SAML Pummel

SAML Pummel is a BeanShell plug-in for WebScarab. It automates eight different injection attacks to assist in auditing the implementation of SAML 2.0 single sign-on systems.

  • C14N Entity Expansion
  • C14N Transforms
  • Remote DTD
  • Remote KeyInfo RetrievalMethod
  • Remote KeyInfo WSSE Security Token Reference
  • SignedInfo Remote Reference
  • XSLT Transform URL Retrieval (Xalan)
  • XSLT Transform Thread Suspension (Xalan)


  • Java Runtime Environment 1.5 or greater,
  • WebScarab (modified self-contained jar included)

Download Tool

Call us before you need us.

Our experts will help you.

Get in touch