forbidden
« Back to VersTracker
Description:
Bypass 4xx HTTP response status codes and more
Type: Formula  |  Latest Version: 13.4@2  |  Tracked Since: Oct 18, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security pentesting http waf bypass
Install: brew install forbidden
About:
Forbidden is a command-line tool designed to bypass 4xx HTTP response status codes, such as 403 Forbidden and 401 Unauthorized. It achieves this by systematically modifying HTTP request headers and methods to evade common Web Application Firewall (WAF) rules and access restrictions. This utility is essential for security professionals to test the robustness of access controls.
Key Features:
  • Automated header manipulation to bypass WAFs
  • Supports multiple HTTP methods (GET, POST, etc.)
  • Command-line interface for easy integration into workflows
  • Customizable payload delivery
Use Cases:
  • Penetration testing to bypass restricted access areas
  • Security auditing of WAF configurations
  • Identifying misconfigured access controls on web servers
Alternatives:
  • Nmap – Nmap is a broader network scanner, whereas Forbidden specifically focuses on HTTP request manipulation for access bypass.
  • Burp Suite – Burp Suite is a comprehensive GUI-based proxy, while Forbidden is a lightweight CLI tool for rapid header fuzzing.
Version History
Detected Version Rev Change Commit
Jan 9, 2026 8:24am 2 REVISION_ONLY f455b89f
Oct 18, 2025 4:50pm 0 VERSION_BUMP 48dff324
Sep 13, 2025 4:51pm 2 VERSION_BUMP b3ed36e2
Oct 12, 2024 9:59pm 0 VERSION_BUMP 6bc9e95f
Oct 12, 2024 5:15pm 0 VERSION_BUMP 2a031a92
Sep 29, 2024 12:39pm 0 VERSION_BUMP 6c5eb70e
Sep 21, 2024 3:19pm 0 VERSION_BUMP 85536d33
Sep 12, 2024 9:42pm 0 VERSION_BUMP 7650b288
« Back to VersTracker  |  Browse Packages  |  About