Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WSDL API - Detect" module is designed to detect the presence of a WSDL (Web Services Description Language) API. It targets software that exposes an API through a WSDL file. This module is classified as informative, meaning it provides information about the presence of the API but does not identify any vulnerabilities or misconfigurations.
This module does not have any direct impact on the targeted software. It solely detects the presence of a WSDL API, providing information to the user.
The "WSDL API - Detect" module works by sending an HTTP GET request to the target software's root URL with the path "/?wsdl". It then checks the response for the presence of the "wsdl:definitions" keyword using a word matching condition. If the keyword is found, the module considers the API to be present.
Example HTTP request:
GET /?wsdl
The module uses a single matching condition:
Match if all of the following conditions are met:
- The response contains the word "wsdl:definitions"
By analyzing the response and matching conditions, the module determines whether the targeted software exposes a WSDL API.