OAST Integration
Detecting blind vulnerabilities using Out-of-Band Application Security Testing.
Why OAST?
Traditional DAST (Dynamic Application Security Testing) relies on immediate responses. However, many WebSocket vulnerabilities are "blind"—they execute on the backend or in another user's browser, providing no direct feedback to the scanner. OAST solves this by using external "callback" servers.
Automatic Provider Setup
WSHawk includes a built-in provider for interact.sh. When enabled, it automatically registers a temporary domain and injects it into payloads.
1# Enabling OAST is simple from wshawk.scanner_v2 import WSHawkV2 scanner = WSHawkV2(url) scanner.use_oast = True # This activates the OAST engine await scanner.run_heuristic_scan()Polling & Detection
WSHawk polls the OAST provider every 10 seconds. If a backend system or browser process triggers a payload, the interaction is captured, logged, and included in the final report.
Supported Protocols
DNS, HTTP, and HTTPS callbacks are all tracked and analyzed for source attribution.
Advanced Config
You can also provide a custom OAST provider if you prefer using a self-hosted server like ProjectDiscovery's interactsh-server.
1scanner.oast_provider.server = 'https://my-private-oast.com' scanner.oast_provider.token = 'my-secret-token'