Penetration Testing mailing list archives
New Free Open Source Web Services Pen Test Tool - WSDigger
From: "Mark Curphey" <mark () curphey com>
Date: Mon, 11 Jul 2005 09:07:43 -0400
We have just released a new open source free tool for hacking web services. It's called WSDigger and is written to run on C# for .NET 1.1 (Win32). http://www.foundstone.com/resources/s3i_tools.htm The user specifies a UDDI and a search criteria such as "weather", the tool determines and displays the possible available services. The user then selects a service to connect to and the tool gets the WSDL and displays the methods such as getHumidty(); or getTemp(); The user can then apply a payload such as SQL Injection or XPATH injection and determine if the web service has common vulnerabilities. The tool is written to accept plugins (we ship with 3 sample plugins for XSS, SQL Injection and XPATH injection). There will be a Sourceforge CVS tree to submit plugins for the framework. It should be very easy to write any number of fuzzing type plugins. The code is in the download and will in the CVS at http://sourceforge.net/projects/foundstone/ this week. You can see screen shots from a blog posting last Friday here https://www.threatsandcountermeasures.com/blogs/marksblog/archive/2005/07/08 /522.aspx Enjoy !
Current thread:
- New Free Open Source Web Services Pen Test Tool - WSDigger Mark Curphey (Jul 11)