v3.0.3 Released

Next-Gen WebSocket Security Scanning

WSHawk is an enterprise-grade WebSocket security scanner featuring Smart Payload Evolution, a Headless DOM Invader for real XSS confirmation, SSO Auth Flow Recording, and deep OAST integration. v3.0.3 ships a Desktop app with 22 web pentesting tools and zero-false-positive verification powered by headless Chromium.

Get StartedView Documentation
wshawk --full

$ wshawk ws://target.com/ws

[*] WSHawk v3.0.3 - Enterprise Security Scanner

[*] Initializing ResilientSession with Circuit Breaker...

[*] Learning Phase: Monitoring 5s of traffic...

[+] Format Identified: JSON (Nested Schema)

[*] Running SPE: Smart Payload Evolution Engine...

[+] DOM Invader: XSS Confirmed via Headless Chrome

[!] ALERT: Blind XSS Found (DOM Verified, No False Positives)

[!] ALERT: Out-of-Band XXE Detected (OAST)

[*] Pushing results to Jira & DefectDojo...

[+] Scan complete. Dashboard updated at port 5000.

Enterprise-Grade Capabilities

Sophisticated tools designed for the modern security landscape.

πŸ•ΈοΈ

CyberNode: Visual Attack Chaining

Drag-and-drop canvas to build multi-step attack pipelines. Connect Subdomain Finder to Dir Scanner to Auth Builder. Export chains as .hawkchain templates.

πŸ‘₯

Multiplayer Red Team Mode

Create or join rooms with 6-character codes. Live operator roster, shared activity feed, and collaborative notes synced across the entire team in real-time.

πŸ€–

AI Highlight-to-Hack

Highlight any JSON or XML parameter in ReqForge, right-click, and instantly generate context-aware payloads that are auto-populated directly into the Payload Blaster.

πŸ”¬

DOM Invader

Headless Chromium engine renders WebSocket responses and confirms real JavaScript execution β€” zero false positives on XSS findings.

πŸ”‘

Auth Flow Automation

Record SSO and OAuth login flows in a visible browser, then replay them headlessly to keep long-running fuzzing sessions authenticated automatically.

🧠

Smart Payload Evolution

Genetic algorithm that mutates 22,000+ payloads based on server feedback loops, WAF signals, and timing anomalies to find bypasses other scanners miss.

πŸ“‘

OAST Integration

Professional Out-of-Band testing via interact.sh for high-precision blind XXE and SSRF detection that response-only scanners cannot catch.

πŸ›‘οΈ

Resilience Control

Production-grade ResilientSession with circuit breakers and exponential backoff for stable, uninterrupted scanning against production targets.

🧱

Enterprise Ecosystem

Automated integration with Jira, DefectDojo, SARIF export, and multi-platform Webhooks for SOC and CI/CD pipeline integration.

Operation Modules

Security Showcase

Explore the inner workings of our advanced scanning engine.

/usr/bin/wshawk --console
● CONNECTED
// ACCESSING MODULE: HEURISTIC DISCOVERY
javascript
1# WSHawk automatically maps the protocol
2scanner = WSHawkV2("ws://target.com/api")
3await scanner.connect()
4 
5# Output snippet:
6[*] Handshake complete. Upgrade header validated.
7[*] Monitoring heartbeat traffic...
8[+] Format identified: JSON with nested schemas.
9[*] Initializing field-aware injection points...
WSHawk Kernel v3.0.3 [PRO]Execution: READY

Getting Started

Deploy WSHawk v3.0.3 in seconds β€” via pip, Desktop app, or Docker.

CLI Quickstart

$ pip install wshawk$ wshawk ws://target.com/ws

Python API

from wshawk.scanner_v2 import WSHawkV2import asyncioasync def scan(): scanner = WSHawkV2(url) await scanner.run_heuristic_scan()

Frequently Asked Questions

What is WSHawk?

WSHawk v3.0.3 is a production-grade WebSocket security scanner and desktop pentest suite. New in v3.0.3: CyberNode visual attack chaining, Multiplayer red team mode, AI Highlight-to-Hack payload generation, and the Headless DOM Invader for zero-false-positive XSS confirmation.

What is CyberNode and how does it work?

CyberNode is a drag-and-drop graphical canvas inside the Desktop app that lets you build multi-step attack pipelines. You connect tool blocks (Subdomain Finder, Dir Scanner, Auth Builder, S3 Dumper) with output lines, add conditional logic gates, and execute the full chain with a single click. Chains are saved as .hawkchain files and can be shared with the community as standardized exploit templates.

How does Multiplayer Mode work?

One operator creates a room and receives a 6-character code. Up to 6 operators can join the same room from separate WSHawk Desktop instances. All scan events, vulnerability findings, and endpoint discoveries broadcast to the team in real-time. Notes are collaboratively edited with 300ms debounced sync. Each operator has a colored avatar and status indicator showing which tool tab they are on.

What is AI Highlight-to-Hack?

In the ReqForge editor, you highlight any parameter value (for example, a JSON integer field), right-click, and select Generate AI Payloads. WSHawk reads the full surrounding context β€” JSON structure, field type, nesting depth β€” and generates a set of perfectly encoded, context-aware payloads for SQLi, NoSQLi, IDOR, and prototype pollution. Those payloads are automatically inserted into the Payload Blaster template with the injection marker in place.

How does the DOM Invader eliminate XSS false positives?

The DOM Invader renders each WebSocket response inside a sandboxed headless Chromium page and instruments window.alert, window.eval, and a MutationObserver to detect real JavaScript execution. Only payloads that actually fire in the browser are classified as confirmed XSS. An auth flow recorder also handles SSO and OAuth session expiry automatically during long fuzzing runs.

Can I integrate WSHawk into my CI/CD?

Yes. WSHawk supports automated pushes to Jira, DefectDojo, and structured webhooks, along with SARIF exports for GitHub Security integration. The Docker image can be run headlessly in any CI pipeline.

Who developed WSHawk?

WSHawk was architected and developed by Regaan, a Security Researcher and founder of Rot Hackers.

WSHawk v3.0.3 - Enterprise WebSocket Security Scanner

WSHawk is an enterprise-grade WebSocket security scanner developed by Regaan. Architected for high-concurrency environments, it provides deep heuristic analysis, autonomous payload evolution, and professional-grade vulnerability verification for red teams and corporate security operations.

Smart Payload Evolution & Genetic Fuzzing

WSHawk introduces a breakthrough Smart Payload Evolution (SPE) engine. Unlike static scanners, WSHawk's genetic algorithm learns from server response heuristics to mutate its 22,000+ payload database in real-time, pivoting attack strategies to bypass sophisticated WAFs and intrusion detection systems.

Cross-Platform Desktop Application & Web Pentest Toolkit

WSHawk v3.0.3 includes a native Desktop application (Windows, macOS, Linux) that extends the core WebSocket scanner with a comprehensive suite of 22+ integrated web security tools. Built on an Electron framework with a high-performance Python sidecar, the desktop environment provides a centralized workspace for modern offensive security testing.

The integrated **Web Pentest Toolkit** includes: - **Network Discovery**: Port Scanner, Subdomain Finder, and Web Crawler. - **Vulnerability Probing**: SSRF Prober, CORS Security Tester, and JWT/Cookie Analyzer. - **Attack Modules**: High-speed HTTP Fuzzer, Directory Brute-forcer, and Exploitation Lab. - **Interception**: Real-time WebSocket MitM Interceptor and Frame Editor.

Industry-Leading Verification & OAST

Ensure zero false positives with multi-stage verification. WSHawk synchronizes with Playwright for headless browser execution of XSS payloads and leverages advanced OAST (Out-of-Band Application Security Testing) to detect blind SSRF and XXE vulnerabilities.

Developed by Regaan | Powered by Rot Hackers

As the flagship tool in the Rot Hackers offensive security ecosystem, WSHawk represents the pinnacle of WebSocket security research. It empowers security engineers to conduct deep-dive audits with automated Jira integration and professional SARIF/HTML reporting.

Key Capabilities

  • CyberNode: drag-and-drop visual attack chaining with .hawkchain export
  • Multiplayer Red Team Mode: shared rooms, live roster, activity feed, collaborative notes
  • AI Highlight-to-Hack: context-aware payload generation from ReqForge right-click menu
  • DOM Invader: headless Chromium confirms real XSS execution, zero false positives
  • Auth Flow Recorder: capture SSO/OAuth sessions and replay headlessly
  • Auto session reconnect during long Payload Blaster operations
  • Smart Payload Evolution with feedback-driven genetic mutations
  • Advanced OAST blind vulnerability detection (interact.sh)
  • Persistent Web Dashboard with SQLite WAL-mode storage
  • Enterprise Integrations: Jira, DefectDojo, & Webhooks
  • ResilientSession with Circuit Breaker and Adaptive Backoff
  • Desktop app for Windows, macOS, and Linux
  • 22 web pentesting tools (actively maintained)
Keywords: WebSocket Scanner, Smart Payload Evolution, CSWSH detection, WebSocket security, Regaan, Rot Hackers, OAST testing, DOM Invader, headless XSS verification, Auth Flow Recorder, SSO replay, CyberNode attack chaining, Multiplayer pentesting, red team collaboration, AI payload generation, highlight to hack, hawkchain, visual exploit pipeline, Heuristic security analysis, WAF bypass, AI exploit engine, Jira security integration, SARIF report, Desktop security tool.