WS-Attacker Logo

WS-Attacker

0
Free
Visit Website

WS-Attacker is a modular framework for web services penetration testing developed by the Chair of Network and Data Security, Ruhr University Bochum, and Hackmanit GmbH. It allows loading WSDL files, sending SOAP messages, and extending functionality with plugins and libraries for specific Web Services attacks. More information on its architecture and extensibility can be found in the Penetration Testing Tool for Web Services Security paper. Current version supports SOAPAction spoofing, WS-Addressing spoofing, XML Signature Wrapping, and XML-based DoS attacks.

FEATURES

ALTERNATIVES

A repository containing material for Android greybox fuzzing with AFL++ Frida mode

A Python-based tool for identifying and exploiting file inclusion and directory traversal vulnerabilities in web applications.

A DNS rebinding attack framework for security researchers and penetration testers.

An interactive multi-user web JS shell

A tool that simplifies the installation of tools and configuration for Kali Linux

Mortar is an evasion technique to defeat and divert detection and prevention of security products, including AV, EDR, and XDR solutions.

GNU/Linux Wireless distribution for security testing with XFCE desktop environment.

A blog post discussing the often overlooked dangers of CSV injection in applications.