Categories: Kali Linux

WSSAT – Web Service Security Assessment Tool

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests against the security vulnerabilities. It also makes information disclosure controls. With this tool, all web services could be analysed at once and the overall security assessment could be seen by the organization.

Objectives of WSSAT

Perform their web services security analysis at once
See overall security assessment with reports
Harden their web services

Also Read Log-killer : Clear All Your Logs In Linux & Windows Servers

WSSAT Installation

Development Environment

C# 
Microsoft Visual Studio Community Edition 2017 (https://www.visualstudio.com/downloads/)

Requirements

Windows OS (7 or later)
.Net Framework 4.7 (https://www.microsoft.com/en-us/download/details.aspx?id=55170)

Installation

Step 1: Download the WSSAT folder and copy/extract it to your Windows computer
Step 2: Go to WSSAT WSSAT\WSSAT\bin\Debug folder (Read/Write permission is required to generate report, log etc.)
Step 3: Double click WSSAT.exe

WSSAT’s Main Capabilities Include

Dynamic Testing:

Insecure Communication – SSL Not Used
Unauthenticated Service Method
Error Based SQL Injection
Cross Site Scripting
XML Bomb
External Entity Attack – XXE
XPATH Injection
HTTP OPTIONS Method
Cross Site Tracing (XST)
Missing X-XSS-Protection Header
Verbose SOAP Fault Message

Static Analysis:

Weak XML Schema: Unbounded Occurrences
Weak XML Schema: Undefined Namespace
Weak WS-SecurityPolicy: Insecure Transport
Weak WS-SecurityPolicy: Insufficient Supporting Token Protection
Weak WS-SecurityPolicy: Tokens Not Protected

Information Leakage:

Server or technology information disclosure

WSSAT’s Main Modules

Parser
Vulnerabilities Loader
Analyzer/Attacker
Logger
Report Generator

Related

Risk Assessment Framework : Static Application Security Testing

February 6, 2020

In "Kali Linux"

Prithvi – Report Generation Tool

June 19, 2019

In "Kali Linux"

OSCP : Navigating The Essential Toolkit For Penetration Testing

March 14, 2025

In "Exploitation Tools"

R K

Next Joomscan - OWASP Joomla Vulnerability Scanner Project »

Previous « XSS-Payload-List : Cross Site Scripting ( XSS ) Vulnerability Payload List

Share

Published by

R K

Tags: VulnerabilitiesWeb Service SecurityWSSAT

7 years ago

Recent Posts

Cyber security

How AI Puts Data Security at Risk

Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…

1 week ago

TECH

The Evolution of Cloud Technology: Where We Started and Where We’re Headed

Image credit:pexels.com If you think back to the early days of personal computing, you probably…

2 weeks ago

TECH

The Evolution of Online Finance Tools In a Tech-Driven World

In an era defined by technological innovation, the way people handle and understand money has…

2 weeks ago

OSINT

A Complete Guide to Lenso.ai and Its Reverse Image Search Capabilities

The online world becomes more visually driven with every passing year. Images spread across websites,…

2 weeks ago

Cyber security

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

2 months ago

Linux

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

2 months ago

L