WAFNinja is a CLI tool written in Python. It shall help penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendible, simple to use and usable in a team environment.
The Tool Has The Following Functions
- fuzz – check which symbols and keywords are allowed by the WAF.
- bypass – sends payloads from the database to the target.
- insert-fuzz – add a fuzzing string
- insert-bypass – add a payload to the bypass list
- set-DB – use another database file. Useful to share the same database with others.