Automic VaultAutomic Vault

brew

Install forbidden with Homebrew, Nix

Bypass 4xx HTTP response status codes and more. Version 13.4 via Homebrew; verified 2026-06-03.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install forbidden

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#forbidden

nixpkgs package indexes · pkgs/by-name/fo/forbidden/package.nix · source: api.github.com

overview

Package summary

Bypass 4xx HTTP response status codes and more

Commands and aliases

  • forbidden
  • stresser

history

Project history and usage

Forbidden is a security testing CLI for attempting bypasses of 4xx HTTP response status codes and related web access-control behaviors. Its README describes separate forbidden and stresser commands and states that the tool is based on Python Requests, PycURL, and Python's HTTP client.

Project history

The public project history available from official sources is mostly README-level rather than narrative. The maintained README documents a mature command set, a v13.4 build artifact in source-install instructions, and a roadmap of future tests such as hop-by-hop headers, User-Agent headers, cookies, HTTP smuggling, CRLF, Log4j, and AWS metadata SSRF.

Adoption history

The README positions pip as the standard installation route and mentions a Homebrew formula as an alternative that is not maintained by the author. That combination places Forbidden in the common pentesting-tool distribution pattern of upstream Python packaging plus downstream CLI formulas.

How it is used

Typical use is to supply a target URL and choose test groups such as protocols, methods, uploads, overrides, headers, path mutations, encodings, authentication bypasses, redirects, and parser tests. The README cautions about proxies normalizing URLs, rate limiting, anti-bot protections, and engine-specific behavior.

Why package nerds care

Forbidden is package-nerd relevant as a compact example of a Python security CLI that depends on multiple HTTP engines to exercise edge cases that ordinary curl invocations cannot always produce, such as duplicate Host headers or requests without a Host header.

Timeline

  • v13.4: README source-install instructions reference building forbidden-13.4-py3-none-any.whl.
  • Current README: Homebrew installation is documented as an alternative not maintained by the author.

Related projects

  • The README names Python Requests, PycURL, and Python HTTP Client as implementation engines and links to internal forbidden.py, test.py, and value.py files for the test definitions.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for forbidden. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 7 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
forbiddencliglobal executable
stressercliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version13.4
manager updated2026-06-03
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/ivan-sincek/forbidden

install metadata

Package metadata

Package keybrew:forbidden
Version13.4
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/forbidden
Homepagehttps://github.com/ivan-sincek/forbidden
Repositoryhttps://github.com/ivan-sincek/forbidden
Upstream docshttps://github.com/ivan-sincek/forbidden
LicenseMIT
Source archivehttps://files.pythonhosted.org/packages/9b/aa/98fc3ee28aac41cae341a197858ff6af5d79e40dcd45c8a6e37b1fdbfd19/forbidden-13.4.tar.gz
Last updated2026-06-03T10:43:07Z
Pulseupdated
Dependenciescertifi, cffi, cryptography, curl, openssl@3, pycparser, python@3.14
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameforbidden
Version Scheme0
Revision7
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

forbidden

nix profile install nixpkgs#forbidden
  • normalized package name match
  • Matched by: Forbidden
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/fo/forbidden/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment