____ _ _ ____ __ __ __ ____
( _ \( \/ )(_ _)/ \ / \ ( ) / ___)
) __/ ) / )( ( O )( O )/ (_/\\___ \
(__) (__/ (__) \__/ \__/ \____/(____/
Fast and customizable vulnerability scanner based on simple Python.
- Frontend framework detection
- Content Delivery Network detection
- Define Risk Level to allow for scans
- Plugin system
- Docker image available to build and run
This project ONLY supports python >= 3.4
. There will be no backport to 2.7
git clone https://github.com/shenril/Sitadel.git
cd Sitadel
pip3 install .
python sitadel.py --help
-
Fingerprints
- Server
- Web Frameworks (CakePHP,CherryPy,...)
- Frontend Frameworks (AngularJS,MeteorJS,VueJS,...)
- Web Application Firewall (Waf)
- Content Management System (CMS)
- Operating System (Linux,Unix,..)
- Language (PHP,Ruby,...)
- Cookie Security
- Content Delivery Networks (CDN)
-
Attacks:
-
Bruteforce
- Admin Interface
- Common Backdoors
- Common Backup Directory
- Common Backup File
- Common Directory
- Common File
- Log File
-
Injection
- HTML Injection
- SQL Injection
- LDAP Injection
- XPath Injection
- Cross Site Scripting (XSS)
- Remote File Inclusion (RFI)
- PHP Code Injection
-
Other
- HTTP Allow Methods
- HTML Object
- Multiple Index
- Robots Paths
- Web Dav
- Cross Site Tracing (XST)
- PHPINFO
- .Listing
-
Vulnerabilities
- ShellShock
- Anonymous Cipher (CVE-2007-1858)
- Crime (SPDY) (CVE-2012-4929)
- Struts-Shock
-
python3 web_vul_scanner.py [-h] [-r {0,1,2}] [-ua USER_AGENT] [--redirect]
[--no-redirect] [-t TIMEOUT] [-c COOKIE] [-p PROXY]
[-f FINGERPRINT [MODULE ...]] [-a ATTACK [MODULE ...]]
[--config CONFIG] [-v] [--version]
TARGET_URL
Simple run
python3 web_vul_scanner.py http://website.com
Run with risk level at DANGEROUS and do not follow redirections
python3 web_vul_scanner.py http://website.com -r 2 --no-redirect
Run specifics modules only and full verbosity
python3 web_vul_scanner.py http://website.com -a bruteforce -f header server -v