A Security Tool for Enumerating WebSockets

Overview

STEWS: Security Testing and Enumeration of WebSockets

STEWS cauldron image

STEWS is a tool suite for security testing of WebSockets

This research was first presented at OWASP Global AppSec US 2021

Features

STEWS provides the ability to:

  • Discover: find WebSockets endpoints on the web by testing a list of domains
  • Fingerprint: determine what WebSockets server is running on the endpoint
  • Vulnerability Detection: test whether the WebSockets server is vulnerable to a known WebSockets vulnerability

The included whitepaper in this repository provides further details of the research undertaken. The included slide deck was presented at OWASP AppSec US 2021.

Complementary respositories created as part of this research include:

Installation & Usage

Each portion of STEWS (discovery, fingerprinting, vulnerability detection) has separate instructions. Please see the README in each respective folder.

WebSocket Discovery

See the discovery README

WebSocket Fingerprinting

See the fingerprinting README

WebSocket Vulnerability Detection

See the vulnerability detection README

Why this tool?

WebSocket servers have been largely ignored in security circles. This is partially due to three hurdles that have not been clearly addressed for WebSocket endpoints:

  1. Discovery
  2. Enumeration/fingerprinting
  3. Vulnerability detecting

STEWS attempts to address these three points. A custom tool was required because there is a distinct lack of support for manually configured WebSocket testing in current security testing tools:

  1. There is a general lack of supported and scriptable WebSocket security testing tools (for example, NCC's unsupported wssip tool, nuclei's lack of WebSocket support, and nmap's lack of WebSocket support)
  2. Burp Suite lacks support for WebSocket extensions (for example, see this PortSwigger forum thread and this one).
  3. There is a lack of deeper WebSocket-specific security research (the Awesome WebSocket Security repository lists published WebSockets security research)
  4. The proliferation of WebSockets around the modern web (as seen in the results of the STEWS discovery tool)
You might also like...
A CLI tool to disable and enable security standards controls in AWS Security Hub

Security Hub Controls CLI A CLI tool to disable and enable security standards controls in AWS Security Hub. It is designed to work together with AWS S

A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Security audit Python project dependencies against security advisory databases.

Security audit Python project dependencies against security advisory databases.

RedTeam-Security - In this repo you will get the information of Red Team Security related links
RedTeam-Security - In this repo you will get the information of Red Team Security related links

OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M

An improbable web debugger through WebSockets
An improbable web debugger through WebSockets

wdb - Web Debugger Description wdb is a full featured web debugger based on a client-server architecture. The wdb server which is responsible of manag

Elegant WebSockets for your Flask apps.
Elegant WebSockets for your Flask apps.

Flask-Sockets Elegant WebSockets for your Flask apps. Simple usage of route decorator: from flask import Flask from flask_sockets import Sockets app

An improbable web debugger through WebSockets
An improbable web debugger through WebSockets

wdb - Web Debugger Description wdb is a full featured web debugger based on a client-server architecture. The wdb server which is responsible of manag

SSH to WebSockets Bridge
SSH to WebSockets Bridge

wssh wssh is a SSH to WebSockets Bridge that lets you invoke a remote shell using nothing but HTTP. The client connecting to wssh doesn't need to spea

Chat app for Django, powered by Django Channels, Websockets & Asyncio
Chat app for Django, powered by Django Channels, Websockets & Asyncio

Django Private Chat2 New and improved https://github.com/Bearle/django-private-chat Chat app for Django, powered by Django Channels, Websockets & Asyn

🚀 An asynchronous python API wrapper meant to replace discord.py - Snappy discord api wrapper written with aiohttp & websockets

Pincer An asynchronous python API wrapper meant to replace discord.py ❗ The package is currently within the planning phase 📌 Links |Join the discord

WebSocket implementation in Python built on top of websockets python library. Similar to Node.js's ws.

ws WebSocket implementation in Python built on top of websockets python library. Similar to Node.js's ws. Basic usage. server.py import ws server = w

Library for easily creating and managing websockets.

Documentation coming in version 0.1.4 GitHub PyPI Discord Features Easy to use with object oriented syntax. Intellisense support with typehints and do

Connects microservices through a mesh of websockets

WebMesh WebMesh is a WebSocket based communication library for microservices. It uses a WebSocket server based on wsproto that distributes clients on

Client library for relay - a service for relaying server side messages to the client side browsers via websockets.

Client library for relay - a service for relaying server side messages to the client side browsers via websockets.

An IPC based on Websockets, fast, stable, and reliable

winerp An IPC based on Websockets. Fast, Stable, and easy-to-use, for inter-communication between your processes or discord.py bots. Key Features Fast

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells
Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).
Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).

Welcome to Corsair_scan Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS) misconfigurations. CORS is a mechanism that allow

Comments
  • CSWSH ORIGIN BYPASS DETECTED ?

    CSWSH ORIGIN BYPASS DETECTED ?

    Hi,

    In case, I get

    CSWSH ORIGIN BYPASS DETECTED: wss://REDACTED.com/ws vanilla CSWSH didn't work, but server origin check was bypassed (unescaped period).

    Does that mean CSWSH is still possible ?? if so, how to set the Origin header to REDACTEDAcom ?

    Thank you in davance

    opened by Sim4n6 2
Releases(1.0.0)
Owner
null
Elegant WebSockets for your Flask apps.

Flask-Sockets Elegant WebSockets for your Flask apps. Simple usage of route decorator: from flask import Flask from flask_sockets import Sockets app

Heroku Python Team 1.7k Dec 26, 2022
Chat app for Django, powered by Django Channels, Websockets & Asyncio

Django Private Chat2 New and improved https://github.com/Bearle/django-private-chat Chat app for Django, powered by Django Channels, Websockets & Asyn

Bearle 205 Dec 30, 2022
WebSocket implementation in Python built on top of websockets python library. Similar to Node.js's ws.

ws WebSocket implementation in Python built on top of websockets python library. Similar to Node.js's ws. Basic usage. server.py import ws server = w

AceExpert 7 Jun 27, 2022
Library for easily creating and managing websockets.

Documentation coming in version 0.1.4 GitHub PyPI Discord Features Easy to use with object oriented syntax. Intellisense support with typehints and do

ZeroIntensity 0 Aug 27, 2022
Connects microservices through a mesh of websockets

WebMesh WebMesh is a WebSocket based communication library for microservices. It uses a WebSocket server based on wsproto that distributes clients on

Charles Smith 9 Apr 29, 2022
An IPC based on Websockets, fast, stable, and reliable

winerp An IPC based on Websockets. Fast, Stable, and easy-to-use, for inter-communication between your processes or discord.py bots. Key Features Fast

Black Thunder 5 Aug 9, 2022
A fast and durable Pub/Sub channel over Websockets. FastAPI + WebSockets + PubSub == ⚡ 💪 ❤️

⚡ ??️ FastAPI Websocket Pub/Sub A fast and durable Pub/Sub channel over Websockets. The easiest way to create a live publish / subscribe multi-cast ov

null 8 Dec 6, 2022
Burgeramt-appointments-websockets - Fetch Bürgeramt appointments and broadcast them via websockets

Bürgeramt appointment finder This server looks for Bürgeramt appointment every f

null 74 Dec 19, 2022
ELFXtract is an automated analysis tool used for enumerating ELF binaries

ELFXtract ELFXtract is an automated analysis tool used for enumerating ELF binaries Powered by Radare2 and r2ghidra This is specially developed for PW

Monish Kumar 49 Nov 28, 2022
Python tool for enumerating directories and for fuzzing

Python tool for enumerating directories and for fuzzing

Gourab Roy 5 Feb 21, 2022