mailing list archives
New Free Open Source Web Services Pen Test Tool - WSDigger
From: "Mark Curphey" <mark () curphey com>
Date: Mon, 11 Jul 2005 09:07:43 -0400
We have just released a new open source free tool for hacking web services.
It's called WSDigger and is written to run on C# for .NET 1.1 (Win32).
The user specifies a UDDI and a search criteria such as "weather", the tool
determines and displays the possible available services. The user then
selects a service to connect to and the tool gets the WSDL and displays the
methods such as getHumidty(); or getTemp(); The user can then apply a
payload such as SQL Injection or XPATH injection and determine if the web
service has common vulnerabilities. The tool is written to accept plugins
(we ship with 3 sample plugins for XSS, SQL Injection and XPATH injection).
There will be a Sourceforge CVS tree to submit plugins for the framework. It
should be very easy to write any number of fuzzing type plugins. The code is
in the download and will in the CVS at
http://sourceforge.net/projects/foundstone/ this week.
You can see screen shots from a blog posting last Friday here
- New Free Open Source Web Services Pen Test Tool - WSDigger Mark Curphey (Jul 11)