Can this skill be used for automated security testing?

Absolutely. It provides a structured methodology and Python-based logic that can be integrated into security pipelines to validate SOAP service integrity during development or auditing.

Do I need a WSDL file to use this skill?

Yes, the skill is designed to parse WSDL (Web Services Description Language) definitions to understand the available methods and parameters before initiating security tests.

What vulnerabilities does this SOAP security skill test for?

The skill specifically tests for XML External Entity (XXE) injection, XML Bombs (Billion Laughs attack), SQL injection within SOAP bodies, SOAPAction spoofing, and WS-Security configuration bypasses.

Is this skill relevant for modern REST APIs?

This specific skill is tailored for SOAP (XML-based) services. While some principles like injection apply broadly, it is optimized for the unique structure of XML envelopes and WSDL-defined services.

SOAP Web Service Security Tester

Name: SOAP Web Service Security Tester
Author: mukul975

bymukul975

•

4,121

•

安全与测试

Performs comprehensive security audits on SOAP web services to identify XXE, XML injection, and WS-Security vulnerabilities.

This skill automates the complex process of testing SOAP-based web services, which are frequently used in enterprise, financial, and healthcare environments. By analyzing WSDL definitions, the skill maps service operations and systematically probes for XML-specific vulnerabilities including XML External Entity (XXE) injection, XPath injection, and XML 'Billion Laughs' bombs. It also evaluates the robustness of WS-Security implementations and tests for SOAPAction header spoofing, providing security professionals with a structured methodology to secure legacy and modern XML-based APIs.

主要功能

01Automated WSDL reconnaissance and operation mapping

02WS-Security configuration and bypass assessment

03SQL injection probing within XML envelope parameters

044,121 GitHub stars

05Detection of XML External Entity (XXE) and XML Bomb vulnerabilities

06SOAPAction header spoofing and mismatch testing

使用场景

01Automating vulnerability discovery for legacy web service integrations

02Validating WS-Security implementation correctness during development

03Conducting security penetration tests on enterprise SOAP endpoints

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-soap-web-service-security-testing

For use in Claude.ai and ChatGPT

主要功能

01Automated WSDL reconnaissance and operation mapping

02WS-Security configuration and bypass assessment

03SQL injection probing within XML envelope parameters

044,121 GitHub stars

05Detection of XML External Entity (XXE) and XML Bomb vulnerabilities

06SOAPAction header spoofing and mismatch testing

使用场景

01Automating vulnerability discovery for legacy web service integrations

02Validating WS-Security implementation correctness during development

03Conducting security penetration tests on enterprise SOAP endpoints

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills performing-soap-web-service-security-testing

For use in Claude.ai and ChatGPT