Hackmanit develops a number of unique open source tools for security analysis in various areas. The Hackmanit team emphasizes a high level of integration: The tools can be integrated directly into your company test scenarios and thereby (semi-)automatically detect new threats. For example, WS-Attacker can be used to continuously scan your web services for vulnerabilities. More tools for the analysis of TLS, Single Sign-On, and Web applications are currently under development.

XML-based SOAP Web Services are a widely used technology, which allows the users to execute remote operations and transport arbitrary data. It is currently adapted in Service Oriented Architectures, cloud interfaces, management of federated identities, eGovernment, or millitary services. The wide adoption of this technology has resulted in an emergence of numerous - mostly complex - extension specifications. Naturally, this has been followed by a rise in large number of Web Services attacks. By implementing common web applications, the developers evaluate the security of their systems by applying different penetration testing tools. However, in comparison to the well-known attacks as SQL injection or Cross Site Scripting, there exist no penetration testing tools for Web Services specific attacks. With WS-Attacker we intend to close this gap and provide developers and penetration testers automatic methods for detecting Web Services specific attacks. The tool currently supports the following attacks:

  • SOAPAction Spoofing
  • WS-Addressing Spoofing
  • Various XML Denial of Service variants
  • XML Signature Wrapping

GitHub Button Black Penetrationtesttools Hackmanit

 

Overview of open source tools

Example of the graphical user interface of WS-Attacker: 2020 06 ws attacker gui