Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WSDL API - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#api
Description

What is the "WSDL API - Detect" module?

The "WSDL API - Detect" module is designed to detect the presence of a WSDL (Web Services Description Language) API. It targets software that exposes an API through a WSDL file. This module is classified as informative, meaning it provides information about the presence of the API but does not identify any vulnerabilities or misconfigurations.

Impact

This module does not have any direct impact on the targeted software. It solely detects the presence of a WSDL API, providing information to the user.

How the module works?

The "WSDL API - Detect" module works by sending an HTTP GET request to the target software's root URL with the path "/?wsdl". It then checks the response for the presence of the "wsdl:definitions" keyword using a word matching condition. If the keyword is found, the module considers the API to be present.

Example HTTP request:

GET /?wsdl

The module uses a single matching condition:

Match if all of the following conditions are met:
- The response contains the word "wsdl:definitions"

By analyzing the response and matching conditions, the module determines whether the targeted software exposes a WSDL API.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/?wsdl
Matching conditions
word: wsdl:definitions
Passive global matcher
No matching conditions.
On match action
Report vulnerability