Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → shenril → Sitadel

shenril / Sitadel

Licence: gpl-3.0

Web Application Security Scanner

Programming Languages

139335 projects - #7 most used programming language

1442 projects

Labels

security penetration-testing

Projects that are alternatives of or similar to Sitadel

A webshell framework for penetration testers.

Stars: ✭ 284 (-21.11%)

Mutual labels: penetration-testing

A MongoDB importer and API for Project Sonars DNS datasets

Stars: ✭ 297 (-17.5%)

Mutual labels: penetration-testing

A tool to automate penetration tests

Stars: ✭ 322 (-10.56%)

Mutual labels: penetration-testing

Next generation web scanner

Stars: ✭ 3,503 (+873.06%)

Mutual labels: penetration-testing

Reverse Shell Cheatsheet

🙃 Reverse Shell Cheat Sheet 🙃

Stars: ✭ 297 (-17.5%)

Mutual labels: penetration-testing

Everything needed for doing CTFs

Stars: ✭ 304 (-15.56%)

Mutual labels: penetration-testing

A cross-platform python based utility for information gathering and penetration testing automation!

Stars: ✭ 281 (-21.94%)

Mutual labels: penetration-testing

network reconnaissance toolkit

Stars: ✭ 353 (-1.94%)

Mutual labels: penetration-testing

Teamviewer permissions hook v1

A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.

Stars: ✭ 297 (-17.5%)

Mutual labels: penetration-testing

Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname

Stars: ✭ 312 (-13.33%)

Mutual labels: penetration-testing

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet

Stars: ✭ 3,521 (+878.06%)

Mutual labels: penetration-testing

Dnscat2 Powershell

A Powershell client for dnscat2, an encrypted DNS command and control tool.

Stars: ✭ 295 (-18.06%)

Mutual labels: penetration-testing

Android Apps, Roms and Platforms for Pentesting

Stars: ✭ 310 (-13.89%)

Mutual labels: penetration-testing

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Stars: ✭ 3,391 (+841.94%)

Mutual labels: penetration-testing

Awesome Web Hacking

A list of web application security

Stars: ✭ 3,760 (+944.44%)

Mutual labels: penetration-testing

Exploits and Security Tools Framework 2.0.1

Stars: ✭ 283 (-21.39%)

Mutual labels: penetration-testing

Tool Information Gathering Write By Python.

Stars: ✭ 300 (-16.67%)

Mutual labels: penetration-testing

(l)user hunter using WinAPI calls only

Stars: ✭ 359 (-0.28%)

Mutual labels: penetration-testing

Awesome Infosec

A curated list of awesome infosec courses and training resources.

Stars: ✭ 3,779 (+949.72%)

Mutual labels: penetration-testing

ConPtyShell - Fully Interactive Reverse Shell for Windows

Stars: ✭ 309 (-14.17%)

Mutual labels: penetration-testing

View All Similar Projects ➔

Sitadel - Web Application Security Scanner

   _   _   _         _____ _                 _       _
  | |_| |_| |      / _____|_)  _            | |     | |
  |         |     ( (____  _ _| |_ _____  __| |_____| |
  |    _    |      \____ \| (_   _|____ |/ _  | ___ | |
  |   |_|   |      _____) ) | | |_/ ___ ( (_| | ____| |
  |         |     (______/|_|  \__)_____|\____|_____)\_)

Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and implement new features :

Frontend framework detection
Content Delivery Network detection
Define Risk Level to allow for scans
Plugin system
Docker image available to build and run

Table of Contents

Sitadel - Web Application Security Scanner

Requirement Warning

This project ONLY supports python >= 3.4. There will be no backport to 2.7

Installation

git clone https://github.com/shenril/Sitadel.git
cd Sitadel
pip3 install .
python sitadel.py --help

Features

Fingerprints
- Server
- Web Frameworks (CakePHP,CherryPy,...)
- Frontend Frameworks (AngularJS,MeteorJS,VueJS,...)
- Web Application Firewall (Waf)
- Content Management System (CMS)
- Operating System (Linux,Unix,..)
- Language (PHP,Ruby,...)
- Cookie Security
- Content Delivery Networks (CDN)
Attacks:
- Bruteforce
  - Admin Interface
  - Common Backdoors
  - Common Backup Directory
  - Common Backup File
  - Common Directory
  - Common File
  - Log File
- Injection
  - HTML Injection
  - SQL Injection
  - LDAP Injection
  - XPath Injection
  - Cross Site Scripting (XSS)
  - Remote File Inclusion (RFI)
  - PHP Code Injection
- Other
  - HTTP Allow Methods
  - HTML Object
  - Multiple Index
  - Robots Paths
  - Web Dav
  - Cross Site Tracing (XST)
  - PHPINFO
  - .Listing
- Vulnerabilities
  - ShellShock
  - Anonymous Cipher (CVE-2007-1858)
  - Crime (SPDY) (CVE-2012-4929)
  - Struts-Shock

Usage

sitadel.py [-h] [-r {0,1,2}] [-ua USER_AGENT] [--redirect]
           [--no-redirect] [-t TIMEOUT] [-c COOKIE] [-p PROXY]
           [-f FINGERPRINT [MODULE ...]] [-a ATTACK [MODULE ...]]
           [--config CONFIG] [-v] [--version]
           TARGET_URL

ARGUMENT	DESCRIPTION
-h, --help	Display help
-r, --risk {0,1,2}	Decide the risk level you want Sitadel to run (some attacks won't be executed)
-ua, --user-agent	User agent used for the HTTP request of the attacks
--redirect	Indicates to Sitadel to follow the 302 request for page redirection
--no-redirect	Indicates to Sitadel NOT to follow the 302 request for page redirection
-t, --timeout	Specify the timeout for the HTTP requests to the website
-c, --cookie	Allows to specify the cookie to send with the attack requests
-p, --proxy	Allows to specify a proxy to perform the HTTP requests
-f, --fingerprint	Specify the fingerprint modules to activate to scan the website {cdn,cms,framework,frontend,header,lang,server,system,waf}
-a, --attack	Specify the attack modules to activate to scan the website {bruteforce, injection, vulns, other}
-c, --config	Specify the config file for Sitadel scan, default one is in config/config.yml
-v, --verbosity	Increase the default verbosity of the logs, for instance: -v , -vv, -vvv
--version	Show Sitadel version

Modules list

FINGERPRINT	MODULE DESCRIPTION
cdn	Try to guess if the target uses Content Delivery Network (fastly, akamai,cloudflare...)
cms	Try to guess if the target uses a Content Management System (drupal,wordpress,magento...)
framework	Try to guess if the target uses a backend framework (cakephp, rails, symfony...)
frontend	Try to guess if the target uses a frontend framework (angularjs, jquery, vuejs...)
header	Inspect the headers exchanged with the target
lang	Try to guess the server language used by the target (asp, python, php...)
server	Try to guess the server technology used by the target (nginx,apache...)
system	Try to guess the Operation System used by the target (linux,windows...)
waf	Try to guess if the target uses a Web Application Firewall (barracuda, bigip,paloalto...)

ATTACK	MODULE DESCRIPTION
bruteforce	Try to bruteforce the location of multiple files (backup files, admin consoles...)
injection	Try to perform injection on various language (SQL,html,ldap, javascript...)
vulns	Try to test for some known vulnerabilities (crime,shellshock)
other	Try to probe for various interesting resources (DAV, htmlobjects,phpinfo,robots.txt...)

Examples

Simple run

python3 sitadel http://website.com

Run with risk level at DANGEROUS and do not follow redirections

python3 sitadel http://website.com -r 2 --no-redirect

Run specifics modules only and full verbosity

python3 sitadel http://website.com -a bruteforce -f header server -v

Run with docker

docker build -t sitadel .

docker run sitadel http://example.com

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 360

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗