Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/anil-yelken/Vulnerable-Soap-Service

Erlik - Vulnerable Soap Service
https://github.com/anil-yelken/Vulnerable-Soap-Service

appsec owasp soap soap-python soap-web-app soap-webservice vulnerabilities vulnerability vulnerability-detection vulnerable-application vulnerable-soap-server vulnerable-soap-service vulnerable-web-app vulnerable-web-application web web-application web-hacking web-penetration-testing web-pentest web-pentesters

Last synced: 3 months ago
JSON representation

Erlik - Vulnerable Soap Service

Host: GitHub
URL: https://github.com/anil-yelken/Vulnerable-Soap-Service
Owner: anil-yelken
License: gpl-3.0
Created: 2022-08-17T17:20:32.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2022-09-29T08:28:58.000Z (almost 2 years ago)
Last Synced: 2024-01-21T02:09:09.359Z (6 months ago)
Topics: appsec, owasp, soap, soap-python, soap-web-app, soap-webservice, vulnerabilities, vulnerability, vulnerability-detection, vulnerable-application, vulnerable-soap-server, vulnerable-soap-service, vulnerable-web-app, vulnerable-web-application, web, web-application, web-hacking, web-penetration-testing, web-pentest, web-pentesters
Language: Python
Homepage:
Size: 1.32 MB
Stars: 92
Watchers: 2
Forks: 24
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Lists

awesome-pentest-cheat-sheets - Vulnerable SOAP Web Service - a vulnerable SOAP web service lab environment (Learning Platforms / Off-Line)
awesome-pentest-cheat-sheets - Vulnerable SOAP Web Service - a vulnerable SOAP web service lab environment (Learning Platforms / 🗝 Privilege Escalation)

README

# Vulnerable-Soap-Service
Erlik - Vulnerable Soap Service

Tested - Kali 2022.1

## Description

It is a vulnerable SOAP web service. It is a lab environment created for people who want to improve themselves in the field of web penetration testing.

## Features

It contains the following vulnerabilities.

-LFI

-SQL Injection

-Information Disclosure

-Command Injection

-Brute Force

-Deserialization

## Installation
git clone https://github.com/anil-yelken/Vulnerable-Soap-Service

cd Vulnerable-Soap-Service

sudo pip3 install -r requirements.txt

## Usage

sudo python3 vulnerable_soap.py

## Exploiting Vulnerabilities

### LFI

Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/lfi.py

### SQL Injection

Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/sqli.py

### Information Disclosure

Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/get_logs_information_disclosure.py

Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/get_data_information_disclosure.py

### Command Injection

Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/commandi.py

### Brute Force

Code:https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/brute.py

### Deserialization

Code:

https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/deserialization_socket.py

https://github.com/anil-yelken/Vulnerable-Soap-Service/blob/main/deserialization_requests.py