New Free Open Source Web Services Pen Test Tool - WSDigger

["Mark Curphey" <mark () curphey com>]

We have just released a new open source free tool for hacking web services.
It's called WSDigger and is written to run on C# for .NET 1.1 (Win32).

http://www.foundstone.com/resources/s3i_tools.htm

The user specifies a UDDI and a search criteria such as "weather", the tool
determines and displays the possible available services. The user then
selects a service to connect to and the tool gets the WSDL and displays the
methods such as getHumidty(); or getTemp(); The user can then apply a
payload such as SQL Injection or XPATH injection and determine if the web
service has common vulnerabilities. The tool is written to accept plugins
(we ship with 3 sample plugins for XSS, SQL Injection and XPATH injection).
There will be a Sourceforge CVS tree to submit plugins for the framework. It
should be very easy to write any number of fuzzing type plugins. The code is
in the download and will in the CVS at
http://sourceforge.net/projects/foundstone/ this week. 

You can see screen shots from a blog posting last Friday here

https://www.threatsandcountermeasures.com/blogs/marksblog/archive/2005/07/08
/522.aspx

Enjoy !