Hackmanit develops a number of unique open source tools for security analysis in various areas. The Hackmanit team emphasizes a high level of integration: The tools can be integrated directly into your company test scenarios and thereby (semi-)automatically detect new threats. For example, WS-Attacker can be used to continuously scan your web services for vulnerabilities. More tools for the analysis of TLS, Single Sign-On, and Web applications are currently under development.

The Burp Suite Extension EsPReSSO helps in the detection of various Single Sign-On protocols. It supports SAML, OpenID, OAuth, BrowserId, OpenID Connect, Facebook Connect and Microsoft Account. EsPReSSO passively analyzes the HTTP traffic and automatically highlights Single Sign-On messages in the Burp Suite proxy.

In addition, EsPReSSO provides editors for SAML and JSON Web tokens allowing to edit them easily. In addition, XML Signature Wrapping attack vectors can be created for SAML using the built-in WS-Attacker library.

To the project page