New Scan - WSHawk

🔍 Launch New Scan

{% if error %}

{% endif %}

Target WebSocket URL Must start with ws:// or wss://

Max Requests/sec

Features

OAST (Out-of-Band) Testing Playwright XSS Verification

Cancel

Rate limiting: Start with 5-10 req/s to avoid triggering WAFs
OAST: Enables blind vulnerability detection via out-of-band callbacks
Playwright: Verifies XSS in a real browser — requires playwright install chromium
Authentication: For authenticated endpoints, use the CLI with --headers