Skip to content

Releases: regaan/wshawk

WSHawk v4.0.1

28 Mar 18:00
@github-actions github-actions
v4.0.1
44aed0d

Choose a tag to compare

View all tags
WSHawk v4.0.1 Latest
Latest

WSHawk v4.0.1

WSHawk v4.0.1 is a bug-fix release focused on desktop workflow clarity and web testing reliability.

Fixes

  • Fixed web crawler event binding so crawl results no longer disappear on late bridge connection
  • Surfaced crawler transport errors instead of failing silently
  • Normalized bare host and IP targets in web tooling
  • Suppressed SPA soft-404 noise in Dir Scanner
  • Grouped near-identical variant hits such as /api, /api.php, /api.js, and similar paths
  • Corrected Dir Scanner rendering and grouped-result summaries
  • Clarified WS Forge vs HTTP Forge labels in the desktop UI

Notes

  • No breaking changes
  • Existing projects remain compatible
  • This release is focused on bug fixes and workflow quality improvements
Assets 2
Loading

WSHawk v4.0.0

27 Mar 20:52
@github-actions github-actions
v4.0.0
679c922

Choose a tag to compare

View all tags
WSHawk v4.0.0

WSHawk v4.0.0

WSHawk v4 introduces a major architectural shift from a standalone WebSocket scanner to a project-backed offensive security platform designed for modern web and realtime application testing.

Key Highlights

Project-Based Workflow

  • Unified project model for WebSocket and HTTP testing
  • Centralized storage of identities, traffic, findings, and evidence
  • Structured workflows for replay, comparison, and validation

Replay, Authorization Diffing, and Race Testing

  • Identity-aware replay across sessions
  • Cross-role and cross-tenant behavior comparison
  • Stateful race condition testing for critical actions

Desktop Application

  • Electron and Python hybrid architecture
  • WebSocket interceptor with frame-level control
  • Payload Blaster for high-throughput testing
  • Endpoint mapping and authentication workflow tools

Web Penetration Testing Toolkit

  • Crawler, fuzzer, and directory scanner
  • SSRF, CORS, redirect, and prototype pollution testing
  • TLS, headers, and sensitive data analysis

Evidence and Reporting

  • Project-backed evidence timeline
  • Tamper-evident export bundles
  • Export formats: HTML, JSON, Markdown, PDF, CSV, SARIF

Validation Labs

  • Full-stack realtime SaaS testing scenarios
  • Socket.IO workflow validation
  • GraphQL subscription testing

Smart Payload Engine

  • Context-aware payload generation
  • Adaptive mutation based on target responses

Browser-Assisted Testing

  • Playwright integration for XSS validation
  • Browser companion for handshake and session capture

Breaking Changes

  • The CLI is now a compatibility layer for legacy workflows
  • Core functionality is centered around the project-backed platform and desktop interface

Downloads

Platform File
Windows .exe
macOS .dmg
Linux (Universal) .AppImage
Arch Linux .pacman
Ubuntu/Debian .deb

Installation

pip install wshawk==v4.0.0

Full Changelog

v3.0.5...v4.0.0

WSHawk is intended for authorized security testing, research, and education. Ensure proper authorization before use.

Loading

WSHawk v3.0.6

23 Mar 19:01
@github-actions github-actions
v3.0.6
cb78a5f

Choose a tag to compare

View all tags
WSHawk v3.0.6

WSHawk v3.0.6

Enterprise-grade WebSocket security scanner with web penetration testing toolkit.

Downloads

Platform File
Windows .exe (NSIS installer)
macOS .dmg (Apple Disk Image)
Linux (Universal) .AppImage
Arch Linux .pacman
Ubuntu/Debian .deb

Install via pip

pip install wshawk==v3.0.6

Full Changelog: v3.0.5...v3.0.6

Loading

WSHawk v3.0.5

23 Mar 11:34
@regaan regaan
v3.0.5
424ebe7

Choose a tag to compare

View all tags
WSHawk v3.0.5

WSHawk v3.0.5

Enterprise-grade WebSocket security scanner with web penetration testing toolkit.

Downloads

Platform File
Windows .exe (NSIS installer)
macOS .dmg (Apple Disk Image)
Linux (Universal) .AppImage
Arch Linux .pacman
Ubuntu/Debian .deb

Install via pip

pip install wshawk==3.0.1

Full Changelog: v3.0.0...v3.0.5

Loading

WSHawk v3.0.4

05 Mar 10:28
@regaan regaan
v3.0.4
443018f

Choose a tag to compare

View all tags
WSHawk v3.0.4

WSHawk v3.0.4

Enterprise-grade WebSocket security scanner with web penetration testing toolkit.

Downloads

Platform File
Windows .exe (NSIS installer)
macOS .dmg (Apple Disk Image)
Linux (Universal) .AppImage
Arch Linux .pacman
Ubuntu/Debian .deb

Install via pip

pip install wshawk==3.0.1

Full Changelog: v3.0.0...v3.0.4

Loading

WSHawk v3.0.3

01 Mar 18:44
@regaan regaan
v3.0.3
64cd4b2

Choose a tag to compare

View all tags
WSHawk v3.0.3

WSHawk v3.0.3

Enterprise-grade WebSocket security scanner with web penetration testing toolkit.

Downloads

Platform File
Windows .exe (NSIS installer)
macOS .dmg (Apple Disk Image)
Linux (Universal) .AppImage
Arch Linux .pacman
Ubuntu/Debian .deb

Install via pip

pip install wshawk==3.0.1

Full Changelog: v3.0.0...v3.0.3

Loading

WSHawk v3.0.2

28 Feb 14:18
@regaan regaan
v3.0.2
961a42c

Choose a tag to compare

View all tags
WSHawk v3.0.2

WSHawk v3.0.2

Enterprise-grade WebSocket security scanner with web penetration testing toolkit.

Downloads

Platform File
Windows .exe (NSIS installer)
macOS .dmg (Apple Disk Image)
Linux (Universal) .AppImage
Arch Linux .pacman
Ubuntu/Debian .deb

Install via pip

pip install wshawk==3.0.1

Full Changelog: v3.0.0...v3.0.2

Loading

WSHawk v3.0.1

24 Feb 04:46
@regaan regaan
v3.0.1
1f83341

Choose a tag to compare

View all tags
WSHawk v3.0.1

WSHawk v3.0.1

Enterprise-grade WebSocket security scanner with web penetration testing toolkit.

Downloads

Platform File
Windows .exe (NSIS installer)
macOS .dmg (Apple Disk Image)
Linux (Universal) .AppImage
Arch Linux .pacman
Ubuntu/Debian .deb

Install via pip

pip install wshawk==3.0.1

Full Changelog: v3.0.0...v3.0.1

Loading

🦅 v3.0.0: The Enterprise Evolution

18 Feb 14:33
@regaan regaan
v3.0.0
44113e9

Choose a tag to compare

View all tags
🦅 v3.0.0: The Enterprise Evolution

WSHawk v3.0.0 - Enterprise Release Summary

WSHawk v3.0.0 represents a major architectural leap, transforming from a high-performance scanner into a production-grade, enterprise-ready WebSocket security ecosystem. This release focuses on Resilience, Persistence, and Automation.

🚀 Key Feature Pillar: Enterprise Infrastructure

🛡️ Production-Grade Resilience Layer

The core communication engine has been rewritten to handle unstable targets and rate-limited environments.

  • ResilientSession: Custom wrapper for all HTTP, WebSocket, and API calls.
  • Exponential Backoff: Automatic retry logic with jitter to handle 429 Too Many Requests elegantly.
  • Circuit Breakers: Prevents "cascading failures" when integrated with external platforms like Jira or DefectDojo. If a service is down, WSHawk fails gracefully instead of hanging.

💾 Persistent Web Management Portal

WSHawk now includes a fully functional, SQLite-backed management dashboard.

  • Scan History: All scans, vulnerabilities, and traffic logs are persisted to ~/.wshawk/scans.db.
  • Authenticated Login: Secure dashboard access protected by SHA-256 password hashing.
  • REST API: A full JSON API for programmatic control of the scanner (/api/scans, /api/stats, etc.).

🧠 Key Feature Pillar: Cognitive Security

🧬 Smart Payload Evolution (New Phase)

The scanning engine is no longer static; it now adapts to the target server's response patterns.

  • Adaptive Feedback Loop: Real-time classification of server responses to prioritize promising attack vectors.
  • Genetic Mutation Phase: A new post-scan process that evolves novel payloads by mutating successful bypasses found during the initial heuristic scan.

📡 SOC & CI/CD Integrations

WSHawk v3.0.0 is built to live inside a modern security operations center.

  • Jira Integration: Automated ticket creation with full reproduction steps and CVSS severity.
  • DefectDojo Integration: Direct push of findings to the open-source vulnerability management platform.
  • Rich Webhooks: Structured notifications for Slack, Discord, and Microsoft Teams.

🛠️ Technical Improvements & Bug Fixes

📦 Refactored Distribution (The "Fix")

  • MANIFEST.in System: Comprehensive asset management ensure that HTML templates, CSS, and payloads are correctly bundled during pip install.
  • TemplateNotFound Fix: Resolved the critical issue where the Web GUI could not find its layouts when installed as a package.

💻 Modern CLI Interface

  • Argparse Refactor: Unified command-line interface with full support for flags:
    • wshawk --web: Launches the Management Dashboard.
    • wshawk --version: Displays the official v3.0.0 build info.
    • wshawk --port <port>: Custom port binding for the web server.
  • Async Safety: Implemented thread-safe event loop management to prevent "RuntimeError: Event loop already running" when calling multiple entry points.

📊 Reporting & Outputs

  • SARIF Support: Standardized Static Analysis Results Interchange Format for GitHub Security tab integration.
  • JSON/CSV/HTML: Multi-format exports for both human reading and machine processing.
  • CVSS v3.1 Integration: Every finding includes a calculated vector and score for risk prioritization.

Built by Regaan (@noobforanonymous)

Contributors

regaan
Loading

🦅 v2.0.8: CLI Hotfix & Dashbord Stability

18 Feb 14:24
@regaan regaan
v2.0.8
567b0a8

Choose a tag to compare

View all tags
🦅 v2.0.8: CLI Hotfix & Dashbord Stability

🛠️ v2.0.8 Hotfix

This is a critical patch for the v2.0.x series that fixes the command-line interface and dashboard launch sequence.

Fixed

  • CLI Argparse Refactor: Fixed a bug where --web and --version flags were being misinterpreted as target URLs.
  • Async Event Loop Fix: Resolved 'RuntimeError: This event loop is already running' when launching the scanner from the wshawk entry point.
  • Improved Dashboard Connectivity: Fixed issue with default port binding for the management dashboard.

Installation:

pip install wshawk --upgrade

Loading