A Security Tool for Enumerating WebSockets
STEWS is a tool suite for security testing of WebSockets
This research was first presented at OWASP Global AppSec US 2021
STEWS provides the ability to:
The included whitepaper in this repository provides further details of the research undertaken. The included slide deck was presented at OWASP AppSec US 2021.
Complementary respositories created as part of this research include:
Each portion of STEWS (discovery, fingerprinting, vulnerability detection) has separate instructions. Please see the README in each respective folder.
See the discovery README
See the fingerprinting README
See the vulnerability detection README
WebSocket servers have been largely ignored in security circles. This is partially due to three hurdles that have not been clearly addressed for WebSocket endpoints:
STEWS attempts to address these three points. A custom tool was required because there is a distinct lack of support for manually configured WebSocket testing in current security testing tools: