[ad]
wsScanner is a toolkit for Web Services scanning and vulnerability detection.
This tool has the following functions:
Discovery tool
By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern.
Vulnerability detection
It is possible to enumerate and profile Web Services using this tool and one can follow it up by auto auditing (.NET only). .NET proxy gets dynamically created for audit module. One can do vulnerability scan for data type, SQL injections, LDAP/Command injections, Buffer checks, Bruteforing SOAP etc. It is also possible to leverage regex patterns for SOAP analysis.
Fuzzing
This tool helps in fuzzing different Web 2.0 streams like SOAP, XML-RPC, REST, JSON etc. This module helps in assessing various different Web Services.
UDDI scan
It is possible to scan UDDI servers using this tool for footprinting and discovery of Web Services.
This tool is still in beta and they are planning to add some more features and support. Stay tuned for future releases as well.
You can download wsScanner here:
Or read more here.
Sir Henry says
@Darknet
Have you used this tool? What are your thoughts on it? I just downloaded and am running it, but feel as though it is not quite as intuitive as I would like. Perhaps if the developer had provided some man pages on it. Then again, it could simply be due to the user of the application. I do know that my sites are not what one would consider “Web 2.0” and they most certainly do not run .NET web services. So, perhaps this tool would be better utilized by someone else. I would like to know how anyone else feels about the app, as well. Perhaps some edification is in order for me.
Darknet says
I’ve checked it out but I don’t really do much stuff with Web Services at the moment nor for quite some time. So I’m not sure how it is – it’s not that intuitive and the documentation is a bit lacking but it’s pretty early in the development cycle.
goodpeople says
Problem is, it’s a Windows app. Can’t really test it now. Have to do some things before I can take it for a spin. Maybe later this week.
Sir Henry says
@Darknet:
Yeah, it appears this app is rather specific in its scope and does need further iterations before I think it could be something I use. With all of the different apps out there for this same type of functionality, I wonder if this will be lost in the mix.
@goodpeople:
Yeah, the only reason I was able to play around with it was due to the fact that I was on my work latptop. Given, I keep asking them if I can run linux for my desktop, but they are a very windows-centric shop and would not know how to even handle having one person on linux.
fak3r says
@Sir Henry
Most companies won’t have the personal to support anyone using Linux on the desktop. I’ve had the best luck proposing that I would be more productive using Linux as a desktop, and that I would require no tech support from IT except for IPs for DNS, Gateway, email. Give it a try, the worst they can say is no (which is what has happened at my local place of employment, but as a contractor that just tells me this is not the place for long term employment). Good luck.
Sir Henry says
@fak3r:
I was able to do that at a previous job. MIS there simply said, “You break it, you fix it, for we know not the ways of Linux in the house of Windows”. Actually, it was not as poetic as that, but I like to imagine that they were of such capabilities. It was better using linux in that environment since I mainly tested firewalls for security purposes. My opinion is that there are far more powerful and usable tools build for linux than there are for Windows that help you with security testing. Of course, the latter is merely my opinon. ;)
Darknet says
I’ve always done whatever the hell I wanted when it comes to Operating System and generally as IP’s are allocated by DHCP, they don’t even know you aren’t using Windows.
Apart from when they send you some weird proprietary meeting from Outlook and wonder why you can’t open it..
As long as you don’t break anything of course..
Sir Henry says
The place I work now is big on GPO and having you constantly on the domain. I am sure that I could figure out a way around that, but then there are all the proprietary apps that they have which only run under Windows and the fact that they use Lotus Notes for their email (social engineering experiment, anyone? lol), I would rather not bother since they already cannot stand that I have my team’s sandbox running Linux. *sigh* I feel that they are rather short-sighted.
goodpeople says
Last year I had Mandriva 2007 on my laptop with Office XP running with CrossoverOffice (from codeweavers.com). Now I’m forced to use Office 2007 so now my laptop is running Mandriva 2008 and I have XP installed in a VirtualBox for all office related things.
Works like a charm!
Sir Henry says
Perhaps I shall have to use the “’tis better to beg forgiveness than ask permission” tact with this. ;)
goodpeople says
That allways works.. :-)
eM3rC says
Seems like a good tool although (like Sir Henry said) not the greatest.
Just a quick note to you linux users. There is an application out there called Crossfire used for running programs across operating systems (windows > linux, windows > mac, etc) so you might be able to try these programs out. I haven’t used it myself but its worth a little bit of looking into.
Sir Henry says
@eM3rC:
I believe that infancy is the problem with this application. Well, the latter in addition to the lack of proper and thorough documentation. Personally, given that I only will be running sites on Linux/Apache, I really have no use for a tool like this, right now. Should I find an IIS out there in the wild, I may try it out, but not before trying other, better and well-known tools, first.
eM3rC says
@ Sir Henry
I personally am not a linux user (planning on making the switch sometime soon after learning how to use it as well as what programs I will need to getting it running all the stuff I need (games, compilers, media stuff, video editing software, etc etc))
Although Crossfire seems like a good program I am sure Linux users like yourself with a lot of experience can find easier and more efficient ways around compatibly problems that may arise. software like this seems to be designed for more casual users like myself rather than ITs or in goodpeople’s case, computer teachers.
Also
If you can recommend any good starting sources/linux distributions that would be great. Right now I am considering the GNOME kernel version of Ubuntu or Debian.
goodpeople says
@eM3rC,
I wouldn’t have guessed that you’re not a linux user. But you are right about one thing. We don’t have compatibility issues. We just use the right software.
For every windows application there is an equally good Linux application.
Oh, and Gnome is a desktop environment. Not a kernel version. Ubuntu and Debian both are Linux distributions, but I wouldn’t recommend Debian for a Linux newbie. Users like yourself should probably try Mandriva 2008. Who knows, your games might even work with Cedega.
eM3rC says
@goodpeople
I’m sorry I miss this post. I guess it got lost in the recent posts box after so many people have started commenting.
All the stuff I know on linux has been self taught and read off the internet so I apologize for any odd statements for a fluent linux person such as yourself.
I am looking into using a linux OS along side my computer which also uses XP and hopefully (sometime soon) OSX 10.5. I will have a looksie at Mandriva 2008. If worse comes to worse I could always setup some kind of dual boot system so I don’t have to worry about certain compatibility issues.
Thanks for the advice on Debian and pointing out my mistake on the GNOME and KDE desktop environments. Would you mind explaining to me what exactly those are (I know its complicated so just a sentence or two would serve just fine).
Darknet says
Yeah I also recommend Mandriva or OpenSuse. Gnome and KDE and windowing systems basically speaking – desktop environments, they just provide the GUI on top of the OS (Linux) and the file structure etc is dictated by the Distro (Suse/Slack/Debian etc).
Those like Ubuntu are variants of Debian (based on Debian core).
You can learn more by reading the distro pages or reading about them on Wikipedia.
The Kernel version will look something like 2.4.16 or 2.6.12.
Pantagruel says
With Darknet
have been an avid SuSe user since 1996 and am currently using a multi-boot setup (XP/Vista/OpenSuse). If you want to use a laptop, go for OpenSuSe or Ubuntu with the latest kernel (2.6.x) since you have the best chances of getting nearly all your hardware working. Try a bootable cd/dvd to check for compatibility
If you feel more confident you can switch to other distro’s or even to BSD family (OpenBSD/FreeBSD), even OS X is BSD based. I personally prefer BSD for my servers (but that’s just my choice).