Image does not exist: https://securityonline.info/wp-content/uploads/2018/12/Annotation-2018-12-28-155518.jpg
Sitadel ແມ່ນພັດທະນາມາຈາກ WAScan ເພື່ອໃຫ້ໃຊ້ໄດ້ກັບ python >= 3.4 ແລະ ເພີ່ມຄວາມສາມາດໃໝ່ເຂົ້າຕື່ມ
- Frontend framework detection
- Content Delivery Network detection
- Define Risk Level to allow for scans
- Plugin system
- Docker image available to build and run
Features:
+ Fingerprints
Server
Web Frameworks (CakePHP,CherryPy,…)
Frontend Frameworks (AngularJS,MeteorJS,VueJS,…)
Web Application Firewall (Waf)
Content Management System (CMS)
Operating System (Linux,Unix,..)
Language (PHP,Ruby,…)
Cookie Security
Content Delivery Networks (CDN)
+ Attacks:
Bruteforce
Admin Interface
Common Backdoors
Common Backup Directory
Common Backup File
Common Directory
Common File
Log File
+ Injection
HTML Injection
SQL Injection
LDAP Injection
XPath Injection
Cross Site Scripting (XSS)
Remote File Inclusion (RFI)
PHP Code Injection
+ Other
HTTP Allow Methods
HTML Object
Multiple Index
Robots Paths
Web Dav
Cross Site Tracing (XST)
PHPINFO
.Listing
+ Vulnerabilities
ShellShock
Anonymous Cipher (CVE-2007-1858)
Crime (SPDY) (CVE-2012-4929)
Struts-Shock
ວິທີຕິດຕັ້ງ:
$ git clone https://github.com/shenril/Sitadel.git $ cd Sitadel $ pip install . $ python sitadel.py –help
ຕົວຢ່າງ:
python sitadel http://website.com
Run with risk level at DANGEROUS and do not follow redirections
python sitadel http://website.com -r 2 –no-redirect
Run specifics modules only and full verbosity
python sitadel http://website.com -a admin backdoor -f header server -vvv
Run with docker
docker build -t sitadel
.
docker run sitadel http://example.com
src::https://securityonline.info
