XML is a platform-independent data format applied in a vast number of applications. Starting with configuration les, up to office documents, web applications and web services, this technology adopted numerous - mostly complex - extension specifications. As a consequence, a completely new attack scenario has raised by abusing weaknesses of XML-specific features. In the world of web applications, the security evaluation can be assured by the use of different penetration test tools. Nevertheless, compared to prominent attacks such as SQL-Injection or Cross-Site Scripting (XSS), there are currently no penetration test tool that is capable of analyzing the security of XML interfaces.