Support for Web Services vulnerability scanning

[ulissescastro]

Create WSDL/SOAP crawler to make possible throw security tests at entry points that common vulnerability assessment tools can't reach.

A good post about it and how it works: http://www.acunetix.com/websitesecurity/web-services-wp/

[Zapotek]

Can't say that this is a high priority but I'd like to eventually support it. Cheers

[treadie]

Here is a good post that may also help. http://www.reinteractive.net/posts/3-rolling-your-own-ruby-soap-client-with-typhoeus-and-nokogiri

[Zapotek]

Great resource @treadie. I was looking into it for v0.5 and came across this issue again during my pre-release sweep for 0.4.7.

[eirikhm]

REST/JSON should also be implemented here.

Any estimates on the size of a task like this? Might be able to take a look if I get some pointers on where to start.

[Zapotek]

The groundwork is already being laid down for this. JSON support is done but needs testing and next up is XML support. These will be released in v1.1.

Then the only thing missing will be a nice web-services specific user interface and a specialised crawler.

Like I said, this isn't a high priority, but it is slowly coming together. :)

[jahrek]

hello ;-)

What is the status of this task right now? :)

[Zapotek]

@jahrek My previous comment says it all, any updates will be posted here as they occur.

[Joeyn414]

This seems to be an old thread, but I have an interest in using this to scan my SOAP REST services. I wanted to first confirm that arachni cannot do this yet. And two, as mentioned by @eirikhm I would be interested in helping you write this if you told me where to insert it into the application.

[Zapotek]

Seeing as there's no standard way to crawl web services, your best bet is this: http://support.arachni-scanner.com/kb/general-use/service-scanning