Knowledge Base
Comprehensive guides and documentation to help you master WebSocket security testing.
The WSHawk Philosophy
Total Visibility
Passive monitoring combined with active probing to map out the entire WebSocket attack surface.
Zero Noise
Sophisticated verification engines ensure every finding is actionable and accurate.
Adaptive Offense
Payloads that learn and evolve based on target response headers and status codes.
Security Lifecycle
Explore the multi-stage automated process WSHawk uses for end-to-end scanning.
Getting Started
Install WSHawk and run your first comprehensive security audit in seconds.
Heuristic Analysis
Deep dive into how WSHawk understands message formats and targets injection points.
Mutation Engine
Learn about adaptive payload generation and WAF evasion strategies.
OAST Support
Setting up out-of-band testing with interact.sh and local callbacks.
Verification System
How WSHawk uses headless browsers to confirm vulnerabilities with zero false positives.
Vulnerability Matrix
Reference guide for all common WebSocket security flaws identified by WSHawk.
Examples Gallery
Real-world scenarios and code snippets for various testing environments.
Core Command Reference
| Command | Description |
|---|---|
wshawk [url] | Run a standard heuristic security scan. |
wshawk --full | Enable OAST, Playwright, and Session testing. |
wshawk --playwright | Enable headless browser XSS verification. |
wshawk --rate [n] | Limit requests per second (evade rate limits). |