PalindromeLabs/STEWS PalindromeLabs/STEWS

  • Stars
    star
    312
  • Rank 134,133 (Top 3 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created about 3 years ago
  • Updated almost 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
PalindromeLabs/STEWS
github

PalindromeLabs

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Security Tool for Enumerating WebSockets

STEWS: Security Testing and Enumeration of WebSockets

STEWS cauldron image

STEWS is a tool suite for security testing of WebSockets

This research was first presented at OWASP Global AppSec US 2021

Features

STEWS provides the ability to:

  • Discover: find WebSockets endpoints on the web by testing a list of domains
  • Fingerprint: determine what WebSockets server is running on the endpoint
  • Vulnerability Detection: test whether the WebSockets server is vulnerable to a known WebSockets vulnerability

The included whitepaper in this repository provides further details of the research undertaken. The included slide deck was presented at OWASP AppSec US 2021.

Complementary respositories created as part of this research include:

Installation & Usage

Each portion of STEWS (discovery, fingerprinting, vulnerability detection) has separate instructions. Please see the README in each respective folder.

WebSocket Discovery

See the discovery README

WebSocket Fingerprinting

See the fingerprinting README

WebSocket Vulnerability Detection

See the vulnerability detection README

Why this tool?

WebSocket servers have been largely ignored in security circles. This is partially due to three hurdles that have not been clearly addressed for WebSocket endpoints:

  1. Discovery
  2. Enumeration/fingerprinting
  3. Vulnerability detecting

STEWS attempts to address these three points. A custom tool was required because there is a distinct lack of support for manually configured WebSocket testing in current security testing tools:

  1. There is a general lack of supported and scriptable WebSocket security testing tools (for example, NCC's unsupported wssip tool, nuclei's lack of WebSocket support, and nmap's lack of WebSocket support)
  2. Burp Suite lacks support for WebSocket extensions (for example, see this PortSwigger forum thread and this one).
  3. There is a lack of deeper WebSocket-specific security research (the Awesome WebSocket Security repository lists published WebSockets security research)
  4. The proliferation of WebSockets around the modern web (as seen in the results of the STEWS discovery tool)

More Repositories

1

awesome-websocket-security

Awesome information for WebSockets security research
239
star
2

Java-Deserialization-CVEs

Compiled dataset of Java deserialization CVEs
60
star
3

WebSockets-Playground

Jumpstart multiple WebSocket servers quickly
HTML
25
star
4

Common-Bash-Patterns

A helpful reference of common bash script features and functions
2
star