Sitadel – Web Application Security & Vulnerability Scanner

Web Application Security Scanner & Website Vulnerability Scanner

Suman Last Updated: 09/01/2023

0 5 minutes read

Sitadel is a scanner with open source web application(web scanner). The tool uses the black box method to detect various hazards. Sitadel provides a command line interface that you can use in the Kali Linux terminal to scan strangers and domains. The interactive console provides many useful features, such as command completion and status assistance. Sitadel provides a powerful place where web-based information from an open source can be made and you can gather all the information about the target. This tool is written in python language you must have a python language installed in your kali linux operating system.

Sitadel is a python-based web application scanner. It is flexible and has many different scanning options. It can get full server fingerprints and bruteforce references, manager pages, files etc. Also, it can search for injection type attacks (slq, html, xss, rfi, ldap and more), other information disclosures and popular risk-taking tools.

Features :

Fingerprints
- Server
- Web Frameworks (CakePHP,CherryPy,…)
- Frontend Frameworks (AngularJS,MeteorJS,VueJS,…)
- Web Application Firewall (Waf)
- Content Management System (CMS)
- Operating System (Linux,Unix,..)
- Language (PHP,Ruby,…)
- Cookie Security
- Content Delivery Networks (CDN)
Attacks:
- Bruteforce
  - Admin Interface
  - Backdoors
  - Backup Directory
  - Backup File
  - Directory
  - File
  - Log File
- Injection
  - HTML Injection
  - SQL Injection
  - LDAP Injection
  - XPath Injection
  - Cross Site Scripting (XSS)
  - Remote File Inclusion (RFI)
  - PHP Code Injection
- Other
  - HTTP Allow Methods
  - HTML Object
  - Multiple Index
  - Robots Paths
  - Web Dav
  - Cross Site Tracing (XST)
  - PHPINFO
  - .Listing
- Vulnerabilities
  - ShellShock
  - Anonymous Cipher (CVE-2007-1858)
  - Crime (SPDY) (CVE-2012-4929)
  - Struts-Shock

Installation Sitadel

Install Android Termux :

Fast Install Linux Your Termux Your Android Devices read this Post & Articles on how to Install Linux Termux App. Using Termux Linux & Using Linux Installation Commands Step by Step

Also Read : How to Install Kali NetHunter Android Termux No Root

AIso Read : Owasp Zap Installation & Complete Use Guide in Windows & Linux

Install Linux :

Step 1:- Use the following command to install the tool in your kali Linux operating system. Use the second command given below to access the toolbar directory.

git clone https://github.com/shenril/Sitadel.git
cd Sitadel

Step 2 :- So this time we will follow the easy way to install this tool. Look !! Git Utility comes pre-installed on all debian systems so we can download any tool using the “git clone” command. After downloading the project on github we have to install another app on our system called “pip”. Now until the resource is downloaded, we can relax our mind.

apt install pip
pip3 install .

Step 3 :- That’s all and now we can use this tool very well without any problems. Let’s start with a good overview of this tool by using its individual features.

python3 sitadel.py --help

Step 4 :- Missing Protection Articles
In simple words you just need to enter the domain name you want to get the details from and we will show you all the details in the forum. As you can see for example in the image below that when we provide a domain and start giving us that number of security topics that are not available in the web application.

python3 sitadel.py https://www.onlino.in

Acquisition of CMS and WAF
We try many different tools to see these things but this has discarded useful things in just a moment.

Step 5 :- Increase the Risk Level
Basically the risk level feature provided by this tool is only used to find the most useful features in a web application.

python3 sitadel.py https://onlino.in --risk 2

Step 6 :- Custom User Agent
This is very useful for every login inspector to make them completely secure and these same features come together to hide their true identity. As you can see we have included fake user agent details so that each request is recorded on the victim’s web server log called.

python3 sitadel.py http://192.168.1.11 -ua "onlino 1.1."

We’ve done it again as you can see each log comes with the same user agent we set up for the attack terminal.

Step 6 :- Run with risk level at DANGEROUS and do not follow redirections

python3 sitadel.py https://www.onlino.in --r 2 --no-redirect

Step 6 :- Run specifics modules only and full verbosity

python3 sitadel.py https://www.onlino.in -a bruteforce -f header server -v

Usage :

sitadel.py [-h] [-r {0,1,2}] [-ua USER_AGENT] [--redirect]
           [--no-redirect] [-t TIMEOUT] [-c COOKIE] [-p PROXY]
           [-f FINGERPRINT [MODULE ...]] [-a ATTACK [MODULE ...]]
           [--config CONFIG] [-v] [--version]
           TARGET_URL

ARGUMENT	DESCRIPTION
-h, –help	Display help
-r, –risk {0,1,2}	Decide the risk level you want Sitadel to run (some attacks won’t be executed)
-ua, –user-agent	User agent used for the HTTP request of the attacks
–redirect	Indicates to Sitadel to follow the 302 request for page redirection
–no-redirect	Indicates to Sitadel NOT to follow the 302 request for page redirection
-t, –timeout	Specify the timeout for the HTTP requests to the website
-c, –cookie	Allows to specify the cookie to send with the attack requests
-p, –proxy	Allows to specify a proxy to perform the HTTP requests
-f, –fingerprint	Specify the fingerprint modules to activate to scan the website {cdn,cms,framework,frontend,header,lang,server,system,waf}
-a, –attack	Specify the attack modules to activate to scan the website {bruteforce, injection, vulns, other}
-c, –config	Specify the config file for Sitadel scan, default one is in config/config.yml
-v, –verbosity	Increase the default verbosity of the logs, for instance: -v , -vv, -vvv
–version	Show Sitadel version

Modules list

FINGERPRINT	MODULE DESCRIPTION
cdn	Try to guess if the target uses Content Delivery Network (fastly, akamai,cloudflare…)
cms	Try to guess if the target uses a Content Management System (drupal,wordpress,magento…)
framework	Try to guess if the target uses a backend framework (cakephp, rails, symfony…)
frontend	Try to guess if the target uses a frontend framework (angularjs, jquery, vuejs…)
header	Inspect the headers exchanged with the target
lang	Try to guess the server language used by the target (asp, python, php…)
server	Try to guess the server technology used by the target (nginx,apache…)
system	Try to guess the Operation System used by the target (linux,windows…)
waf	Try to guess if the target uses a Web Application Firewall (barracuda, bigip,paloalto…)

ATTACK	MODULE DESCRIPTION
bruteforce	Try to bruteforce the location of multiple files (backup files, admin consoles…)
injection	Try to perform injection on various language (SQL,html,ldap, javascript…)
vulns	Try to test for some known vulnerabilities (crime,shellshock)
other	Try to probe for various interesting resources (DAV, htmlobjects,phpinfo,robots.txt…)

web scanner Initially we get basic fingerprints about the target (x frame options, titles, server version). Then it starts to clear on the website. Then the scanner starts to attack something basic against the target. We have found many different results. Now we can search for them in person. In our example we can see that our server is at risk of HTML injection and SQL injection, okay, we did not find any lies in this test.