{"id":21530,"date":"2022-02-01T12:07:53","date_gmt":"2022-02-01T12:07:53","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=21530"},"modified":"2022-02-01T12:07:56","modified_gmt":"2022-02-01T12:07:56","slug":"stews","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/stews\/","title":{"rendered":"STEWS : A Security Tool For Enumerating Web Sockets"},"content":{"rendered":"\n<p><strong>STEWS<\/strong> is a tool suite for security testing of Web Sockets<\/p>\n\n\n\n<p>This research was first presented at&nbsp;OWASP Global AppSec US 2021<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS#features\"><\/a><strong>Features<\/strong><\/p>\n\n\n\n<p>STEWS provides the ability to:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Discover<\/strong>: find WebSockets endpoints on the web by testing a list of domains<\/li><li><strong>Fingerprint<\/strong>: determine what WebSockets server is running on the endpoint<\/li><li><strong>Vulnerability Detection<\/strong>: test whether the WebSockets server is vulnerable to a known WebSockets vulnerability<\/li><\/ul>\n\n\n\n<p>The included whitepaper in this repository provides further details of the research undertaken. The included slide deck was presented at OWASP AppSec US 2021.<\/p>\n\n\n\n<p>Complementary respositories created as part of this research include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The&nbsp;Awesome Web Socket Security repository, which compiles Web Sockets security information for future researchers<\/li><li>The&nbsp;Web Sockets-Playground repository, which is a script to easily jump start multiple local Web Socket servers in parallel<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS#installation--usage\"><\/a><strong>Installation &amp; Usage<\/strong><\/p>\n\n\n\n<p>Each portion of STEWS (discovery, fingerprinting, vulnerability detection) has separate instructions. Please see the README in each respective folder.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS#websocket-discovery\"><\/a><strong>Web Socket Discovery<\/strong><\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>STEWS Discovery Tool<\/strong><\/p>\n\n\n\n<p>The STEWS (Security Tool for Enumerating WebSockets) discovery tool uses a custom fork of ZGrab2 to test URLs for WebSocket support by sending the first part of a WebSocket connection handshake. If the server responds to this WebSocket connection request with a HTTP 101 &#8220;Switching Protocols&#8221; response, it can be assumed that the server supports WebSockets. The approach used for WebSocket endpoint discovery is a brute-force approach that relies on a wordlist. This is because WebSockets may only be accessible at a specific path of a server. By sending out large numbers of these WebSocket handshake requests and filtering for servers that respond with a 101 status code, many WebSocket endpoints can be discovered. However, there are some weaknesses to this approach:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Specific URL paths are tested, which means that a WebSocket endpoint not at this location will not be detected.<\/li><li>ZGrab2 is a work in progress, with some key PRs for improved HTTP support merged in the last year or two<\/li><li>ZGrab2 was not originally designed to operate at the HTTP layer, but at the TCP\/IP layer. Therefore, ZGrab2 doesn&#8217;t solve high throughput DNS lookups and this can be a problem point depending on your configuration. See the following DNS tip for the current recommended approach.<\/li><\/ul>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS\/blob\/main\/discovery\/README.md#dns-tips\"><\/a><strong>DNS tips<\/strong><\/p>\n\n\n\n<p>If you have used a common web fuzzer or URL brute force tool such as&nbsp;gobuster&nbsp;or&nbsp;ffuf, you have likely used this tool against a single domain. Because the STEWS discovery process is testing many different domains, a large number of DNS requests will occur. The DNS lookup process can take just as much time, if not more, than sending the actual WebSockets request. If you are using your ISP&#8217;s default DNS server, you will likely reach the lookup rate limit and start encountering DNS errors that can cause missed Web Socket endpoints.<\/p>\n\n\n\n<p>The approach used for testing on a vanilla Ubuntu system that is relying on the \/etc\/resolv.conf file for DNS server is to add several well-known public DNS servers, such as Google (8.8.8.8 and 8.8.4.4), Quad9 (9.9.9.9), and Cloudflare (1.1.1.1 and 1.0.0.1) to the \/etc\/resolve.conf file. When your system is performing the DNS lookups and does not get a response from the first DNS nameserver, it will use other DNS servers in the \/etc\/resolv.conf, which can help balance the DNS request load in case the rate limit has been hit on other nameservers in the \/etc\/resolv.conf file.<\/p>\n\n\n\n<p>There are optimizations that can speed up discovery beyond the approach described above. For example, zgrab2 accepts input files that contain the IP of the domain, in the format&nbsp;<code><strong>IP,domain<\/strong><\/code>, to allow zgrab2 to skip the DNS lookup step. This approach saves time if many URL paths are being tested (1 DNS lookup per domain rather than a DNS lookup per domain for each URL path tested).<\/p>\n\n\n\n<p>If you aren&#8217;t discovering any WebSockets endpoints and suspect DNS lookups may be the issue, you can use Wireshark or tcpdump to troubleshoot the issue.<\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS\/blob\/main\/discovery\/README.md#domain-list-tips\"><\/a><strong>Domain list tips<\/strong><\/p>\n\n\n\n<p>There are many ways to get a long list of domains to test for WebSockets.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>If you want to manually find endpoints to discover new URL paths where WebSockets may exist beyond what is listed in the&nbsp;sample discovery results table, there aren&#8217;t many known shortcuts beyond manual browsing. Finding repositories on GitHub that contain many WebSockets endpoints (such as this&nbsp;cryptofeed repo).<\/li><li>If you are focused on testing a specific domain or set of domains, you can use a list of the domains and subdomains in scope.<\/li><li>If you are scanning the web, you can either search on your favorite search engine for &#8220;top million domains&#8221; or &#8220;top 100 million domains&#8221;. Lastly, for a more comprehensive list of domains, you can request access to the same source that top level DNS servers use, zone files. You can&nbsp;submit a request to ICANN&nbsp;for these zone files. As a warning, the .com zone file is a 21+ GB text file and the .org zone file is 1.5+ GB. Additionally, the zone files contain many domains that resolve to 0.0.0.0, internal IPs, etc. that could be cleaned or minified before using.<\/li><\/ul>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS\/blob\/main\/discovery\/README.md#usage-and-dependencies\"><\/a><strong>Usage and dependencies<\/strong><\/p>\n\n\n\n<p>The&nbsp;<code><strong>STEWS-discovery.sh<\/strong><\/code>&nbsp;script is a bash script tested on Linux. The only dependencies are&nbsp;jq&nbsp;and a zgrab2 binary from the custom&nbsp;Palindrome Technologies zgrab2 fork&nbsp;(a working binary can be downloaded from&nbsp;here). This zgrab2 fork makes the following changes (as of Nov 2021):<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The&nbsp;<code><strong>DynamicOrigin<\/strong><\/code>&nbsp;flag is added to set the &#8220;Origin&#8221; header to the target domain without path (in case Origin is checked for CSWSH mitigation)<\/li><li>To simplify the Web Sockets handshake HTTP request, the User Agent header, the Accept-Encoding header, and the Accept header are all removed, the latter using a new&nbsp;<code><strong>RemoveAcceptHeader<\/strong><\/code>&nbsp;flag<\/li><li>The&nbsp;<code><strong>Endpoint<\/strong><\/code>&nbsp;flag is removed because the endpoint path is included in the URL list provided as input<\/li><\/ul>\n\n\n\n<p>The script uses the&nbsp;<code><strong>known-endpoints.txt<\/strong><\/code>&nbsp;by default (these known Web Sockets servers are part of bug bounty programs), but any text file of domains can be provided as input.<\/p>\n\n\n\n<p>The&nbsp;<code><strong>STEWS-discover.sh<\/strong><\/code>&nbsp;script can be modified to view additional information about each server. For example, adding&nbsp;<code><strong>.data.http.result.response.headers<\/strong><\/code>&nbsp;to the values provided to&nbsp;<code><strong>jq<\/strong><\/code>&nbsp;will output the headers from each server.<\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS\/blob\/main\/discovery\/README.md#sample-discovery-results\"><\/a><strong>Sample discovery results<\/strong><\/p>\n\n\n\n<p>From a sample size of ~3 million domains tested in Nov 2021, the following table illustrates the number of servers discovered that supported WebSockets for each URL pattern. The xxx characters imply a variety of TLDs were tested.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>URL<\/th><th>WebSocket servers found<\/th><\/tr><\/thead><tbody><tr><td>domain.xxx<\/td><td>2281<\/td><\/tr><tr><td>domain.xxx\/ws<\/td><td>1991<\/td><\/tr><tr><td>domain.xxx\/ws\/v1<\/td><td>1605<\/td><\/tr><tr><td>domain.xxx\/ws\/v2<\/td><td>1606<\/td><\/tr><tr><td>domain.xxx\/socket.io\/?EIO=3&amp;transport=websocket<\/td><td>1389<\/td><\/tr><tr><td>domain.xxx\/stream<\/td><td>448<\/td><\/tr><tr><td>domain.xxx\/feed<\/td><td>452<\/td><\/tr><tr><td>www.domain.xxx<\/td><td>1582<\/td><\/tr><tr><td>ws.domain.xxx<\/td><td>891<\/td><\/tr><tr><td>stream.domain.xxx<\/td><td>574<\/td><\/tr><tr><td><strong>Total<\/strong><\/td><td><strong>12819<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS#websocket-fingerprinting\"><\/a><strong>Web Socket Fingerprinting<\/strong><\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>STEWS Fingerprinting Tool<\/strong><\/p>\n\n\n\n<p>The STEWS (Security Tool for Enumerating WebSockets) fingerprint tool uses implementation-level differences in popular WebSocket implementations to try to identify running WebSocket servers. The STEWS fingerprinting tool uses server features both in the WebSocket handshake (using the HTTP protocol) and in the WebSocket protocol frames (using the WebSocket protocol), requiring the tool to handle two different protocols.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiim4Y6gTEALeq30ygN_nBkHGmyHSB7MuRJrGw67d6uUm-t9Yx8WXajg4gVchtKPxuwHmST3rXKJqkDxr1CpNuHnntuv3QMwMPrLKZjQdhDuAnX-ZuQMux41POnbXt0eNz8oeT496SdinjcHuTegbfpQcQCdGV3-X21KZHcGTK0Dljf6BrwWnay3uII=s1906\" alt=\"\" \/><\/figure>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS\/blob\/main\/fingerprint\/README.md#websockets-fingerprint-tests\"><\/a><strong>Web Sockets Fingerprint Tests<\/strong><\/p>\n\n\n\n<p>In the process of testing different WebSocket servers, differences in implementation were found that helped identify different WebSocket servers. These differences could allow a user to identify a server by sending crafted messages that triggered the servers to respond with their identifying features. Some identifiers were found to be better (or higher signal-to-noise for identification) than others.<\/p>\n\n\n\n<p>For example, the capitalization of HTTP headers in the WebSocket handshake response can be modified by a reverse proxy or other intermediate network element, regardless of the WebSocket implementation&#8217;s source code. Similarly, no major differences were found in server responses when different masking keys were used to send messages to servers. To examine other possible fingerprinting client requests, it can be helpful to examine the format of the WebSocket data frame from RFC6455.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEjY6qvMDtzy_4rWqarGbJ3IsPG1XC8oonBPdBQvVpGq-w616PvDvK_gwUpLlziIaaSz0mB4TGuYkEfO-2v4Z0x6Uy5w13LtSjR8PncoA6ANwPaym-pjfytEI_Hr5tXW-35WEgg-NKjF_snD4Un2E89WfTz9UNIg4uJQDiusJ3_x_uIJWW7hoIq-JiZr=s976\" alt=\"\" \/><\/figure>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS\/blob\/main\/fingerprint\/README.md#basic-usage\"><\/a><strong>Basic Usage<\/strong><\/p>\n\n\n\n<p>First, make sure you have the necessary Python 3 dependencies installed using&nbsp;<code><strong>pip3 install -r requirements.txt<\/strong><\/code>. Then if you run&nbsp;<code><strong>python3 STEWS-fingerprint.py -h<\/strong><\/code>&nbsp;you will be greeted by the following options:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>usage: STEWS-fingerprint.py [-h] [-v] [-d] [-u URL] [-f FILE] [-n] [-k]<br>[-o ORIGIN] [-g] [-a] [-1] [-2] [-3] [-4] [-5]<br>[-6] [-7]<br>Security Testing and Enumeration of WebSockets (STEWS) Fingerprinting Tool<br>optional arguments:<br>-h, &#8211;help show this help message and exit<br>-v, &#8211;verbose Enable verbose tracing of communications<br>-d, &#8211;debug Print each test case to track progress while running<br>-u URL, &#8211;url URL Provide a URL to connect to<br>-f FILE, &#8211;file FILE Provide a file containing URLs to check for valid<br>WebSocket connections<br>-n, &#8211;no-encryption Connect using ws:\/\/, not wss:\/\/ (default is wss:\/\/)<br>-k, &#8211;nocert Ignore invalid SSL cert<br>-o ORIGIN, &#8211;origin ORIGIN<br>Set origin<br>-g, &#8211;generate-fingerprint<br>Generate a fingerprint for a known server<br>-a, &#8211;all-tests Run all tests<br>-1, &#8211;series-100 Run the 100-series (opcode) tests<br>-2, &#8211;series-200 Run the 200-series (rsv bit) tests<br>-3, &#8211;series-300 Run the 300-series (version) tests<br>-4, &#8211;series-400 Run the 400-series (extensions) tests<br>-5, &#8211;series-500 Run the 500-series (subprotocols) tests<br>-6, &#8211;series-600 Run the 600-series (long payloads) tests<br>-7, &#8211;series-700 Run the 700-series (hybi and similar) tests<\/strong><\/p>\n\n\n\n<p>Each series of tests enumerates a specific part of the Web Socket protocol. If you want to see how the tool works, try running a single series of test first, such as the 500 series tests. It is useful to add the debug flag,&nbsp;<code><strong>-d<\/strong><\/code>, to observe the progress as test cases are being run. If you have a server running on local port 8080 and want to test the 500 series of test cases, you might use:<\/p>\n\n\n\n<p><code><strong>python3 STEWS-fingerprint.py -5 -d -n -u 127.0.0.1:8080<\/strong><\/code><\/p>\n\n\n\n<p>If instead you wish to test a public server using TLS and do not want to see the verbose debug info, you might use:<\/p>\n\n\n\n<p><code><strong>python3 STEWS-fingerprint.py -1 -k -u streamer.finance.yahoo.com<\/strong><\/code><\/p>\n\n\n\n<p>Running all test cases with the&nbsp;<code><strong>-a<\/strong><\/code>&nbsp;flag provides the most precise fingerprint matching, but it can also take a lot of time and require sending a lot of data to the endpoint being fingerprinted. The series 600 test cases in particular send very long payloads to the server.<\/p>\n\n\n\n<p>If you have several Web Socket endpoints that you want to fingerprint, you can use the&nbsp;<code><strong>-f<\/strong><\/code>&nbsp;flag to provide a file of Web Socket endpoints for testing.<\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS\/blob\/main\/fingerprint\/README.md#how-it-works\"><\/a><strong>How it works<\/strong><\/p>\n\n\n\n<p>The WebSocket connection process can be split into two main parts:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>HTTP communication (WebSocket handshake with a HTTP 101 response)<\/li><li>WebSocket communication<\/li><\/ul>\n\n\n\n<p>Both portions of the WebSocket connection can allow for fingerprinting.<\/p>\n\n\n\n<p>The HTTP communication contains several fields that may provide information about the supported features on the server, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Sec-WebSocket-Version (series 300)<\/li><li>Sec-WebSocket-Extensions (series 400)<\/li><li>Sec-WebSocket-Protocol (series 500)<\/li><\/ul>\n\n\n\n<p>The WebSocket communication contains several fields that can determine the server-size supported features, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Opcodes (series 100)<\/li><li>Reserved bits (series 200)<\/li><li>Maximum payload length (series 600)<\/li><li>Older WebSocket hybi draft protocol features support (series 700)<\/li><\/ul>\n\n\n\n<p>By sending unexpected or edge case inputs to the WebSocket server, the STEWS fingerprinting tool can receive different responses from the WebSocket server depending on what server is running. For example, compare the server responses to test case 200 between three different WebSocket implementations:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Faye:&nbsp;<code><strong>One or more reserved bits are on: reserved1 = 0, reserved2 = 0, reserved3 = 1<\/strong><\/code><\/li><li>Gorilla:&nbsp;<code><strong>unexpected reserved bits 0x10<\/strong><\/code><\/li><li>Java Spring Boot:&nbsp;<code><strong>The client frame set the reserved bits to<\/strong><\/code><\/li><li>Ratchet:&nbsp;<code><strong>Ratchet detected an invalid reserve code<\/strong><\/code><\/li><\/ul>\n\n\n\n<p>By collecting many such varying responses, the STEWS finger printer can compare any Web Socket server&#8217;s fingerprint against database of known Web Socket servers to attempt to identify it. The current fingerprint database was created using the&nbsp;Web Sockets-Playground repository, which simplifies the process of starting multiple local Web Sockets servers. The current fingerprint matching algorithm is very basic and assigns one or two points to each test case to weight some test case results more heavily than others. The fingerprint in the STEWS finger printer database with the smallest points delta is considered the top candidate for an identification match.<\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS\/blob\/main\/fingerprint\/README.md#adding-new-websocket-server-fingerprints\"><\/a><strong>Adding New Web Socket Server Fingerprints<\/strong><\/p>\n\n\n\n<p>Please submit a pull request (PR) if you have a Web Socket fingerprint to add. The fingerprint definition for a WebSocket server is created in the form of a list. You can generate this list for a known Web Socket server using the&nbsp;<code><strong>-g<\/strong><\/code>&nbsp;or&nbsp;<code><strong>--generate-fingerprint<\/strong><\/code>&nbsp;flag of the STEWS fingerprint tool. Manual edits of the automatically generated fingerprint are recommended based on the test case. For example, the test cases in the &#8220;contain Cases&#8221; array (currently test cases 104-206) use a string find test rather than an exact match to determine the fingerprint delta.<\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS\/blob\/main\/fingerprint\/README.md#false-positives-and-errors\"><\/a><strong>False Positives and Errors<\/strong><\/p>\n\n\n\n<p>If testing a Web Socket server over the internet, additional network elements can interfere with the fingerprinting results. Fingerprinting identifiers from the handshake process, which happens over HTTP, may be modified by a reverse proxy or WAF. It is better to focus on using the Web Socket post-connection fingerprinting identifiers in this situation (see the categorization in the&nbsp;How it works&nbsp;section), especially error messages that are usually unique to specific Web Socket servers.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS#websocket-vulnerability-detection\"><\/a><strong>Web Socket Vulnerability Detection<\/strong><\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>STEWS Vulnerability Detection Tool<\/strong><\/p>\n\n\n\n<p>The STEWS (Security Tool for Enumerating WebSockets) vulnerability detection tool allows users to test whether a WebSockets endpoint is vulnerable to known CVEs or other WebSockets vulnerabilities.<\/p>\n\n\n\n<p>The tool currently supports tests for vulnerabilities including:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>CSWSH (Cross-Site WebSocket Hijacking)<\/li><li>CVE-2020-27813 (Gorilla DoS Integer Overflow)<\/li><li>CVE-2020-7662 &amp; CVE-2020-7663 (faye Sec-WebSocket-Extensions Regex DoS)<\/li><li>CVE-2021-32640 (ws Sec-Websocket-Protocol Regex DoS)<\/li><\/ul>\n\n\n\n<p>A more complete list of CVEs that this tool might support in the future can be found in the&nbsp;Awesome WebSocket Security<a href=\"https:\/\/github.com\/PalindromeLabs\/awesome-websocket-security\"> <\/a>repository.<\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS\/blob\/main\/vuln-detect\/README.md#basic-usage\"><\/a><strong>Basic Usage<\/strong><\/p>\n\n\n\n<p>First, make sure you have the necessary Python 3 dependencies installed using&nbsp;<code><strong>pip3 install -r requirements.txt<\/strong><\/code>. Then if you run&nbsp;<code><strong>python3 STEWS-vuln-detect.py -h<\/strong><\/code>&nbsp;you will be greeted by the following options:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>usage: STEWS-vuln-detect.py [-h] [-v] [-d] [-u URL] [-f FILE] [-n] [-k] [-o ORIGIN] [-1] [-2] [-3] [-4]<br>Security Testing and Enumeration of WebSockets (STEWS) Vulnerability Detection Tool<br>optional arguments:<br>-h, &#8211;help show this help message and exit<br>-v, &#8211;verbose Enable verbose tracing of communications<br>-d, &#8211;debug Print each test case to track progress while running<br>-u URL, &#8211;url URL URL to connect to<br>-f FILE, &#8211;file FILE File containing URLs to check for valid WebSocket connections<br>-n, &#8211;no-encryption Connect using ws:\/\/, not wss:\/\/ (default is wss:\/\/)<br>-k, &#8211;nocert Ignore invalid SSL cert<br>-o ORIGIN, &#8211;origin ORIGIN<br>Set origin<br>-1 Test for generic Cross-site WebSocket Hijacking (CSWSH)<br>-2 Test CVE-2021-32640 &#8211; ws Sec-Websocket-Protocol Regex DoS<br>-3 Test CVE-2020-7662 &amp; 7663 &#8211; faye Sec-WebSocket-Extensions Regex DoS<br>-4 Test CVE-2020-27813 &#8211; Gorilla DoS Integer Overflow<\/strong><\/p>\n\n\n\n<p>Test 1 provides a generic CSWSH test. This can be used in combination with the&nbsp;<code><strong>-o<\/strong><\/code>&nbsp;flag to specify a specific origin to attempt to bypass any server-side checks.<\/p>\n\n\n\n<p>Tests 2, 3, and 4 check for specific CVEs. The test cases for these were created based on the PoC code published as part of the discovery of these CVEs. For example, to run test 4 on a local server on port 8084, you can run:&nbsp;<code><strong>python3 STEWS-vuln-detect.py -4 -n -u 127.0.0.1:8084<\/strong><\/code><\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/PalindromeLabs\/STEWS#why-this-tool\"><\/a><strong>Why this tool?<\/strong><\/p>\n\n\n\n<p>WebSocket servers have been largely ignored in security circles. This is partially due to three hurdles that have not been clearly addressed for WebSocket endpoints:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Discovery<\/li><li>Enumeration\/fingerprinting<\/li><li>Vulnerability detecting<\/li><\/ul>\n\n\n\n<p>STEWS attempts to address these three points. A custom tool was required because there is a distinct lack of support for manually configured WebSocket testing in current security testing tools:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>There is a general lack of supported and scriptable Web Socket security testing tools (for example, NCC&#8217;s unsupported&nbsp;wssip tool,&nbsp;nuclei&#8217;s lack of Web Socket support, and&nbsp;nmap&#8217;s lack of Web Socket support)<\/li><li>Burp Suite lacks support for Web Socket extensions (for example, see&nbsp;this Port Swigger forum thread&nbsp;and&nbsp;this one).<\/li><li>There is a lack of deeper Web Socket-specific security research (the&nbsp;Awesome Web Socket Security repository&nbsp;lists published Web Sockets security research)<\/li><li>The proliferation of Web Sockets around the modern web (as seen in the results of the STEWS discovery tool)<\/li><\/ul>\n\n\n\n<div class=\"wp-block-buttons is-horizontal is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-499968f5 wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/PalindromeLabs\/STEWS\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>STEWS is a tool suite for security testing of Web Sockets This research was first presented at&nbsp;OWASP Global AppSec US 2021 Features STEWS provides the ability to: Discover: find WebSockets endpoints on the web by testing a list of domains Fingerprint: determine what WebSockets server is running on the endpoint Vulnerability Detection: test whether the [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":21557,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[4641,3028,4640],"class_list":["post-21530","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-enumerating-web-sockets","tag-security-tool","tag-stews"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>STEWS : A Security Tool For Enumerating Web Sockets<\/title>\n<meta name=\"description\" content=\"STEWS is a tool suite for security testing of Web Sockets. This research was first presented at\u00a0OWASP Global AppSec US 2021.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/stews\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"STEWS : A Security Tool For Enumerating Web Sockets\" \/>\n<meta property=\"og:description\" content=\"STEWS is a tool suite for security testing of Web Sockets. This research was first presented at\u00a0OWASP Global AppSec US 2021.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/stews\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-01T12:07:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-01T12:07:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/stews\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/stews\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"STEWS : A Security Tool For Enumerating Web Sockets\",\"datePublished\":\"2022-02-01T12:07:53+00:00\",\"dateModified\":\"2022-02-01T12:07:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/stews\/\"},\"wordCount\":2600,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/stews\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728\",\"keywords\":[\"Enumerating Web Sockets\",\"Security Tool\",\"STEWS\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/stews\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/stews\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/stews\/\",\"name\":\"STEWS : A Security Tool For Enumerating Web Sockets\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/stews\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/stews\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728\",\"datePublished\":\"2022-02-01T12:07:53+00:00\",\"dateModified\":\"2022-02-01T12:07:56+00:00\",\"description\":\"STEWS is a tool suite for security testing of Web Sockets. This research was first presented at\u00a0OWASP Global AppSec US 2021.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/stews\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/stews\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728\",\"width\":\"728\",\"height\":\"380\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"STEWS : A Security Tool For Enumerating Web Sockets","description":"STEWS is a tool suite for security testing of Web Sockets. This research was first presented at\u00a0OWASP Global AppSec US 2021.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/stews\/","og_locale":"en_US","og_type":"article","og_title":"STEWS : A Security Tool For Enumerating Web Sockets","og_description":"STEWS is a tool suite for security testing of Web Sockets. This research was first presented at\u00a0OWASP Global AppSec US 2021.","og_url":"https:\/\/kalilinuxtutorials.com\/stews\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2022-02-01T12:07:53+00:00","article_modified_time":"2022-02-01T12:07:56+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/stews\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/stews\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"STEWS : A Security Tool For Enumerating Web Sockets","datePublished":"2022-02-01T12:07:53+00:00","dateModified":"2022-02-01T12:07:56+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/stews\/"},"wordCount":2600,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/stews\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728","keywords":["Enumerating Web Sockets","Security Tool","STEWS"],"articleSection":["Kali Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/stews\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/stews\/","url":"https:\/\/kalilinuxtutorials.com\/stews\/","name":"STEWS : A Security Tool For Enumerating Web Sockets","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/stews\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/stews\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728","datePublished":"2022-02-01T12:07:53+00:00","dateModified":"2022-02-01T12:07:56+00:00","description":"STEWS is a tool suite for security testing of Web Sockets. This research was first presented at\u00a0OWASP Global AppSec US 2021.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/stews\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/stews\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728","width":"728","height":"380"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiYTNvCMMNPzUMzT4m0pdTM-FkC3LWEH-0uxSlQ1Ol7WO2yCC8y9fdxWoO5Iu2lQKqaIK8qCiEwDMmOFnlu3r2ZaDVl5sU5U2Sek6QFIBVfyeKtfim_1U-JDnPzSx2QAP3HEiSvNvx2KIuhoV-KsSN9vWBEzv9ZKnPEyR19VrrG5kiFDshSfiTAwH04=s728","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":14003,"url":"https:\/\/kalilinuxtutorials.com\/xerror-an-automated-penetration-tool\/","url_meta":{"origin":21530,"position":0},"title":"Xerror : An Automated Penetration Tool","author":"R K","date":"June 30, 2021","format":false,"excerpt":"Xerror is an automated penetration tool , which will help security professionals and non professionals to automate their pen testing tasks. Xerror will perform all tests and, at the end generate two reports for executives and analysts. Xerror provides GUI easy to use menu driven options.Internally it supports openVas for\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28031,"url":"https:\/\/kalilinuxtutorials.com\/xerror\/","url_meta":{"origin":21530,"position":1},"title":"Xerror &#8211; An Automated Penetration Testing Tool With GUI","author":"Febi","date":"January 17, 2023","format":false,"excerpt":"Xerror is an automated pentesting tool, which helps security professionals and nonprofessionals to automate their pentesting tasks. It will perform all tests and, at the end generate two reports for executives and analysts. Xerror provides GUI easy to use menu driven options. Internally it supports openVas for vulnerability scanning, Metasploit\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"xerror","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhx9a9MT9hC3DGAn0sRdsmwq_OwsWRkVy2hEnwMcz8lFINlQdXSf8WXbkwOT_72cpcj6BJBLeIeGrOB1cSDG5zkHBLY5qPBnrYmYOFCIXidA0W0NIh9TIhyoJTJoPvcAFCbRiqp83uPaRe8NMdUogVrlHaEZWUVagITJTx6xfYxC1glM3KKkU3nl3oE\/s16000\/xeror.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhx9a9MT9hC3DGAn0sRdsmwq_OwsWRkVy2hEnwMcz8lFINlQdXSf8WXbkwOT_72cpcj6BJBLeIeGrOB1cSDG5zkHBLY5qPBnrYmYOFCIXidA0W0NIh9TIhyoJTJoPvcAFCbRiqp83uPaRe8NMdUogVrlHaEZWUVagITJTx6xfYxC1glM3KKkU3nl3oE\/s16000\/xeror.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhx9a9MT9hC3DGAn0sRdsmwq_OwsWRkVy2hEnwMcz8lFINlQdXSf8WXbkwOT_72cpcj6BJBLeIeGrOB1cSDG5zkHBLY5qPBnrYmYOFCIXidA0W0NIh9TIhyoJTJoPvcAFCbRiqp83uPaRe8NMdUogVrlHaEZWUVagITJTx6xfYxC1glM3KKkU3nl3oE\/s16000\/xeror.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhx9a9MT9hC3DGAn0sRdsmwq_OwsWRkVy2hEnwMcz8lFINlQdXSf8WXbkwOT_72cpcj6BJBLeIeGrOB1cSDG5zkHBLY5qPBnrYmYOFCIXidA0W0NIh9TIhyoJTJoPvcAFCbRiqp83uPaRe8NMdUogVrlHaEZWUVagITJTx6xfYxC1glM3KKkU3nl3oE\/s16000\/xeror.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":30608,"url":"https:\/\/kalilinuxtutorials.com\/awesome-command-and-control\/","url_meta":{"origin":21530,"position":2},"title":"Awesome Command And Control","author":"Varshini","date":"October 4, 2023","format":false,"excerpt":"A collection of awesome Command & Control (C2) frameworks, tools and resources for post-exploitation and red teaming assessments. If you'd like to\u00a0contribute\u00a0to this list, simply open a PR with your additions. Maintained by\u00a0@tcostam. If you have contributions but can't pull request, give me a shout at twitter. Table Of Contents\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhc8vcyb8ZLSimS20xiQLPU-c5s6BGpapTb2JjRZItKLqcyKzkOujWOraWQz91OYA4luq2tciF14CKi1kVByxILh-uHYEnwAPXLeJLzA20qxvdIwAKaVqTP3QWwDkOz9rRcbIYVSWh8-7nELAGXpqDgIUm77Bs7SCQl_9Lx5qD1MfpIq-p485Lecx5_aj3B\/s16000\/Untitled%20design%20%2814%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhc8vcyb8ZLSimS20xiQLPU-c5s6BGpapTb2JjRZItKLqcyKzkOujWOraWQz91OYA4luq2tciF14CKi1kVByxILh-uHYEnwAPXLeJLzA20qxvdIwAKaVqTP3QWwDkOz9rRcbIYVSWh8-7nELAGXpqDgIUm77Bs7SCQl_9Lx5qD1MfpIq-p485Lecx5_aj3B\/s16000\/Untitled%20design%20%2814%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhc8vcyb8ZLSimS20xiQLPU-c5s6BGpapTb2JjRZItKLqcyKzkOujWOraWQz91OYA4luq2tciF14CKi1kVByxILh-uHYEnwAPXLeJLzA20qxvdIwAKaVqTP3QWwDkOz9rRcbIYVSWh8-7nELAGXpqDgIUm77Bs7SCQl_9Lx5qD1MfpIq-p485Lecx5_aj3B\/s16000\/Untitled%20design%20%2814%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhc8vcyb8ZLSimS20xiQLPU-c5s6BGpapTb2JjRZItKLqcyKzkOujWOraWQz91OYA4luq2tciF14CKi1kVByxILh-uHYEnwAPXLeJLzA20qxvdIwAKaVqTP3QWwDkOz9rRcbIYVSWh8-7nELAGXpqDgIUm77Bs7SCQl_9Lx5qD1MfpIq-p485Lecx5_aj3B\/s16000\/Untitled%20design%20%2814%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhc8vcyb8ZLSimS20xiQLPU-c5s6BGpapTb2JjRZItKLqcyKzkOujWOraWQz91OYA4luq2tciF14CKi1kVByxILh-uHYEnwAPXLeJLzA20qxvdIwAKaVqTP3QWwDkOz9rRcbIYVSWh8-7nELAGXpqDgIUm77Bs7SCQl_9Lx5qD1MfpIq-p485Lecx5_aj3B\/s16000\/Untitled%20design%20%2814%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhc8vcyb8ZLSimS20xiQLPU-c5s6BGpapTb2JjRZItKLqcyKzkOujWOraWQz91OYA4luq2tciF14CKi1kVByxILh-uHYEnwAPXLeJLzA20qxvdIwAKaVqTP3QWwDkOz9rRcbIYVSWh8-7nELAGXpqDgIUm77Bs7SCQl_9Lx5qD1MfpIq-p485Lecx5_aj3B\/s16000\/Untitled%20design%20%2814%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":34002,"url":"https:\/\/kalilinuxtutorials.com\/clay\/","url_meta":{"origin":21530,"position":3},"title":"CLay &#8211; Enhancing Web Security hrough Deceptive Reverse Proxies","author":"Varshini","date":"July 26, 2024","format":false,"excerpt":"CLay offers a unique and powerful feature that goes beyond traditional security measures. CLay takes deception to a new level by mimicking the appearance of a website with information from a different framework. The primary objective is to mislead and deceive potential attackers, leading them to gather false information about\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg5_oZGx9SHR06lJAwReiot8Gvl1iLT_0VH2w7PPqQP1fgUD1cfyIrU-ILjioUlQtZvTPUuZR-zEjqh6oRjryd57VjH4qrB-VaTOUHiLFtlni44iSsoen6I8cnvgSis9biTpCqCRLqA_rq7OYYNBTleucsTR_ZNLqvekk90ufITKeX3D7N-TO8LOJkjCsWd\/s16000\/CLay%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg5_oZGx9SHR06lJAwReiot8Gvl1iLT_0VH2w7PPqQP1fgUD1cfyIrU-ILjioUlQtZvTPUuZR-zEjqh6oRjryd57VjH4qrB-VaTOUHiLFtlni44iSsoen6I8cnvgSis9biTpCqCRLqA_rq7OYYNBTleucsTR_ZNLqvekk90ufITKeX3D7N-TO8LOJkjCsWd\/s16000\/CLay%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg5_oZGx9SHR06lJAwReiot8Gvl1iLT_0VH2w7PPqQP1fgUD1cfyIrU-ILjioUlQtZvTPUuZR-zEjqh6oRjryd57VjH4qrB-VaTOUHiLFtlni44iSsoen6I8cnvgSis9biTpCqCRLqA_rq7OYYNBTleucsTR_ZNLqvekk90ufITKeX3D7N-TO8LOJkjCsWd\/s16000\/CLay%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg5_oZGx9SHR06lJAwReiot8Gvl1iLT_0VH2w7PPqQP1fgUD1cfyIrU-ILjioUlQtZvTPUuZR-zEjqh6oRjryd57VjH4qrB-VaTOUHiLFtlni44iSsoen6I8cnvgSis9biTpCqCRLqA_rq7OYYNBTleucsTR_ZNLqvekk90ufITKeX3D7N-TO8LOJkjCsWd\/s16000\/CLay%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg5_oZGx9SHR06lJAwReiot8Gvl1iLT_0VH2w7PPqQP1fgUD1cfyIrU-ILjioUlQtZvTPUuZR-zEjqh6oRjryd57VjH4qrB-VaTOUHiLFtlni44iSsoen6I8cnvgSis9biTpCqCRLqA_rq7OYYNBTleucsTR_ZNLqvekk90ufITKeX3D7N-TO8LOJkjCsWd\/s16000\/CLay%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg5_oZGx9SHR06lJAwReiot8Gvl1iLT_0VH2w7PPqQP1fgUD1cfyIrU-ILjioUlQtZvTPUuZR-zEjqh6oRjryd57VjH4qrB-VaTOUHiLFtlni44iSsoen6I8cnvgSis9biTpCqCRLqA_rq7OYYNBTleucsTR_ZNLqvekk90ufITKeX3D7N-TO8LOJkjCsWd\/s16000\/CLay%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":3638,"url":"https:\/\/kalilinuxtutorials.com\/htcap-crawl-single-page-application\/","url_meta":{"origin":21530,"position":4},"title":"Htcap-Web Application Scanner Able To Crawl Single Page Application","author":"R K","date":"January 24, 2019","format":false,"excerpt":"Htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it's focused on the crawling process and it's aimed to detect and intercept ajax\/fetch calls, websockets, jsonp ecc.\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2188,"url":"https:\/\/kalilinuxtutorials.com\/apfell-macos-framework\/","url_meta":{"origin":21530,"position":5},"title":"Apfell &#8211; A MacOS, Post-Exploit, Red Teaming Framework","author":"R K","date":"August 8, 2018","format":false,"excerpt":"Apfell is a macOS, post-exploit, red teaming framework built with python3 and JavaScript. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout mac and linux based red teaming. This is a work-in-progress as I have free time, so please bear with me. Also\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/08\/Apfell1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/08\/Apfell1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/08\/Apfell1.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/21530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=21530"}],"version-history":[{"count":9,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/21530\/revisions"}],"predecessor-version":[{"id":21697,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/21530\/revisions\/21697"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/21557"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=21530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=21530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=21530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}