Sitadel – Web Application Security Scanner

Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and implement new features :

  • Frontend framework detection
  • Content Delivery Network detection
  • Define Risk Level to allow for scans
  • Plugin system
  • Docker image available to build and run

Also Read : WPintel – Chrome Extension Designed For WordPress Vulnerability Scanning & Information Gathering

Sitadel Installation

$ git clone https://github.com/shenril/Sitadel.git
$ cd Sitadel
$ pip install .
$ python sitadel.py –help

Features

  • Fingerprints
    • Server
    • Web Frameworks (CakePHP,CherryPy,…)
    • Frontend Frameworks (AngularJS,MeteorJS,VueJS,…)
    • Web Application Firewall (Waf)
    • Content Management System (CMS)
    • Operating System (Linux,Unix,..)
    • Language (PHP,Ruby,…)
    • Cookie Security
    • Content Delivery Networks (CDN)
  • Attacks:
    • Bruteforce
      • Admin Interface
      • Common Backdoors
      • Common Backup Directory
      • Common Backup File
      • Common Directory
      • Common File
      • Log File
    • Injection
      • HTML Injection
      • SQL Injection
      • LDAP Injection
      • XPath Injection
      • Cross Site Scripting (XSS)
      • Remote File Inclusion (RFI)
      • PHP Code Injection
    • Other
      • HTTP Allow Methods
      • HTML Object
      • Multiple Index
      • Robots Paths
      • Web Dav
      • Cross Site Tracing (XST)
      • PHPINFO
      • .Listing
    • Vulnerabilities
      • ShellShock
      • Anonymous Cipher (CVE-2007-1858)
      • Crime (SPDY) (CVE-2012-4929)
      • Struts-Shock

Example

Simple run

python sitadel http://website.com

Run with risk level at DANGEROUS and do not follow redirections

python sitadel http://website.com -r 2 –no-redirect

Run specifics modules only and full verbosity

python sitadel http://website.com -a admin backdoor -f header server -vvv

Run With Docker

docker build -t sitadel
docker run sitadel http://example.com

Download


R K

Share
Published by
R K
Tags: Security ScannerSitadelweb application
7 years ago

Recent Posts

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

1 hour ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

1 day ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

2 days ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

2 days ago

What is SIEM? Complete Guide to Security Information and Event Management

Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…

2 days ago

Website OSINT: Tools and Techniques for Reconnaissance

Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…

3 days ago