WAF Bypass Tool

WAF Bypass by Nemesida WAF team (nemesida-waf.com) is an open source tool (Python3) to check any WAF for the number of False Positives/False Negative using predefined payloads (if desired, the set of payloads can be changed). Turn off ban mode before use.

A script developed for internal needs, including for testing Nemesis WAF and Nemesida WAF Free, but you can use it to test any WAF.

When using, do not violate the law. We are not responsible for the use of the program.

There are attacks for which it is impossible to create a signature, while not increasing the number of false positives. Therefore, it is absolutely normal that Nemesida WAF Free bypass the attack, and the commercial version of Nemesida WAF Free blocks. For example, we can execute the cat /etc/passwd command in the following ways:

%2f???%2f??t%20%2f???%2fp??s??
cat+/e't'c/pa'ss'wd
e'c'ho 'swd test pentest' | awk '{print "cat /etc/pas"$1}' | bash
ec'h'o 'cat /etc/examplewd' | sed 's/example/pass/g' | bash

How to run

Run from Docker

The latest waf-bypass always available via the Docker Hub. It can be easily pulled via the following command:

# docker pull nemesida/waf-bypass

Run with the command:

# docker run nemesida/waf-bypass --host='example.com'
or
# docker run nemesida/waf-bypass --host='example.com' --proxy='http://proxy.example.com:3128'

Run source code from GitHub

# git clone https://github.com/nemesida-waf/waf_bypass.git /opt/waf-bypass/
# python3 -m pip install -r /opt/waf-bypass/requirements.txt

# python3 /opt/waf-bypass/main.py --host='example.com'
or
# python3 /opt/waf-bypass/main.py --host='example.com' --proxy='http://proxy.example.com:3128'