[New added] wsScanner web services multiusage tool

by

In: Application Scanner , Fuzzers , Vulnerability Scanner , wsScanner

10 October 2007

wsScanner is a toolkit for Web Services scanning and vulnerability detection

This tool is having following utilities:

  • Discovery tool - By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern.
  • Vulnerability detection - It is possible to enumerate and profile Web Services using this tool and one can follow it up by auto auditing (.NET only). .NET proxy gets dynamically created for audit module. One can do vulnerability scan for data type, SQL injections, LDAP/Command injections, Buffer checks, Bruteforing SOAP etc. It is also possible to leverage regex patterns for SOAP analysis.
  • Fuzzing - This tool helps in fuzzing different Web 2.0 streams like SOAP, XML-RPC, REST, JSON etc. This module helps in assessing various different Web Services.
  • UDDI scan - It is possible to scan UDDI servers using this tool for footprinting and discovery of Web Services.

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Application Scanner
Fuzzers
Vulnerability Scanner
wsScanner