WSBang is designed to be a lightweight, open source fuzzer for web services. It takes as input the URL or file system location of a WSDL for the web service to be tested. Upon completion, a simple HTML view of the test results will be displayed.
Method parameters are fuzzed based on their type as specified by the WSDL. The data used for each type can be specified in the “DataDef.xml” file supplied. In addition, default arguments for parameters can be specified in the same file in the Argument definitions.
- Takes URL of WSDL as input
- Fuzzes all methods and parameters in the service
- Identifies all methods and parameters, including complex parameters
- Fuzzes parameters based on type specified in WSDL
- Reports SOAP responses and faults
SOAPpy version 0.11.6.
WSBang.py [URL of WSDL]
WSBang.py – The main execution code for WSBang.
Fuzzer.py – Classes that support WS analysis and the fuzz engine.
DataProvider.py – Classes that provide fuzz data and default arguments.
You can download WSBang here:
Or you can read more here.
- SamuraiWTF 3.x And Onwards – Web Testing Framework Linux LiveCD
- Watcher – Passive Web Application Vulnerability Scanner
- Pentoo – Gentoo Based Penetration Testing Linux LiveCD
- WSFuzzer – Web Services Fuzzing Tool for HTTP and SOAP
- wsScanner – Web Services Footprinting, Discovery, Enumeration, Scanning and Fuzzing tool
- SIFT Web Method Search Tool
Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,902,522 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,130,104 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 639,680 views