performing-soap-web-service-security-testing
CommunityDetect SOAP XML and WS-Security vulnerabilities
System Documentation
What problem does it solve?
Security assessments often miss XML-specific vulnerabilities in SOAP services because SOAP uses verbose WSDL-driven XML envelopes, specialized headers (SOAPAction, WS-Security), and complex schemas that hide injection and authentication weaknesses; this Skill automates discovery and testing so defenders can reliably identify XXE, XML DoS, injection, and WS-Security misconfigurations.
Core Features & Use Cases
- WSDL reconnaissance: Parse WSDLs to enumerate operations, bindings, and endpoints to accurately target tests.
- XML-based attack testing: Inject XXE payloads, XML bomb patterns, and XPath/SQL injection strings to detect parsing errors, sensitive file disclosures, and DoS behavior.
- Protocol and header checks: Verify SOAPAction handling and WS-Security enforcement to reveal spoofing and authentication bypass scenarios.
- Use Case: During a penetration test of an enterprise SOAP API, use this Skill to map operations from the WSDL, run XXE and injection payloads safely, and produce a concise findings report highlighting critical misconfigurations.
Quick Start
Test the SOAP service at http://example.com/ws?wsdl for XXE, XML bomb, SQL/XPath injection, SOAPAction spoofing, and WS-Security bypass.
Dependency Matrix
Required Modules
Components
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: performing-soap-web-service-security-testing Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#performing-soap-web-service-security-testing Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.