GPL (GNU General Public License)    
3.4/5 10
WSFuzzer is a fuzzing penetration testing tool used against HTTP SOAP based web services.




WSFuzzer is a fuzzing penetration testing tool used against HTTP SOAP based web services. It is a GPL licensed program, written in Python, that currently targets web services. In the current version HTTP based SOAP services are the main target. This tool was created based on, and to automate, some real-world manual SOAP pen testing work.

This tool is NOT meant to be a replacement for solid manual human analysis. Please view WSFuzzer as a tool to augment analysis performed by competent and knowledgable professionals. Web Services are not trivial in nature so expertise in this area is a must for proper pen testing.


To automate some of the more intense SOAP fuzzing processes that would be quite time consuming if performed manually
To do attack vector generation in a dynamic and intelligent fashion based on the specific target
Providing its functionality/resulting data to other tools in a seamless fashion
To facilitate the repeatable use of known successful attack vectors, especially against specific targets
To be part of a solid web application pen testing toolkit
To be as easy to use within the spectrum of understanding, and working with, SOAP services

It is not the goal of WSFuzzer to replace human analysis. AAMOF WSFuzzer does not currently do any analysis of the results gathered. The job of analysis is left to the analyst/engineer running a given pen test.

This tool is ultimately meant to augment a pen testers job in respect to SOAP services.

Here are some key features of "WSFuzzer":

Pen tests an HTTP SOAP web service based on either valid WSDL, known good XML payload, or a valid endpoint & namespace.
It can try to intelligently detect WSDL for a given target.
Includes a simple TCP port scanner.
WSFuzzer has the ability to Fuzz methods with multiple parameters. There are 2 modes of attack/fuzzing: "individual" and "simultaneous". Each parameter is either handled as a unique entity (individual mode), and can either be attacked or left alone, or multiple parameters are attacked simultaneously (hence the name - simultaneous mode) with a given data set.
The fuzz generation (attack strings) consists of a combination of a dictionary file, some optional dynamic large injection patterns, and some optional method specific attacks including automated XXE and WSSE attack generation.
The tool also provides the option of using some IDS Evasion techniques which makes for a powerful security infrastructure (IDS/IPS) testing experience.
A time measurement of each round trip between request and response is now provided to potentially aid in results analysis.
For any given program run the generated attack vectors are saved out to an xml file. The XML file is named XXX and is located in the same directory where the results HTML file is saved. A previously generated XML file of attack vectors can be utilized instead of the dictionary/automated combo. This is for the sake of repeatability when the same vectors need to be used over and over again.

What's New in This Release:

Toned down some of the random attack vector generation processes so as to improve prog run time performance.
Added support for Document/Literal SOAP payloads to be submitted via the --xml option.
Added code to check for host availability at the earliest possible stage. Prog dies if host not available.
Added code to automatically save (to local file) all generated attack vectors for a given run. The file is in a simple XML format.
Added a feature to utilize saved attack vectors from the XML file as opposed to the dynamic generation of attack vectors. This option is invoked with the "--attacks=" switch.
Added more options into the config file model so that when one is used less interactive aspects are exercised.
Last updated on July 22nd, 2008

0 User reviews so far.