{"id":13539743,"url":"https://github.com/shenril/sitadel","last_synced_at":"2025-04-02T06:31:22.451Z","repository":{"id":96892004,"uuid":"117811813","full_name":"shenril/Sitadel","owner":"shenril","description":"Web Application Security Scanner","archived":false,"fork":false,"pushed_at":"2023-11-29T01:33:28.000Z","size":192,"stargazers_count":565,"open_issues_count":4,"forks_count":111,"subscribers_count":23,"default_branch":"master","last_synced_at":"2025-03-30T17:44:49.158Z","etag":null,"topics":["penetration-testing","python3","scanner-web","security"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shenril.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-01-17T09:06:24.000Z","updated_at":"2025-03-30T09:47:26.000Z","dependencies_parsed_at":"2024-04-09T23:48:36.315Z","dependency_job_id":"14691783-510f-4db6-8fd3-a53d93fb5399","html_url":"https://github.com/shenril/Sitadel","commit_stats":{"total_commits":97,"total_committers":4,"mean_commits":24.25,"dds":0.04123711340206182,"last_synced_commit":"0a0e4751d3128a10594dee57e4a83429a74c72e9"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shenril%2FSitadel","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shenril%2FSitadel/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shenril%2FSitadel/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shenril%2FSitadel/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shenril","download_url":"https://codeload.github.com/shenril/Sitadel/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246767919,"owners_count":20830575,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["penetration-testing","python3","scanner-web","security"],"created_at":"2024-08-01T09:01:31.269Z","updated_at":"2025-04-02T06:31:17.438Z","avatar_url":"https://github.com/shenril.png","language":"Python","readme":"\r\n# Sitadel - Web Application Security Scanner\r\n\r\n```bash\r\n _ _ _ _____ _ _ _\r\n | |_| |_| | / _____|_) _ | | | |\r\n | | ( (____ _ _| |_ _____ __| |_____| |\r\n | _ | \\____ \\| (_ _|____ |/ _ | ___ | |\r\n | |_| | _____) ) | | |_/ ___ ( (_| | ____| |\r\n | | (______/|_| \\__)_____|\\____|_____)\\_) \r\n\r\n```\r\n\r\n ![python3](https://img.shields.io/badge/python-3.6-green.svg) [![Build Status](https://travis-ci.org/shenril/Sitadel.svg?branch=master)](https://travis-ci.org/shenril/Sitadel) ![license](https://img.shields.io/badge/License-GPLv3-brightgreen.svg)\r\n\r\nSitadel is basically an update for WAScan making it compatible for python \u003e= 3.4\r\nIt allows more flexibility for you to write new modules and implement new features :\r\n\r\n- Frontend framework detection\r\n- Content Delivery Network detection\r\n- Define Risk Level to allow for scans\r\n- Plugin system\r\n- Docker image available to build and run\r\n\r\n## Table of Contents\r\n\r\n- [Sitadel - Web Application Security Scanner](#sitadel---web-application-security-scanner)\r\n - [Table of Contents](#table-of-contents)\r\n - [Requirement Warning](#requirement-warning)\r\n - [Installation](#installation)\r\n - [Features](#features)\r\n - [Usage](#usage)\r\n - [Modules list](#modules-list)\r\n - [Examples](#examples)\r\n - [Run with docker](#run-with-docker)\r\n\r\n## Requirement Warning\r\n\r\n This project **ONLY** supports python `\u003e= 3.4`. There will be no backport to 2.7\r\n\r\n## Installation\r\n\r\n```bash\r\ngit clone https://github.com/shenril/Sitadel.git\r\ncd Sitadel\r\npip3 install .\r\npython sitadel.py --help\r\n```\r\n\r\n## Features\r\n\r\n- Fingerprints\r\n - Server\r\n - Web Frameworks (CakePHP,CherryPy,...)\r\n - Frontend Frameworks (AngularJS,MeteorJS,VueJS,...)\r\n - Web Application Firewall (Waf)\r\n - Content Management System (CMS)\r\n - Operating System (Linux,Unix,..)\r\n - Language (PHP,Ruby,...)\r\n - Cookie Security\r\n - Content Delivery Networks (CDN)\r\n\r\n- Attacks:\r\n - Bruteforce\r\n - Admin Interface\r\n - Common Backdoors\r\n - Common Backup Directory\r\n - Common Backup File\r\n - Common Directory\r\n - Common File\r\n - Log File\r\n\r\n - Injection\r\n - HTML Injection\r\n - SQL Injection\r\n - LDAP Injection\r\n - XPath Injection\r\n - Cross Site Scripting (XSS)\r\n - Remote File Inclusion (RFI)\r\n - PHP Code Injection\r\n\r\n - Other\r\n - HTTP Allow Methods\r\n - HTML Object\r\n - Multiple Index\r\n - Robots Paths\r\n - Web Dav\r\n - Cross Site Tracing (XST)\r\n - PHPINFO\r\n - .Listing\r\n\r\n - Vulnerabilities\r\n - ShellShock\r\n - Anonymous Cipher (CVE-2007-1858)\r\n - Crime (SPDY) (CVE-2012-4929)\r\n - Struts-Shock\r\n\r\n## Usage\r\n\r\n```bash\r\nsitadel.py [-h] [-r {0,1,2}] [-ua USER_AGENT] [--redirect]\r\n [--no-redirect] [-t TIMEOUT] [-c COOKIE] [-p PROXY]\r\n [-f FINGERPRINT [MODULE ...]] [-a ATTACK [MODULE ...]]\r\n [--config CONFIG] [-v] [--version]\r\n TARGET_URL\r\n```\r\n\r\n| ARGUMENT | DESCRIPTION |\r\n| ---------------------- | ----------------------------------------------------------------------------------------- |\r\n| -h, --help | Display help |\r\n| -r, --risk {0,1,2} | Decide the risk level you want Sitadel to run (some attacks won't be executed) |\r\n| -ua, --user-agent | User agent used for the HTTP request of the attacks |\r\n| --redirect | Indicates to Sitadel to follow the 302 request for page redirection |\r\n| --no-redirect | Indicates to Sitadel **NOT** to follow the 302 request for page redirection |\r\n| -t, --timeout | Specify the timeout for the HTTP requests to the website |\r\n| -c, --cookie | Allows to specify the cookie to send with the attack requests |\r\n| -p, --proxy | Allows to specify a proxy to perform the HTTP requests |\r\n| -f, --fingerprint | Specify the fingerprint modules to activate to scan the website {cdn,cms,framework,frontend,header,lang,server,system,waf} |\r\n| -a, --attack | Specify the attack modules to activate to scan the website {bruteforce, injection, vulns, other} |\r\n| -c, --config | Specify the config file for Sitadel scan, default one is in config/config.yml |\r\n| -v, --verbosity | Increase the default verbosity of the logs, for instance: -v , -vv, -vvv |\r\n| --version | Show Sitadel version |\r\n\r\n## Modules list\r\n\r\n| FINGERPRINT | MODULE DESCRIPTION |\r\n| ------------- | ----------------------------------------------------------------------------------------- |\r\n| cdn | Try to guess if the target uses Content Delivery Network (fastly, akamai,cloudflare...) |\r\n| cms | Try to guess if the target uses a Content Management System (drupal,wordpress,magento...) |\r\n| framework | Try to guess if the target uses a backend framework (cakephp, rails, symfony...) |\r\n| frontend | Try to guess if the target uses a frontend framework (angularjs, jquery, vuejs...) |\r\n| header | Inspect the headers exchanged with the target |\r\n| lang | Try to guess the server language used by the target (asp, python, php...) |\r\n| server | Try to guess the server technology used by the target (nginx,apache...) |\r\n| system | Try to guess the Operation System used by the target (linux,windows...) |\r\n| waf | Try to guess if the target uses a Web Application Firewall (barracuda, bigip,paloalto...) \r\n\r\n| ATTACK | MODULE DESCRIPTION |\r\n| ------------- | ----------------------------------------------------------------------------------------- |\r\n| bruteforce | Try to bruteforce the location of multiple files (backup files, admin consoles...) |\r\n| injection | Try to perform injection on various language (SQL,html,ldap, javascript...) |\r\n| vulns | Try to test for some known vulnerabilities (crime,shellshock) |\r\n| other | Try to probe for various interesting resources (DAV, htmlobjects,phpinfo,robots.txt...) |\r\n\r\n## Examples\r\n\r\nSimple run\r\n\r\n`python3 sitadel http://website.com`\r\n\r\nRun with risk level at DANGEROUS and do not follow redirections\r\n\r\n`python3 sitadel http://website.com -r 2 --no-redirect`\r\n\r\nRun specifics modules only and full verbosity\r\n\r\n`python3 sitadel http://website.com -a bruteforce -f header server -v`\r\n\r\n## Run with docker\r\n\r\n`docker build -t sitadel .`\r\n\r\n`docker run sitadel http://example.com`\r\n","funding_links":[],"categories":["\u003ca id=\"8f92ead9997a4b68d06a9acf9b01ef63\"\u003e\u003c/a\u003e扫描器\u0026\u0026安全扫描\u0026\u0026App扫描\u0026\u0026漏洞扫描","\u003ca id=\"132036452bfacf61471e3ea0b7bf7a55\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"de63a029bda6a7e429af272f291bb769\"\u003e\u003c/a\u003e未分类-Scanner"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshenril%2Fsitadel","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshenril%2Fsitadel","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshenril%2Fsitadel/lists"}