WS-Attacker is a modular framework for web services penetration testing. It is a free and easy to use software solution, which provides an all-in-one security checking interface with only a few clicks.
Features:
- Automatic XML Encryption Attacks against Web Services
- Automatic XML Signature Wrapping attack against Web Services
- XML-Denial-of-Service Techniques against Web Services
- SOAPAction Spoofing and WS-Addressing Spoofing
- Further Attacks in Development (even apart from Web Services)
Screenshots:
 |
| Load a WSDL and set up request parameters |
 |
| Configuration: SOAPAction Spoofing |
 |
| Attack finished |
 |
| Submitting a test request |
 |
| Attack finished |
 |
| Configuration: WS Addressing Spoofing |
