Sitadel – Web Application Security Scanner

Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and implement new features :Frontend framework detectionContent Delivery Network detectionDefine Risk Level to allow for scansPlugin systemDocker image available to build and runInstallation$ git clone https://github.com/shenril/Sitadel.git$ cd Sitadel$ pip install .$ python sitadel.py –helpFeaturesFingerprints ServerWeb Frameworks (CakePHP,CherryPy,…)Frontend Frameworks (AngularJS,MeteorJS,VueJS,…)Web Application Firewall (Waf)Content Management System (CMS)Operating System (Linux,Unix,..)Language (PHP,Ruby,…)Cookie SecurityContent Delivery Networks (CDN)Attacks: Bruteforce Admin InterfaceCommon BackdoorsCommon Backup DirectoryCommon Backup FileCommon DirectoryCommon FileLog FileInjection HTML InjectionSQL InjectionLDAP InjectionXPath InjectionCross Site Scripting (XSS)Remote File Inclusion (RFI)PHP Code InjectionOther HTTP Allow MethodsHTML ObjectMultiple IndexRobots PathsWeb DavCross Site Tracing (XST)PHPINFO.ListingVulnerabilities ShellShockAnonymous Cipher (CVE-2007-1858)Crime (SPDY) (CVE-2012-4929)Struts-ShockExampleSimple runpython sitadel http://website.com Run with risk level at DANGEROUS and do not follow redirectionspython sitadel http://website.com -r 2 –no-redirectRun specifics modules only and full verbositypython sitadel http://website.com -a admin backdoor -f header server -vvvRun with dockerdocker build -t sitadel .docker run sitadel http://example.comDownload Sitadel

Link: http://feedproxy.google.com/~r/PentestTools/~3/zfPWuXefLsw/sitadel-web-application-security-scanner.html