WAFNinja Kali Linux tool to Bypass WAF


I have added a video tutorial about WAFNinja Kali Linux tool to understand this python tool which can bypass WAF. Basically WAFNinja is a CLI (Command Line Interface) python software that helps penetration testers to bypass Internet Software Firewall by automating steps essential for bypassing enter validation. WAFNinja helps HTTP connections, GET and POST requests and using Cookies as a way to entry pages restricted to authenticated customers. It additionally helps intercepting proxy, so sure MITM for you. Another perfect tool of Kali linux for WordPress Website auditing guide available here.

The software was created with the target to be simply extensible, easy to make use of and usable in a workforce surroundings. If you want to avoid cyber attacks on your website I recommend you to read this single article for complete wordpress security guide.

Supported net strategies:

  • HTTP connections
  • GET requests
  • POST requests
  • Utilizing Cookies (for pages behind auth)
  • Intercepting proxy

1Utilizing WAFNinja for WAF Bypass

wafninja.py [-h] [-v]  ..

Extra examples



python wafninja.py fuzz -u "http://www.target.com/index.php?id=FUZZ"
-c "phpsessid=value" -t xss -o output.html

Bypass WAG

python wafninja.py bypass -u "http://www.target.com/index.php" -p "Name=PAYLOAD&Submit=Submit"
-c "phpsessid=value" -t xss -o output.html

Insert fuzz

python wafninja.py insert-fuzz -i select -e select -t sql



Please enter your comment!
Please enter your name here