WAFNinja????????WAF????????????
???????????? ???????[ 2016/7/8 13:39:46 ] ?????????????????? ?????????? WAFNinja
????0×00 ???
??????????????????????????????????????WAF???赲????????????????WAF??????????????ú???????????????????????????????????WAF?????????????????????????????????????
????0×01???
????WAFNinja ????????Python??д???????й??????????????????????????????????????WAF??????Щ????????????????????????????ù?????д???????????????????ú????????????????á???????????????????洢????????????????????ù??????????????? WAFNinja ???HTTP?????GET/POST???????????cookie???????Щ???????????????檔
????0×02 ??????
??????????
????github????????https://github.com/khalilbijjou/WAFNinja
????????git clone https://github.com/khalilbijjou/WAFNinja
??????????????????????????????????????
???????
???????????????У?????????????
????root@kali:~/WAFNinja# python wafninja.py -h
??????????????????????????y?????????????
???????????????“ ImportError: No module named progressbar ”???????а?????????
???????籾????????????root@kali:~/#pip install processbar ?? ?????????????easy_install processbar??
????0×03 ???
????1???????????
????root@kali:~/WAFNinja# python wafninja.py -h
????root@kali:~/WAFNinja# python wafninja.py fuzz -h # ????????fuzz ???? bypass??insert-fuzz??insert-bypass??set-db ??????????????????????????????
????2????????
????fuzz??????????:
????python wafninja.py fuzz -u “http://www.target.com/index.php?id=FUZZ” -c “phpsessid=value” -t xss -o output.html
????bypass?????WAF??:
????python wafninja.py bypass -u “http://www.target.com/index.php” -p “Name=PAYLOAD&Submit=Submit” -c “phpsessid=value” -t xss -o output.html
????insert-fuzz?????????????????????:
????python wafninja.py insert-fuzz -i select -e select -t sql
??????????????
????{fuzz??bypass??insert-fuzz??insert-bypass??set-db}
????fuzz ???WAF??????????????????.
????bypass ????????з??????????
????insert-fuzz ????????????????
????insert-bypass ??????????????б??
????set-db ???????????????????????????????????????????????????????á?
?????????????
????-h?? –help ???????????????????
????-v?? –version ???????汾??????????
????3?????
????0×01?е?????????????????root@kali:~/WAFNinja# python wafninja.py fuzz -h
????usage: wafninja.py fuzz [-h] -u URL [-p POST PARAMETER] [-c COOKIE] -t TYPE
????[-d DELAY] [-o OUTPUT FILE]
?????????????
????-u URL ???URL?????磺 “www.target.com/index.php?id=FUZZ“)????ù????FUZZ?????????????λ?á?
????-p POST PARAMETER ???post??????????????????
????-c COOKIE HTTP Cookie ???
????-t TYPE ???????? [sql|xss]
????-d DELAY ??????????????????0??
????-o OUTPUT FILE ?????????html ???
????-h?? –help ???????????????????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com