WS-Attacker
WS-Attacker is a modular framework for web services penetration testing developed by the Chair of Network and Data Security, Ruhr University Bochum, and Hackmanit GmbH. It allows loading WSDL files, sending SOAP messages, and extending functionality with plugins and libraries for specific Web Services attacks. More information on its architecture and extensibility can be found in the Penetration Testing Tool for Web Services Security paper. Current version supports SOAPAction spoofing, WS-Addressing spoofing, XML Signature Wrapping, and XML-based DoS attacks.
FEATURES
ALTERNATIVES
An open-source penetration testing framework for social engineering with custom attack vectors.
A list of useful payloads and bypasses for Web Application Security.
A tool to remove malicious artifacts from Microsoft Office documents, preventing malware infections and data breaches.
PwnAuth is an open-source tool for generating and managing authentication tokens for penetration testing and red teaming exercises.
A wargaming network for penetration testers to practice their skills in a realistic environment.
A collection of payloads and methodologies for web pentesting.
AzureC2Relay enhances security by validating and relaying Cobalt Strike beacon traffic through Azure Functions.
A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.