Skip to content
Web Application Security Scanner
Branch: master
Clone or download
shenril Merge pull request #18 from shenril/bugfix/remove-unncessary-cast
Replace unncessary cast to native requests text
Latest commit 7618dc7 Feb 12, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/ISSUE_TEMPLATE Update issue templates Feb 12, 2019
config Add new attacks to the dictionnaries Aug 21, 2018
lib Replace unncessary cast to native requests text Feb 13, 2019
tests/lib
.gitignore Initial commit Jan 26, 2018
.travis.yml
CHANGELOG Update documentation for docker run Jan 29, 2018
Dockerfile Change name to Sitadel Aug 20, 2018
LICENSE
Makefile Remove the all warning Feb 7, 2019
README.md
setup.py Change name to Sitadel Aug 20, 2018
sitadel.py

README.md

Sitadel - Web Application Security Scanner

python3 Build Status license

Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and implement new features :

  • Frontend framework detection
  • Content Delivery Network detection
  • Define Risk Level to allow for scans
  • Plugin system
  • Docker image available to build and run

Requirement Warning

This project ONLY supports python >= 3.4. There will be no backport to 2.7

Installation

$ git clone https://github.com/shenril/Sitadel.git
$ cd Sitadel
$ pip install .
$ python sitadel.py --help

Features

  • Fingerprints

    • Server
    • Web Frameworks (CakePHP,CherryPy,...)
    • Frontend Frameworks (AngularJS,MeteorJS,VueJS,...)
    • Web Application Firewall (Waf)
    • Content Management System (CMS)
    • Operating System (Linux,Unix,..)
    • Language (PHP,Ruby,...)
    • Cookie Security
    • Content Delivery Networks (CDN)
  • Attacks:

    • Bruteforce

      • Admin Interface
      • Common Backdoors
      • Common Backup Directory
      • Common Backup File
      • Common Directory
      • Common File
      • Log File
    • Injection

      • HTML Injection
      • SQL Injection
      • LDAP Injection
      • XPath Injection
      • Cross Site Scripting (XSS)
      • Remote File Inclusion (RFI)
      • PHP Code Injection
    • Other

      • HTTP Allow Methods
      • HTML Object
      • Multiple Index
      • Robots Paths
      • Web Dav
      • Cross Site Tracing (XST)
      • PHPINFO
      • .Listing
    • Vulnerabilities

      • ShellShock
      • Anonymous Cipher (CVE-2007-1858)
      • Crime (SPDY) (CVE-2012-4929)
      • Struts-Shock

Example

Simple run

python sitadel http://website.com

Run with risk level at DANGEROUS and do not follow redirections

python sitadel http://website.com -r 2 --no-redirect

Run specifics modules only and full verbosity

python sitadel http://website.com -a bruteforce -f header server -vvv

Run with docker

docker build -t sitadel .

docker run sitadel http://example.com

You can’t perform that action at this time.