Sitadel - Spider Web Application Safety Scanner


Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows to a greater extent than flexibility for you lot to write novel modules together with implement novel features :
  • Frontend framework detection
  • Content Delivery Network detection
  • Define Risk Level to permit for scans
  • Plugin system
  • Docker icon available to gear upward together with run

Installation
$ git clone https://github.com/shenril/Sitadel.git $ cd Sitadel $ pip install . $ python sitadel.py --help

Features
  • Fingerprints
    • Server
    • Web Frameworks (CakePHP,CherryPy,...)
    • Frontend Frameworks (AngularJS,MeteorJS,VueJS,...)
    • Web Application Firewall (Waf)
    • Content Management System (CMS)
    • Operating System (Linux,Unix,..)
    • Language (PHP,Ruby,...)
    • Cookie Security
    • Content Delivery Networks (CDN)
  • Attacks:
    • Bruteforce
      • Admin Interface
      • Common Backdoors
      • Common Backup Directory
      • Common Backup File
      • Common Directory
      • Common File
      • Log File
    • Injection
      • HTML Injection
      • SQL Injection
      • LDAP Injection
      • XPath Injection
      • Cross Site Scripting (XSS)
      • Remote File Inclusion (RFI)
      • PHP Code Injection
    • Other
      • HTTP Allow Methods
      • HTML Object
      • Multiple Index
      • Robots Paths
      • Web Dav
      • Cross Site Tracing (XST)
      • PHPINFO
      • .Listing
    • Vulnerabilities
      • ShellShock
      • Anonymous Cipher (CVE-2007-1858)
      • Crime (SPDY) (CVE-2012-4929)
      • Struts-Shock

Example
Simple run
python sitadel http://website.com
Run alongside adventure score at DANGEROUS together with produce non follow redirections
python sitadel http://website.com -r 2 --no-redirect
Run specifics modules entirely together with amount verbosity
python sitadel http://website.com -a admin backdoor -f header server -vvv

Run alongside docker
docker gear upward -t sitadel .
docker run sitadel http://example.com