WS-Attacker is a modular framework for web Services Penetration Testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks.
Features:
- Automatic XML Encryption Attacks against Web Services
- Automatic XML Signature Wrapping attack against Web Services
- XML-Denial-of-Service Techniques against Web Services
- SOAPAction Spoofing and WS-Addressing Spoofing
- Further Attacks in Development (even apart from Web Services)
Screenshots:
| Load a WSDL and set up request parameters |
| Configuration: SOAPAction Spoofing |
| Attack finished |
| Submitting a test request |
| Attack finished |
| Configuration: WS Addressing Spoofing |
You might also like:
- Social-Engineer Toolkit - A Must Have Tool For Penetration Testers
- TCHead - TrueCrypt Password Cracking Tool
- Snuck - Tool For Automatic XSS Filter Bypass
- Android Privacy Guard - OpenPGP For Android
- DEFT - Computer Forensic Live System
- BackBox - Penetration Testing and Ethical Hacking Linux Distribution
- Joomscan - Tool For Detecting & Analyzing Joomla CMS Vulnerabilities
- BeEF - Tool For Browser Exploitation
- JPassword Recovery - Free Tool To Crack Password Protected Archives (zip, rar, 7z)
- Wireless Network Watcher - Free Wireless Network Tool
- Angry IP Scanner - A Fast Network Scanning Tool
- Aircrack-ng - WiFi Network Security Suite (Monitoring, Attacking, Testing, and Cracking)
- OpenStego - A Free Tool For Data Hiding and Digital Watermarking
- Wfuzz - Web Application Password Cracking Tool
- WebSploit Framework - Tool For Vulnerability Assessment & Exploitation
- BruteForcer - Client-Server Multithreaded Tool To Crack RAR File Passwords
Related Articles
This post first appeared on Effect Hacking - Hacking Tools, How To Guides An, please read the originial post: here
