Greetings,
We have introduced a new tool, wsChess 1.0 (beta/prototype) which is
available for download.
Description:
A set of tools written C# for the .Net platform. This is a prototype,
released as beta with limited support at this point. It has the
following tools:
wsPawn - Web services footprinting, discovery and search tools. If you
are looking for registered web services and their access points, this
tool will help you in retrieving information from public UDDI.
wsKnight - Web services profiling, proxy and audit tool. This tool helps
in profiling web services from its WSDL. It also allows you to invoke
methods and intercept them before they go on the wire to the target, so
that you can manipulate the SOAP envelope if needed. The autoaudit
feature allows you to inject characters and attack strings for
assessment work.
wsRook - This is a very simple technology demonstration for developers.
This is a regular expression-based defense for web services input
content. This is a hook in HTTP pipe using the HttpModule interface.
Whitepapers are included for better understanding for all these tools.
More details on wsChess can be found at:
http://net-square.com/wsChess/
Download:
http://net-square.com/wschess/wschess.zip
Homepage:
http://net-square.com/wsChess/
Papers:
Web Services - Attacks and Defense (Information Gathering Methods:
Footprints, Discovery & Fingerprints)
http://net-square.com/wschess/WebServices_Info_Gathering.pdf
Web Services - Attacks and Defense (Information Gathering Methods:
Enumeration and Profiling)
http://net-square.com/wschess/WebServics_Profiling.pdf
Web application defense at the gates
http://net-square.com/wschess/WebApp_HTTPMod.pdf
Enjoy,
---Hemil
[Net-Square]
Received on Apr 05 2005
Intro
