WebApp Sec mailing list archives
A new tool wschess released
From: Hemil <hemil () net-square com>
Date: Fri, 01 Apr 2005 11:43:34 +0530
Greetings,We have introduced a new tool, wsChess 1.0 (beta/prototype) which is available for download.
Description:A set of tools written C# for the .Net platform. This is a prototype, released as beta with limited support at this point. It has the following tools:
wsPawn - Web services footprinting, discovery and search tools. If you are looking for registered web services and their access points, this tool will help you in retrieving information from public UDDI.
wsKnight - Web services profiling, proxy and audit tool. This tool helps in profiling web services from its WSDL. It also allows you to invoke methods and intercept them before they go on the wire to the target, so that you can manipulate the SOAP envelope if needed. The autoaudit feature allows you to inject characters and attack strings for assessment work.
wsRook - This is a very simple technology demonstration for developers. This is a regular expression-based defense for web services input content. This is a hook in HTTP pipe using the HttpModule interface.
Whitepapers are included for better understanding for all these tools. More details on wsChess can be found at: http://net-square.com/wsChess/ Download: http://net-square.com/wschess/wschess.zip Homepage: http://net-square.com/wsChess/ Papers:Web Services - Attacks and Defense (Information Gathering Methods: Footprints, Discovery & Fingerprints)
http://net-square.com/wschess/WebServices_Info_Gathering.pdfWeb Services - Attacks and Defense (Information Gathering Methods: Enumeration and Profiling)
http://net-square.com/wschess/WebServics_Profiling.pdf Web application defense at the gates http://net-square.com/wschess/WebApp_HTTPMod.pdf Enjoy, ---Hemil [Net-Square]
Current thread:
- A new tool wschess released Hemil (Apr 05)