πŸ”‘ If the root page is forbidden. This scan can be used to bypass the forbidden domain when no path is known.

./keypin -u https://www.example.com

Debugg and response information

πŸ”‘ Use for Debugging mode or to better detect response behavior from the target domain.

./keypin -u https://www.example.com -p /admin -v

Configure

HTTP method, headers + value, path can be found in the path: "db/conf/" Values can be added or replaced without facing any issue.

If you do add a header that is taking use of the URI path (www.example.com/). Example the header "X-Original-URL" take use of this. By adding "PATH" to it's value, KeyPin will automaticlly replace "PATH" with the given path you specify in the run command (option: "-p").

About

Languages

Language:Go 100.0%