Sunday, 20 January 2019
0 comments

Sitadel- A Web Application Security Scanner

Sitadel- A Web Application Security Scanner


Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and implement new features :

  • Frontend framework detection
  • Content Delivery Network detection
  • Define Risk Level to allow for scans
  • Plugin system
  • Docker image available to build and run


Installation

$ git clone https://github.com/shenril/Sitadel.git
$ cd Sitadel
$ pip install .
$ python sitadel.py --help

Features


  • Fingerprints



  1. Server
  2. Web Frameworks (CakePHP,CherryPy,...)
  3. Frontend Frameworks (AngularJS,MeteorJS,VueJS,...)
  4. Web Application Firewall (Waf)
  5. Content Management System (CMS)
  6. Operating System (Linux,Unix,..)
  7. Language (PHP,Ruby,...)
  8. Cookie Security
  9. Content Delivery Networks (CDN)


  • Attacks:


Bruteforce


  • Admin Interface
  • Common Backdoors
  • Common Backup Directory
  • Common Backup File
  • Common Directory
  • Common File
  • Log File

Injection
  • HTML Injection
  • SQL Injection
  • LDAP Injection
  • XPath Injection
  • Cross Site Scripting (XSS)
  • Remote File Inclusion (RFI)
  • PHP Code Injection

Other
  • HTTP Allow Methods
  • HTML Object
  • Multiple Index
  • Robots Paths
  • Web Dav
  • Cross Site Tracing (XST)
  • PHPINFO
  • Listing

Vulnerabilities
  • ShellShock
  • Anonymous Cipher (CVE-2007-1858)
  • Crime (SPDY) (CVE-2012-4929)
  • Struts-Shock

Example

Simple run

python sitadel http://website.com

Run with risk level at DANGEROUS and do not follow redirection

python sitadel http://website.com -r 2 --no-redirect

Run specifics modules only and full verbosity

python sitadel http://website.com -a admin backdoor -f header server -vvv

Run with docker
docker build -t sitadel 

docker run sitadel http://example.com

Download Sitadel

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.

 
Toggle Footer
Top