Modules
Adaptive Mutation
Bypassing WAFs and filters with the WSHawk evolutionary payload engine.
Smart Payload Evolution
The Smart Payload Evolution (SPE) Engine is the core of WSHawk v3.0's evasion capability. Instead of using static lists, it uses genetic algorithms and real-time feedback to evolve payloads that specifically bypass the target's unique filter logic.
Mutation Strategies
Case Variation
Randomizing character casing to bypass case-sensitive regex patterns.
<sCrIpT> → <ScRiPt>Whitespace Manipulation
Injecting tabs, newlines, and null bytes to break keyword detection.
alert(1) → alert\n(1)Feedback-Driven Learning
WSHawk analyzes HTTP status codes and response headers to "learn" what works. If a specific strategy (e.g., Encoding) results in a 403 Forbidden, the engine pivots to more aggressive strategies like Polyglot Injection or Tag Breaking.
python
1# Manual use of the mutator from wshawk.payload_mutator import PayloadMutator, MutationStrategy mutator = PayloadMutator() original = '<script>alert(1)</script>' # Generate 5 diverse variants variants = mutator.mutate_payload(original, MutationStrategy.ENCODING, count=5)