Onboarding

Getting Started

Deploy WSHawk and run your first security audit in under 60 seconds.

01. Installation

WSHawk is distributed via PyPI and requires Python 3.8+ for core features. Advanced browser-based verification requires Playwright.

bash
1# Core installation pip install wshawk  # Optional: Browser-based verification (recommended) playwright install chromium

02. Quick Scan

The simplest way to audit a WebSocket endpoint is using the standard CLI. WSHawk will automatically perform heuristic analysis to identify the messaging format.

bash
1wshawk ws://target-app.com/v1/socket

Pro-tip

Use --rate 5 to limit requests if the server has strict anti-automation or rate-limiting in place.

03. Advanced Security Audit

For a comprehensive assessment, enable the full suite of modules including OAST (Out-of-Band) testing and session hijacking modules.

bash
1wshawk ws://target-app.com/v1/socket --full

04. Using as a Library

Integrate WSHawk directly into your automated security pipelines or custom exploit scripts.

python
1import asyncio from wshawk.scanner_v2 import WSHawkV2  async def main(): scanner = WSHawkV2('wss://secure.api.com/ws') scanner.use_oast = True  # Run targeted heuristic scan report = await scanner.run_heuristic_scan() print(f'Critical Issues: {report[\'summary\'][\'critical\']}')  asyncio.run(main())

What's Next?

Heuristic Core

How WSHawk analyzes message schemas.

OAST Setup

Configure blind callback detection.