Web Application Security Scanner
_ _ _ _____ _ _ _
| |_| |_| | / _____|_) _ | | | |
| | ( (____ _ _| |_ _____ __| |_____| |
| _ | \____ \| (_ _|____ |/ _ | ___ | |
| |_| | _____) ) | | |_/ ___ ( (_| | ____| |
| | (______/|_| \__)_____|\____|_____)\_)
Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and implement new features :
This project ONLY supports python >= 3.4
. There will be no backport to 2.7
git clone https://github.com/shenril/Sitadel.git
cd Sitadel
pip3 install .
python sitadel.py --help
Fingerprints
Attacks:
Bruteforce
Injection
Other
Vulnerabilities
sitadel.py [-h] [-r {0,1,2}] [-ua USER_AGENT] [--redirect]
[--no-redirect] [-t TIMEOUT] [-c COOKIE] [-p PROXY]
[-f FINGERPRINT [MODULE ...]] [-a ATTACK [MODULE ...]]
[--config CONFIG] [-v] [--version]
TARGET_URL
ARGUMENT | DESCRIPTION |
---|---|
-h, --help | Display help |
-r, --risk {0,1,2} | Decide the risk level you want Sitadel to run (some attacks won't be executed) |
-ua, --user-agent | User agent used for the HTTP request of the attacks |
--redirect | Indicates to Sitadel to follow the 302 request for page redirection |
--no-redirect | Indicates to Sitadel NOT to follow the 302 request for page redirection |
-t, --timeout | Specify the timeout for the HTTP requests to the website |
-c, --cookie | Allows to specify the cookie to send with the attack requests |
-p, --proxy | Allows to specify a proxy to perform the HTTP requests |
-f, --fingerprint | Specify the fingerprint modules to activate to scan the website {cdn,cms,framework,frontend,header,lang,server,system,waf} |
-a, --attack | Specify the attack modules to activate to scan the website {bruteforce, injection, vulns, other} |
-c, --config | Specify the config file for Sitadel scan, default one is in config/config.yml |
-v, --verbosity | Increase the default verbosity of the logs, for instance: -v , -vv, -vvv |
--version | Show Sitadel version |
FINGERPRINT | MODULE DESCRIPTION |
---|---|
cdn | Try to guess if the target uses Content Delivery Network (fastly, akamai,cloudflare...) |
cms | Try to guess if the target uses a Content Management System (drupal,wordpress,magento...) |
framework | Try to guess if the target uses a backend framework (cakephp, rails, symfony...) |
frontend | Try to guess if the target uses a frontend framework (angularjs, jquery, vuejs...) |
header | Inspect the headers exchanged with the target |
lang | Try to guess the server language used by the target (asp, python, php...) |
server | Try to guess the server technology used by the target (nginx,apache...) |
system | Try to guess the Operation System used by the target (linux,windows...) |
waf | Try to guess if the target uses a Web Application Firewall (barracuda, bigip,paloalto...) |
ATTACK | MODULE DESCRIPTION |
---|---|
bruteforce | Try to bruteforce the location of multiple files (backup files, admin consoles...) |
injection | Try to perform injection on various language (SQL,html,ldap, javascript...) |
vulns | Try to test for some known vulnerabilities (crime,shellshock) |
other | Try to probe for various interesting resources (DAV, htmlobjects,phpinfo,robots.txt...) |
Simple run
python3 sitadel http://website.com
Run with risk level at DANGEROUS and do not follow redirections
python3 sitadel http://website.com -r 2 --no-redirect
Run specifics modules only and full verbosity
python3 sitadel http://website.com -a bruteforce -f header server -v
docker build -t sitadel .
docker run sitadel http://example.com