Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

WAFNinja is a CLI tool written in Python. It is the best tool for penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendable, simple to use and usable in a team environment. Many payloads and fuzzing strings, which are stored in a local database file come shipped with the tool.

WAFNinja supports HTTP connections, GET and POST requests and the use of Cookies in order to access pages restricted to authenticated users. Also, an intercepting proxy can be set up.

 

Using Command:

wafninja.py [-h] [-v] {fuzz, bypass, insert-fuzz, insert-bypass, set-db} ...

Example:

Fuzz:

python wafninja.py fuzz -u "http://www.target.com/index.php?id=FUZZ" 
-c "phpsessid=value" -t xss -o output.html

 

Bypass:

python wafninja.py bypass -u "http://www.target.com/index.php"  -p "Name=PAYLOAD&Submit=Submit"         
-c "phpsessid=value" -t xss -o output.html

Insert-Fuzz:

python wafninja.py insert-fuzz -i select -e select -t sql

positional arguments: {fuzz, bypass, insert-fuzz, insert-bypass, set-db}

Which function do you want to use?

fuzz                check which symbols and keywords are allowed by the WAF.
bypass              sends payloads from the database to the target.
insert-fuzz         add a fuzzing string
insert-bypass       add a payload to the bypass list
set-db              use another database file. Useful to share the same database with others.

optional arguments:
-h, --help            show this help message and exit
-v, --version         show program's version number and exit

 



www.extremehacking.org

Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training InstituteCEHv9,CHFI,ECSAv9,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNECertified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-IndiaEthical Hacking Course in Pune-India