Modules
Adaptive Mutation
Bypassing WAFs and filters with the WSHawk evolutionary payload engine.
Payload Evolution
The Payload Mutator is the heart of WSHawk's evasion capability. Instead of using static lists, it transforms base payloads using multiple recursive strategies to find "cracks" in security filters.
Mutation Strategies
Case Variation
Randomizing character casing to bypass case-sensitive regex patterns.
<sCrIpT> → <ScRiPt>Whitespace Manipulation
Injecting tabs, newlines, and null bytes to break keyword detection.
alert(1) → alert\n(1)Feedback-Driven Learning
WSHawk analyzes HTTP status codes and response headers to "learn" what works. If a specific strategy (e.g., Encoding) results in a 403 Forbidden, the engine pivots to more aggressive strategies like Polyglot Injection or Tag Breaking.
python
1# Manual use of the mutator from wshawk.payload_mutator import PayloadMutator, MutationStrategy mutator = PayloadMutator() original = '<script>alert(1)</script>' # Generate 5 diverse variants variants = mutator.mutate_payload(original, MutationStrategy.ENCODING, count=5)