Skip to content

PalindromeLabs/STEWS

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 1 tag
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github/workflows
Fix flake8 lint errors, add linting to CI
November 21, 2021 21:07
discovery
Fix other links from GitHub Action check
November 11, 2021 14:29
fingerprint
Minor cosmetic improvements, mostly in READMEs
November 23, 2021 09:06
vuln-detect
Minor cosmetic improvements, mostly in READMEs
November 23, 2021 09:06
LICENSE
Initial commit
November 10, 2021 19:13
README.md
Add presentation video link
January 10, 2022 16:58
WebSockets_AppSec_US_2021_Presentation.pdf
Fix ppt slide 17 SOP not CORS
December 16, 2021 21:25
mlc_config.json
Add GitHub Action link check
November 11, 2021 14:14
paper.pdf
First commit to public repo
November 10, 2021 20:12
stews-image.jpg
First commit to public repo
November 10, 2021 20:12
STEWS: Security Testing and Enumeration of WebSockets Features Installation & Usage WebSocket Discovery WebSocket Fingerprinting WebSocket Vulnerability Detection Why this tool?

README.md

STEWS: Security Testing and Enumeration of WebSockets

STEWS cauldron image

STEWS is a tool suite for security testing of WebSockets

This research was first presented at OWASP Global AppSec US 2021

Features

STEWS provides the ability to:

  • Discover: find WebSockets endpoints on the web by testing a list of domains
  • Fingerprint: determine what WebSockets server is running on the endpoint
  • Vulnerability Detection: test whether the WebSockets server is vulnerable to a known WebSockets vulnerability

The included whitepaper in this repository provides further details of the research undertaken. The included slide deck was presented at OWASP AppSec US 2021.

Complementary respositories created as part of this research include:

Installation & Usage

Each portion of STEWS (discovery, fingerprinting, vulnerability detection) has separate instructions. Please see the README in each respective folder.

WebSocket Discovery

See the discovery README

WebSocket Fingerprinting

See the fingerprinting README

WebSocket Vulnerability Detection

See the vulnerability detection README

Why this tool?

WebSocket servers have been largely ignored in security circles. This is partially due to three hurdles that have not been clearly addressed for WebSocket endpoints:

  1. Discovery
  2. Enumeration/fingerprinting
  3. Vulnerability detecting

STEWS attempts to address these three points. A custom tool was required because there is a distinct lack of support for manually configured WebSocket testing in current security testing tools:

  1. There is a general lack of supported and scriptable WebSocket security testing tools (for example, NCC's unsupported wssip tool, nuclei's lack of WebSocket support, and nmap's lack of WebSocket support)
  2. Burp Suite lacks support for WebSocket extensions (for example, see this PortSwigger forum thread and this one).
  3. There is a lack of deeper WebSocket-specific security research (the Awesome WebSocket Security repository lists published WebSockets security research)
  4. The proliferation of WebSockets around the modern web (as seen in the results of the STEWS discovery tool)

About

A Security Tool for Enumerating WebSockets

Topics

security websocket websockets penetration-testing web-application-security penetration-testing-tools websockets-security websocket-security

Resources

Readme

License

Apache-2.0 license
Activity

Stars

260 stars

Watchers

7 watching

Forks

37 forks
Report repository

Releases 1

1.0.0 Latest
Nov 22, 2021

Languages