Sitadel – Web Application Security Scanner

Sitadel Web Application Security Scanner is basically an update for WAScan making it compatible for python it allows more flexibility for you to write new modules and implement new features :

1. Frontend framework detection
2. Content Delivery Network detection
3. Define Risk Level to allow for scans
4. Plugin system
5. Docker image available to build and run

Features

• Fingerprints
  • Server
  • Web Frameworks (CakePHP,CherryPy,…)
  • Frontend Frameworks (AngularJS,MeteorJS,VueJS,…)
  • Web Application Firewall (Waf)
  • Content Management System (CMS)
  • Operating System (Linux,Unix,..)
  • Language (PHP,Ruby,…)
  • Cookie Security
  • Content Delivery Networks (CDN)
• Attacks:
  • Bruteforce
    • Admin Interface
    • Common Backdoors
    • Common Backup Directory
    • Common Backup File
    • Common Directory
    • Common File
    • Log File
  • Injection
    • HTML Injection
    • SQL Injection
    • LDAP Injection
    • XPath Injection
    • Cross Site Scripting (XSS)
    • Remote File Inclusion (RFI)
    • PHP Code Injection
  • Other
    • HTTP Allow Methods
    • HTML Object
    • Multiple Index
    • Robots Paths
    • Web Dav
    • Cross Site Tracing (XST)
    • PHPINFO
    • .Listing
  • Vulnerabilities
    • ShellShock
    • Anonymous Cipher (CVE-2007-1858)
    • Crime (SPDY) (CVE-2012-4929)
    • Struts-Shock

Installation Sitadel – Web Application Security Scanner

git clone https://github.com/shenril/Sitadel.git

cd Sitadel
$ pip3 install .

$ python sitadel.py --help

Example of working This WebApp Scanner Sitadel:

Simple run

python sitadel http://website.com

Run with risk level at DANGEROUS and do not follow redirections

python sitadel http://website.com -r 2 --no-redirect

Run specifics modules only and full verbosity

python sitadel http://website.com -a bruteforce -f header server -v

Sitadel – Web Application Security Scanner

RapidScan – Web Vulnerability Scanner

Web Application Penetration Testing Course