WS-Attacker is a modular framework for web services penetration testing developed by the Chair of Network and Data Security, Ruhr University Bochum, and Hackmanit GmbH. It allows loading WSDL files, sending SOAP messages, and extending functionality with plugins and libraries for specific Web Services attacks. More information on its architecture and extensibility can be found in the Penetration Testing Tool for Web Services Security paper. Current version supports SOAPAction spoofing, WS-Addressing spoofing, XML Signature Wrapping, and XML-based DoS attacks.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A free, safe, and legal training ground for ethical hackers to test and expand their skills
DueDLLigence is an open-source tool for identifying and analyzing DLL hijacking vulnerabilities in Windows applications, providing automated analysis and remediation guidance.
A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.
A tool for generating .NET serialized gadgets for triggering .NET assembly load/execution.
A repository containing material for Android greybox fuzzing with AFL++ Frida mode
A red team planning framework document that guides exercise preparation with emphasis on blue team value, stakeholder engagement, and avoiding negative motivational approaches.
A free online wargame for practicing hacking skills and learning security concepts.
A proof-of-concept tool that demonstrates automated MFA bypass techniques for Microsoft Outlook through browser automation and request interception.
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.