Skip to content
Web Application Security Scanner
Branch: master
Clone or download
shenril Merge pull request #18 from shenril/bugfix/remove-unncessary-cast
Replace unncessary cast to native requests text
Latest commit 7618dc7 Feb 12, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/ISSUE_TEMPLATE Update issue templates Feb 12, 2019
config Add new attacks to the dictionnaries Aug 21, 2018
lib Replace unncessary cast to native requests text Feb 13, 2019
.gitignore Initial commit Jan 26, 2018
CHANGELOG Update documentation for docker run Jan 29, 2018
Dockerfile Change name to Sitadel Aug 20, 2018
Makefile Remove the all warning Feb 7, 2019 Change name to Sitadel Aug 20, 2018

Sitadel - Web Application Security Scanner

python3 Build Status license

Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and implement new features :

  • Frontend framework detection
  • Content Delivery Network detection
  • Define Risk Level to allow for scans
  • Plugin system
  • Docker image available to build and run

Requirement Warning

This project ONLY supports python >= 3.4. There will be no backport to 2.7


$ git clone
$ cd Sitadel
$ pip install .
$ python --help


  • Fingerprints

    • Server
    • Web Frameworks (CakePHP,CherryPy,...)
    • Frontend Frameworks (AngularJS,MeteorJS,VueJS,...)
    • Web Application Firewall (Waf)
    • Content Management System (CMS)
    • Operating System (Linux,Unix,..)
    • Language (PHP,Ruby,...)
    • Cookie Security
    • Content Delivery Networks (CDN)
  • Attacks:

    • Bruteforce

      • Admin Interface
      • Common Backdoors
      • Common Backup Directory
      • Common Backup File
      • Common Directory
      • Common File
      • Log File
    • Injection

      • HTML Injection
      • SQL Injection
      • LDAP Injection
      • XPath Injection
      • Cross Site Scripting (XSS)
      • Remote File Inclusion (RFI)
      • PHP Code Injection
    • Other

      • HTTP Allow Methods
      • HTML Object
      • Multiple Index
      • Robots Paths
      • Web Dav
      • Cross Site Tracing (XST)
      • PHPINFO
      • .Listing
    • Vulnerabilities

      • ShellShock
      • Anonymous Cipher (CVE-2007-1858)
      • Crime (SPDY) (CVE-2012-4929)
      • Struts-Shock


Simple run

python sitadel

Run with risk level at DANGEROUS and do not follow redirections

python sitadel -r 2 --no-redirect

Run specifics modules only and full verbosity

python sitadel -a bruteforce -f header server -vvv

Run with docker

docker build -t sitadel .

docker run sitadel

You can’t perform that action at this time.