A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: `<object object_ref=`¦ />` and `<state state_ref=`¦ / >`. Which of the following tools BEST supports the use of these definitions? 

Answer options:

A. HTTP interceptor
B. Static code analyzer
C. SCAP scanner
D. XML fuzzer

D