Skip to main content

WAFNinja – A Tool To Bypass WAF

WAFNinja is a CLI tool written in Python. It is the best tool for penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendable, simple to use and usable in a team environment. Many payloads and fuzzing strings, which are stored in a local database file come shipped with the tool.

WAFNinja supports HTTP connections, GET and POST requests and the use of Cookies in order to access pages restricted to authenticated users. Also, an intercepting proxy can be set up.

 

Using Command:

wafninja.py [-h] [-v] {fuzz, bypass, insert-fuzz, insert-bypass, set-db} ...

Example:

Fuzz:

python wafninja.py fuzz -u "http://www.target.com/index.php?id=FUZZ" -c "phpsessid=value" -t xss -o output.html

 

Bypass:

python wafninja.py bypass -u "http://www.target.com/index.php" -p "Name=PAYLOAD&Submit=Submit" -c "phpsessid=value" -t xss -o output.html

Insert-Fuzz:

python wafninja.py insert-fuzz -i select -e select -t sql

positional arguments: {fuzz, bypass, insert-fuzz, insert-bypass, set-db}

Which function do you want to use? fuzz check which symbols and keywords are allowed by the WAF. bypass sends payloads from the database to the target. insert-fuzz add a fuzzing string insert-bypass add a payload to the bypass list set-db use another database file. Useful to share the same database with others. optional arguments: -h, --help show this help message and exit -v, --version show program's version number and exit

Download WAFNinja

 

 

Comments

Post a Comment

Popular posts from this blog

Hack WiFi password (rooted or non-rooted device)

Hello guyzz!!! Today I am here to share a trick how to hack WiFi password in an android mobile.It works on rooted as well as non-rooted device depending upon you device capability.. How to install: Method One: in order to skip license verification first you must be disconnected from internet when you run this app , it will automaticly connects you or turns your wifi on Method Two: or use lucky patcher for preventing it from license verification check these options in lucky patcher auto mode, other patches, apply patch to delvick cache, back up apk file for reinstaller This app has NO advertisements Instructions: This app has NO advertisements CONTACT ME BEFORE GIVING BAD REVIEW, SO I CAN HELP YOU. The application supports two types of test: - Dictionary test - it tries passwords from predefined list one by one. Please don't be disappointed if the password willnot be found, it simply means that it was not in the dictionary. However, if somebody set his key to &quo
404 comments
Read more

Hack a memory card password within minutes

possible ways to break micro sd memory card password hye friends today's topic is very importent .some time we secrate the data in memory card with password but unfortunatly we forget that password which protect our dta from hackers or your friends or any other you guess. so i am here to give you best solution of breaking memory card paasword in only 5 minutes. there are lot off methode publish on internate about how to break the memory card password but many of my reader advise me to write a tutorial about breaking memory card password .becuase they believe that i am write that tutorial very friendly so they can understand very ifficiently. so now i am going to start the tutorial namly how to break memory card password.here i am publish very friendly methode break password so i give only those methode which easily understandable for everyone .so dont wasting your valuable time lets start.follow step by step procedure. solution no. 1:-- BREAKING MEMORY CARD PASSWORD FOR
105 comments
Read more

Hack gmail password

Phishing method  Phishing is an old method of e-mail fraud that is used to gather personal and financial information from the recipients. phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.Phishing is an example of a social engineering technique. ***Step by step guide to hack Gmail account using phishing *** step:1.)  first of all Go to the Gmail.com step:2)   and then right click on the blank area, you will see the option view source page,simply click on that.(see bellow picture for better understanding )                                           step:3)  now a pop up window  will be open which contain a source code of Gmail  page, And Copy  all the code using ctrl+c  step:4)  Now open the notepad and past all code here which copy in step 3  step:5)  now press CTRL+F,and type ACTION.(see bellow picture) step
56 comments
Read more