Sitadel - Web Application Security Scanner tested on BackBox 5.3 GNU/Linux


Information Sitadel - Web Application Security

Sitadel pada dasarnya adalah pembaruan untuk WAScan (Web Application Security)
membuatnya kompatibel untuk python> = 3.4 Ia memungkinkan lebih banyak
fleksibilitas, Sitadel mengimplementasikan fitur-fitur terbaru :

- Frontend framework detection
- Content Delivery Network detection
- Define Risk Level to allow for scans
- Plugin system
- Docker image available to build and run

Requirement Warning
Sitadel ini hanya mendukung python> = 3.4. Tidak akan ada backport ke 2.7

Features Sitadel :

Fingerprints
- Server
- Web Frameworks (CakePHP,CherryPy,...)
- Frontend Frameworks (AngularJS,MeteorJS,VueJS,...)
- Web Application Firewall (Waf)
- Content Management System (CMS)
- Operating System (Linux,Unix,..)
- Language (PHP,Ruby,...)
- Cookie Security
- Content Delivery Networks (CDN)

Attacks :

Bruteforce
- Admin Interface
- Common Backdoors
- Common Backup Directory
- Common Backup File
- Common Directory
- Common File
- Log File

Injection
- HTML Injection
- SQL Injection
- LDAP Injection
- XPath Injection
- Cross Site Scripting (XSS)
- Remote File Inclusion (RFI)
- PHP Code Injection

Other
- HTTP Allow Methods
- HTML Object
- Multiple Index
- Robots Paths
- Web Dav
- Cross Site Tracing (XST)
- PHPINFO
- .Listing

Vulnerabilities
- ShellShock
- Anonymous Cipher (CVE-2007-1858)
- Crime (SPDY) (CVE-2012-4929)
- Struts-Shock

Installation Sitadel
$ git clone https://github.com/shenril/Sitadel.git
$ cd Sitadel
$ pip3 install .
$ python3 sitadel.py --help & python3 sitadel.py
Run with risk level at DANGEROUS and do not follow redirects
$ python3 sitadel http://website.com -r 2 --no-redirect
Run specifics modules only and full verbosity
$ python3 sitadel http://website.com -a bruteforce -f header server -v
Run with docker
$ docker build -t sitadel
$ docker run sitadel http://example.com

Video tutorial


Good Luck....
Previous
Next Post »