Interactive shell in order to probe/analyze a WebSocket endpoint.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Build Status Requirements Status Dependency Status

WS Probing Shell

Interactive shell in order to probe/analyze a WebSocket endpoint.

The project is under developmement and the creation of a pip module is planned in order to facilitate the installation/update.


This shell was developed because I didn't find a tool or a extension in Burp/OWASP Zap allowing me to deeply inspect and probe a WebSocket endpoint in the same way that I can do it for example for a web endpoint like a REST web service.

Python version requirement

Python >= 3.5


Use the following command to install the dependencies packages:

pip install -r requirements.txt

How to use it?

Run the script:


Type the following command to obtains the list of available commands and help about them:

.:Welcome to the WebSocket probing shell:.

Type help or ? to list commands.

(Cmd) help

Documented commands (type help <topic>):
analyze     help                                 quit    show
connect     probe_connection_channels_supported  replay
disconnect  probe_request_connection_limit       scan
fuzz        probe_request_length_limit           search

(Cmd) help replay

        Replay a specified message a specified number of times

        replay -m [path_to_message_file] -n [repetition_count]

        replay -m /tmp/message.txt -n 20

        path_to_message_file: Path to the file (text format) containing the message to replay, 
                              no space in path.
        repetition_count: Number of time that the message must be send


Commands flow

Use of the shell is always something like this:

  1. connect command using the targeted endpoint (WS://xxx or WSS://xxx) identified for example with Burp or ZAP.
  2. Action command (1 or N times) like:
    • replay,
    • fuzz,
    • probe_request_connection_limit,
    • probe_request_length_limit,
    • probe_connection_channels_supported,
    • scan,
    • ...
  3. Analysis command (1 or N times) like:
    • analyze,
    • search,
    • show,
    • ...
  4. Finalization command like:
    • disconnect command if you want to target another endpoint,
    • quit command if you want to exit the shell.