Security Matrix

Vulnerability Reference

A comprehensive list of security flaws WSHawk is designed to identify and verify.

Broken Authentication

CRITICAL
WSH-001

Description: WebSocket connection established without valid session tokens or using hijacked/predictable identifiers.

Remediation: Enforce strict auth handshakes. Use cryptographically secure session IDs and valid CSRF tokens.

Remote Code Execution (RCE)

CRITICAL
WSH-002

Description: Injection of server-side commands via WebSocket parameters, leading to full system compromise.

Remediation: Sanitize all inputs using allow-lists. Avoid passing message data directly to shell commands or evaluators.

Blind XXE & SSRF

HIGH/CRITICAL
WSH-003

Description: Exploiting XML parsers or backend requests via WebSocket payloads to access internal data (detected via OAST).

Remediation: Disable external entity resolution in XML parsers and implement strict egress filtering for backend services.

CSWSH Hijacking

HIGH
WSH-004

Description: Server fails to validate 'Origin' headers, allowing malicious sites to hijack WebSocket sessions.

Remediation: Implement strict Origin whitelist validation and use modern SameSite cookie attributes.

Injection (SQL / NoSQL)

HIGH/CRITICAL
WSH-005

Description: Manipulating message structures to execute unauthorized database queries or bypass business logic.

Remediation: Use parameterized queries and robust ORM/ODM safety features for all WebSocket-derived data.

Path Traversal

HIGH
WSH-006

Description: Unauthorized access to file system paths via message parameter manipulation.

Remediation: Sanitize file path inputs and restrict process access using a chrooted environment or containerization.

Template Injection (SSTI)

HIGH/CRITICAL
WSH-007

Description: Injecting malicious template directives into messages that are processed by server-side engines.

Remediation: Use logic-less templates and ensure all user-controlled data is properly escaped before rendering.