wsScanner is a toolkit for Web Services scanning and vulnerability detection.
This tool has the following functions:
By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern.
It is possible to enumerate and profile Web Services using this tool and one can follow it up by auto auditing (.NET only). .NET proxy gets dynamically created for audit module. One can do vulnerability scan for data type, SQL injections, LDAP/Command injections, Buffer checks, Bruteforing SOAP etc. It is also possible to leverage regex patterns for SOAP analysis.
This tool helps in fuzzing different Web 2.0 streams like SOAP, XML-RPC, REST, JSON etc. This module helps in assessing various different Web Services.
It is possible to scan UDDI servers using this tool for footprinting and discovery of Web Services.
This tool is still in beta and they are planning to add some more features and support. Stay tuned for future releases as well.
You can download wsScanner here:
Or read more here.
Recent in Exploits/Vulnerabilities:
- Andrew Auernheimer AKA Weev Gets 41 Months Jail Time For GET Requests
- Evernote Hacked – ALL Users Required To Reset Passwords
- Apple, Facebook & Hundreds More Hacked By 0-Day Java Exploit
- Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)
- Web-Sorrow v1.48 – Version Detection, CMS Identification, Enumeration & Server Scanning Tool
- Keep on Fuzzing! Advice
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 219,205 views
- AJAX: Is your application secure enough? - 117,885 views
- eEye Launches 0-Day Exploit Tracker - 84,883 views