WAF Bypass by Nemesida WAF team (nemesida-waf.com) is an open source tool (Python3) to check any WAF for the number of False Positives/False Negative using predefined payloads (if desired, the set of payloads can be changed). Turn off ban mode before use.
A script developed for internal needs, including for testing Nemesis WAF and Nemesida WAF Free, but you can use it to test any WAF.
There are attacks for which it is impossible to create a signature, while not increasing the number of false positives. Therefore, it is absolutely normal that Nemesida WAF Free bypass the attack, and the commercial version of Nemesida WAF Free blocks. For example, we can execute the cat /etc/passwd
command in the following ways:
%2f???%2f??t%20%2f???%2fp??s?? cat+/e't'c/pa'ss'wd e'c'ho 'swd test pentest' | awk '{print "cat /etc/pas"$1}' | bash ec'h'o 'cat /etc/examplewd' | sed 's/example/pass/g' | bash
The latest waf-bypass always available via the Docker Hub. It can be easily pulled via the following command:
# docker pull nemesida/waf-bypass
Run with the command:
# docker run nemesida/waf-bypass --host='example.com' or # docker run nemesida/waf-bypass --host='example.com' --proxy='http://proxy.example.com:3128'
# git clone https://github.com/nemesida-waf/waf_bypass.git /opt/waf-bypass/ # python3 -m pip install -r /opt/waf-bypass/requirements.txt # python3 /opt/waf-bypass/main.py --host='example.com' or # python3 /opt/waf-bypass/main.py --host='example.com' --proxy='http://proxy.example.com:3128'