31 December 2007 | 9,815 views

wsScanner – Web Services Footprinting, Discovery, Enumeration, Scanning and Fuzzing tool

Check Your Web Security with Acunetix

wsScanner is a toolkit for Web Services scanning and vulnerability detection.

This tool has the following functions:

Discovery tool

By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern.

Vulnerability detection

It is possible to enumerate and profile Web Services using this tool and one can follow it up by auto auditing (.NET only). .NET proxy gets dynamically created for audit module. One can do vulnerability scan for data type, SQL injections, LDAP/Command injections, Buffer checks, Bruteforing SOAP etc. It is also possible to leverage regex patterns for SOAP analysis.

Fuzzing

This tool helps in fuzzing different Web 2.0 streams like SOAP, XML-RPC, REST, JSON etc. This module helps in assessing various different Web Services.

UDDI scan

It is possible to scan UDDI servers using this tool for footprinting and discovery of Web Services.

This tool is still in beta and they are planning to add some more features and support. Stay tuned for future releases as well.

You can download wsScanner here:

wsScanner.zip

Or read more here.



Recent in Exploits/Vulnerabilities:
- XML Quadratic Blowup Attack Blows Up WordPress & Drupal
- Password Manager Security – LastPass, RoboForm Etc Are Not That Safe
- Hacking Your Fridge – Internet of Things Security

Related Posts:
- Host-Extract – Enumerate All IP/Host Patterns In A Web Page
- Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)
- Keep on Fuzzing! Advice

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 227,315 views
- AJAX: Is your application secure enough? - 119,084 views
- eEye Launches 0-Day Exploit Tracker - 85,051 views

Low-cost VPS Hosting

18 Responses to “wsScanner – Web Services Footprinting, Discovery, Enumeration, Scanning and Fuzzing tool”

  1. Sir Henry 31 December 2007 at 1:02 pm Permalink

    @Darknet

    Have you used this tool? What are your thoughts on it? I just downloaded and am running it, but feel as though it is not quite as intuitive as I would like. Perhaps if the developer had provided some man pages on it. Then again, it could simply be due to the user of the application. I do know that my sites are not what one would consider “Web 2.0″ and they most certainly do not run .NET web services. So, perhaps this tool would be better utilized by someone else. I would like to know how anyone else feels about the app, as well. Perhaps some edification is in order for me.

  2. Darknet 1 January 2008 at 10:42 am Permalink

    I’ve checked it out but I don’t really do much stuff with Web Services at the moment nor for quite some time. So I’m not sure how it is – it’s not that intuitive and the documentation is a bit lacking but it’s pretty early in the development cycle.

  3. goodpeople 1 January 2008 at 11:34 am Permalink

    Problem is, it’s a Windows app. Can’t really test it now. Have to do some things before I can take it for a spin. Maybe later this week.

  4. Sir Henry 1 January 2008 at 2:59 pm Permalink

    @Darknet:

    Yeah, it appears this app is rather specific in its scope and does need further iterations before I think it could be something I use. With all of the different apps out there for this same type of functionality, I wonder if this will be lost in the mix.

    @goodpeople:

    Yeah, the only reason I was able to play around with it was due to the fact that I was on my work latptop. Given, I keep asking them if I can run linux for my desktop, but they are a very windows-centric shop and would not know how to even handle having one person on linux.

  5. fak3r 2 January 2008 at 5:06 pm Permalink

    @Sir Henry
    Most companies won’t have the personal to support anyone using Linux on the desktop. I’ve had the best luck proposing that I would be more productive using Linux as a desktop, and that I would require no tech support from IT except for IPs for DNS, Gateway, email. Give it a try, the worst they can say is no (which is what has happened at my local place of employment, but as a contractor that just tells me this is not the place for long term employment). Good luck.

  6. Sir Henry 2 January 2008 at 5:10 pm Permalink

    @fak3r:

    I was able to do that at a previous job. MIS there simply said, “You break it, you fix it, for we know not the ways of Linux in the house of Windows”. Actually, it was not as poetic as that, but I like to imagine that they were of such capabilities. It was better using linux in that environment since I mainly tested firewalls for security purposes. My opinion is that there are far more powerful and usable tools build for linux than there are for Windows that help you with security testing. Of course, the latter is merely my opinon. ;)

  7. Darknet 2 January 2008 at 5:43 pm Permalink

    I’ve always done whatever the hell I wanted when it comes to Operating System and generally as IP’s are allocated by DHCP, they don’t even know you aren’t using Windows.

    Apart from when they send you some weird proprietary meeting from Outlook and wonder why you can’t open it..

    As long as you don’t break anything of course..

  8. Sir Henry 2 January 2008 at 5:59 pm Permalink

    The place I work now is big on GPO and having you constantly on the domain. I am sure that I could figure out a way around that, but then there are all the proprietary apps that they have which only run under Windows and the fact that they use Lotus Notes for their email (social engineering experiment, anyone? lol), I would rather not bother since they already cannot stand that I have my team’s sandbox running Linux. *sigh* I feel that they are rather short-sighted.

  9. goodpeople 2 January 2008 at 6:31 pm Permalink

    Last year I had Mandriva 2007 on my laptop with Office XP running with CrossoverOffice (from codeweavers.com). Now I’m forced to use Office 2007 so now my laptop is running Mandriva 2008 and I have XP installed in a VirtualBox for all office related things.

    Works like a charm!

  10. Sir Henry 3 January 2008 at 3:04 am Permalink

    Perhaps I shall have to use the “’tis better to beg forgiveness than ask permission” tact with this. ;)

  11. goodpeople 3 January 2008 at 11:09 am Permalink

    That allways works.. :-)

  12. eM3rC 6 January 2008 at 10:06 pm Permalink

    Seems like a good tool although (like Sir Henry said) not the greatest.

    Just a quick note to you linux users. There is an application out there called Crossfire used for running programs across operating systems (windows > linux, windows > mac, etc) so you might be able to try these programs out. I haven’t used it myself but its worth a little bit of looking into.

  13. Sir Henry 8 January 2008 at 8:46 pm Permalink

    @eM3rC:

    I believe that infancy is the problem with this application. Well, the latter in addition to the lack of proper and thorough documentation. Personally, given that I only will be running sites on Linux/Apache, I really have no use for a tool like this, right now. Should I find an IIS out there in the wild, I may try it out, but not before trying other, better and well-known tools, first.

  14. eM3rC 9 January 2008 at 3:29 am Permalink

    @ Sir Henry

    I personally am not a linux user (planning on making the switch sometime soon after learning how to use it as well as what programs I will need to getting it running all the stuff I need (games, compilers, media stuff, video editing software, etc etc))

    Although Crossfire seems like a good program I am sure Linux users like yourself with a lot of experience can find easier and more efficient ways around compatibly problems that may arise. software like this seems to be designed for more casual users like myself rather than ITs or in goodpeople’s case, computer teachers.

    Also
    If you can recommend any good starting sources/linux distributions that would be great. Right now I am considering the GNOME kernel version of Ubuntu or Debian.

  15. goodpeople 9 January 2008 at 5:27 pm Permalink

    @eM3rC,

    I wouldn’t have guessed that you’re not a linux user. But you are right about one thing. We don’t have compatibility issues. We just use the right software.

    For every windows application there is an equally good Linux application.

    Oh, and Gnome is a desktop environment. Not a kernel version. Ubuntu and Debian both are Linux distributions, but I wouldn’t recommend Debian for a Linux newbie. Users like yourself should probably try Mandriva 2008. Who knows, your games might even work with Cedega.

  16. eM3rC 13 February 2008 at 2:55 am Permalink

    @goodpeople
    I’m sorry I miss this post. I guess it got lost in the recent posts box after so many people have started commenting.

    All the stuff I know on linux has been self taught and read off the internet so I apologize for any odd statements for a fluent linux person such as yourself.

    I am looking into using a linux OS along side my computer which also uses XP and hopefully (sometime soon) OSX 10.5. I will have a looksie at Mandriva 2008. If worse comes to worse I could always setup some kind of dual boot system so I don’t have to worry about certain compatibility issues.

    Thanks for the advice on Debian and pointing out my mistake on the GNOME and KDE desktop environments. Would you mind explaining to me what exactly those are (I know its complicated so just a sentence or two would serve just fine).

  17. Darknet 13 February 2008 at 7:49 am Permalink

    Yeah I also recommend Mandriva or OpenSuse. Gnome and KDE and windowing systems basically speaking – desktop environments, they just provide the GUI on top of the OS (Linux) and the file structure etc is dictated by the Distro (Suse/Slack/Debian etc).

    Those like Ubuntu are variants of Debian (based on Debian core).

    You can learn more by reading the distro pages or reading about them on Wikipedia.

    The Kernel version will look something like 2.4.16 or 2.6.12.

  18. Pantagruel 13 February 2008 at 1:26 pm Permalink

    With Darknet

    have been an avid SuSe user since 1996 and am currently using a multi-boot setup (XP/Vista/OpenSuse). If you want to use a laptop, go for OpenSuSe or Ubuntu with the latest kernel (2.6.x) since you have the best chances of getting nearly all your hardware working. Try a bootable cd/dvd to check for compatibility

    If you feel more confident you can switch to other distro’s or even to BSD family (OpenBSD/FreeBSD), even OS X is BSD based. I personally prefer BSD for my servers (but that’s just my choice).