Sitadel – Web Application Security Scanner
Web sitelerindeki Güvenlik Açıklarını Bulmamıza ve Kapatmamıza Yardımcı Olan Bir Proğramdır.
How to Install and Run in Linux – Nasıl Yüklenir ?
[1] Enter the following command in the terminal to download it.
git clone https://github.com/shenril/Sitadel.git
[2] After downloading the program…
cd Sitadel
[3] Now run the script with following command.
pip install
python sitadel.py --help
Bu Proğram ile Kullanabileceğimiz Güvenlik açıkları – Bu Proğrala Neler Yapabiliriz ?
Features
- Fingerprints
- Server
- Web Frameworks (CakePHP,CherryPy,…)
- Frontend Frameworks (AngularJS,MeteorJS,VueJS,…)
- Web Application Firewall (Waf)
- Content Management System (CMS)
- Operating System (Linux,Unix,..)
- Language (PHP,Ruby,…)
- Cookie Security
- Content Delivery Networks (CDN)
- Attacks:
- Bruteforce
- Admin Interface
- Common Backdoors
- Common Backup Directory
- Common Backup File
- Common Directory
- Common File
- Log File
- Injection
- HTML Injection
- SQL Injection
- LDAP Injection
- XPath Injection
- Cross Site Scripting (XSS)
- Remote File Inclusion (RFI)
- PHP Code Injection
- Other
- HTTP Allow Methods
- HTML Object
- Multiple Index
- Robots Paths
- Web Dav
- Cross Site Tracing (XST)
- PHPINFO
- .Listing
- Vulnerabilities
- ShellShock
- Anonymous Cipher (CVE-2007-1858)
- Crime (SPDY) (CVE-2012-4929)
- Struts-Shock
- Bruteforce
Example -Örnek Bir Senaryo
Simple run
python sitadel http://website.com
Run with risk level at DANGEROUS and do not follow redirections
python sitadel http://website.com -r 2 --no-redirect
Run specifics modules only and full verbosity
python sitadel http://website.com -a admin backdoor -f header server -vvv
Run with docker
docker build -t sitadel .
docker run sitadel http://example.com