creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-soap-web-service-security-testing/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

56 lines
2.3 KiB
Markdown
Raw Blame History

# API Reference: SOAP Web Service Security Testing
## WSDL Namespaces
| Prefix | URI | Purpose |
|--------|-----|---------|
| `wsdl` | `http://schemas.xmlsoap.org/wsdl/` | WSDL 1.1 definitions |
| `soap` | `http://schemas.xmlsoap.org/wsdl/soap/` | SOAP 1.1 binding |
| `soap12` | `http://schemas.xmlsoap.org/wsdl/soap12/` | SOAP 1.2 binding |
| `xsd` | `http://www.w3.org/2001/XMLSchema` | XML Schema types |
| `wsse` | `http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd` | WS-Security |
## SOAP Request Headers
| Header | Value | Description |
|--------|-------|-------------|
| `Content-Type` | `text/xml; charset=utf-8` | SOAP 1.1 content type |
| `Content-Type` | `application/soap+xml; charset=utf-8` | SOAP 1.2 content type |
| `SOAPAction` | `"http://example.com/Operation"` | Target operation URI |
## Common Test Payloads
| Test | Category | Severity |
|------|----------|----------|
| XXE file read (`<!ENTITY xxe SYSTEM "file:///etc/passwd">`) | XML Injection | Critical |
| Billion Laughs (`<!ENTITY` expansion) | DoS | High |
| SQL injection in parameters | Injection | Critical |
| SOAPAction header mismatch | Authorization Bypass | High |
| Missing WS-Security token | Authentication Bypass | Critical |
| XPath injection (`' or '1'='1`) | Injection | High |
## Python Libraries
| Library | Version | Purpose |
|---------|---------|---------|
| `requests` | >=2.28 | Send raw SOAP HTTP requests |
| `lxml` | >=4.9 | Parse WSDL/XML with namespace support |
| `zeep` | >=4.2 | Full SOAP client with WSDL parsing |
| `suds-community` | >=1.1 | Alternative SOAP client |
## lxml Key Methods
| Method | Description |
|--------|-------------|
| `etree.fromstring(xml_bytes)` | Parse XML from bytes |
| `root.find(xpath, namespaces)` | Find single element |
| `root.findall(xpath, namespaces)` | Find all matching elements |
| `element.get(attr)` | Get attribute value |
## References
- OWASP SOAP Testing: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/12-API_Testing/01-Testing_GraphQL
- PortSwigger XXE: https://portswigger.net/web-security/xxe
- zeep Documentation: https://docs.python-zeep.org/en/master/
- WS-Security Specification: https://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
Reference in New Issue View Git Blame Copy Permalink