Sitadel – Web Application Security Scanner

0
12
Sitadel - Web Application Security Scanner

Sitadel is principally an replace for WAScan making it appropriate for python >= 3.4 It permits extra flexibility so that you can write new modules and implement new options :

  • Frontend framework detection
  • Content Delivery Network detection
  • Define Risk Level to permit for scans
  • Plugin system
  • Docker picture obtainable to construct and run


Installation

$ git clone https://github.com/shenril/Sitadel.git
$ cd Sitadel
$ pip set up .
$ python sitadel.py --help

Features

  • Fingerprints
  • Attacks:
    • Bruteforce
      • Admin Interface
      • Common Backdoors
      • Common Backup Directory
      • Common Backup File
      • Common Directory
      • Common File
      • Log File
    • Injection
      • HTML Injection
      • SQL Injection
      • LDAP Injection
      • XPath Injection
      • Cross Site Scripting (XSS)
      • Remote File Inclusion (RFI)
      • PHP Code Injection
    • Other
      • HTTP Allow Methods
      • HTML Object
      • Multiple Index
      • Robots Paths
      • Web Dav
      • Cross Site Tracing (XST)
      • PHPINFO
      • .Listing
    • Vulnerabilities
      • ShellShock
      • Anonymous Cipher (CVE-2007-1858)
      • Crime (SPDY) (CVE-2012-4929)
      • Struts-Shock

Example
Simple run
python sitadel http://web site.com
Run with threat stage at DANGEROUS and don’t observe redirections
python sitadel http://web site.com -r 2 --no-redirect
Run specifics modules solely and full verbosity
python sitadel http://web site.com -a admin backdoor -f header server -vvv

Run with docker
docker construct -t sitadel .
docker run sitadel http://instance.com

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.