Sitadel – Web Application Security & Vulnerability Scanner
Web Application Security Scanner & Website Vulnerability Scanner
Sitadel is a scanner with open source web application(web scanner). The tool uses the black box method to detect various hazards. Sitadel provides a command line interface that you can use in the Kali Linux terminal to scan strangers and domains. The interactive console provides many useful features, such as command completion and status assistance. Sitadel provides a powerful place where web-based information from an open source can be made and you can gather all the information about the target. This tool is written in python language you must have a python language installed in your kali linux operating system.
Sitadel is a python-based web application scanner. It is flexible and has many different scanning options. It can get full server fingerprints and bruteforce references, manager pages, files etc. Also, it can search for injection type attacks (slq, html, xss, rfi, ldap and more), other information disclosures and popular risk-taking tools.
Features :
Fingerprints
- Server
- Web Frameworks (CakePHP,CherryPy,…)
- Frontend Frameworks (AngularJS,MeteorJS,VueJS,…)
- Web Application Firewall (Waf)
- Content Management System (CMS)
- Operating System (Linux,Unix,..)
- Language (PHP,Ruby,…)
- Cookie Security
- Content Delivery Networks (CDN)
Attacks:
Bruteforce
- Admin Interface
- Backdoors
- Backup Directory
- Backup File
- Directory
- File
- Log File
Injection
- HTML Injection
- SQL Injection
- LDAP Injection
- XPath Injection
- Cross Site Scripting (XSS)
- Remote File Inclusion (RFI)
- PHP Code Injection
Other
- HTTP Allow Methods
- HTML Object
- Multiple Index
- Robots Paths
- Web Dav
- Cross Site Tracing (XST)
- PHPINFO
- .Listing
Vulnerabilities
- ShellShock
- Anonymous Cipher (CVE-2007-1858)
- Crime (SPDY) (CVE-2012-4929)
- Struts-Shock
Installation Sitadel
Install Android Termux :
Fast Install Linux Your Termux Your Android Devices read this Post & Articles on how to Install Linux Termux App. Using Termux Linux & Using Linux Installation Commands Step by Step
Also Read : How to Install Kali NetHunter Android Termux No Root
AIso Read : Owasp Zap Installation & Complete Use Guide in Windows & Linux
Install Linux :
Step 1:- Use the following command to install the tool in your kali Linux operating system. Use the second command given below to access the toolbar directory.
Step 2 :- So this time we will follow the easy way to install this tool. Look !! Git Utility comes pre-installed on all debian systems so we can download any tool using the “git clone” command. After downloading the project on github we have to install another app on our system called “pip”. Now until the resource is downloaded, we can relax our mind.
Step 3 :- That’s all and now we can use this tool very well without any problems. Let’s start with a good overview of this tool by using its individual features.
Step 4 :- Missing Protection Articles
In simple words you just need to enter the domain name you want to get the details from and we will show you all the details in the forum. As you can see for example in the image below that when we provide a domain and start giving us that number of security topics that are not available in the web application.
Acquisition of CMS and WAF
We try many different tools to see these things but this has discarded useful things in just a moment.
Step 5 :- Increase the Risk Level
Basically the risk level feature provided by this tool is only used to find the most useful features in a web application.
Step 6 :- Custom User Agent
This is very useful for every login inspector to make them completely secure and these same features come together to hide their true identity. As you can see we have included fake user agent details so that each request is recorded on the victim’s web server log called.
We’ve done it again as you can see each log comes with the same user agent we set up for the attack terminal.
Step 6 :- Run with risk level at DANGEROUS and do not follow redirections
Step 6 :- Run specifics modules only and full verbosity
Usage :
sitadel.py [-h] [-r {0,1,2}] [-ua USER_AGENT] [--redirect]
[--no-redirect] [-t TIMEOUT] [-c COOKIE] [-p PROXY]
[-f FINGERPRINT [MODULE ...]] [-a ATTACK [MODULE ...]]
[--config CONFIG] [-v] [--version]
TARGET_URL| ARGUMENT | DESCRIPTION |
|---|---|
| -h, –help | Display help |
| -r, –risk {0,1,2} | Decide the risk level you want Sitadel to run (some attacks won’t be executed) |
| -ua, –user-agent | User agent used for the HTTP request of the attacks |
| –redirect | Indicates to Sitadel to follow the 302 request for page redirection |
| –no-redirect | Indicates to Sitadel NOT to follow the 302 request for page redirection |
| -t, –timeout | Specify the timeout for the HTTP requests to the website |
| -c, –cookie | Allows to specify the cookie to send with the attack requests |
| -p, –proxy | Allows to specify a proxy to perform the HTTP requests |
| -f, –fingerprint | Specify the fingerprint modules to activate to scan the website {cdn,cms,framework,frontend,header,lang,server,system,waf} |
| -a, –attack | Specify the attack modules to activate to scan the website {bruteforce, injection, vulns, other} |
| -c, –config | Specify the config file for Sitadel scan, default one is in config/config.yml |
| -v, –verbosity | Increase the default verbosity of the logs, for instance: -v , -vv, -vvv |
| –version | Show Sitadel version |
Modules list
| FINGERPRINT | MODULE DESCRIPTION |
|---|---|
| cdn | Try to guess if the target uses Content Delivery Network (fastly, akamai,cloudflare…) |
| cms | Try to guess if the target uses a Content Management System (drupal,wordpress,magento…) |
| framework | Try to guess if the target uses a backend framework (cakephp, rails, symfony…) |
| frontend | Try to guess if the target uses a frontend framework (angularjs, jquery, vuejs…) |
| header | Inspect the headers exchanged with the target |
| lang | Try to guess the server language used by the target (asp, python, php…) |
| server | Try to guess the server technology used by the target (nginx,apache…) |
| system | Try to guess the Operation System used by the target (linux,windows…) |
| waf | Try to guess if the target uses a Web Application Firewall (barracuda, bigip,paloalto…) |
| ATTACK | MODULE DESCRIPTION |
|---|---|
| bruteforce | Try to bruteforce the location of multiple files (backup files, admin consoles…) |
| injection | Try to perform injection on various language (SQL,html,ldap, javascript…) |
| vulns | Try to test for some known vulnerabilities (crime,shellshock) |
| other | Try to probe for various interesting resources (DAV, htmlobjects,phpinfo,robots.txt…) |
web scanner Initially we get basic fingerprints about the target (x frame options, titles, server version). Then it starts to clear on the website. Then the scanner starts to attack something basic against the target. We have found many different results. Now we can search for them in person. In our example we can see that our server is at risk of HTML injection and SQL injection, okay, we did not find any lies in this test.
