LinuxPenetration TestingWebsite

Sitadel – Web Application Security & Vulnerability Scanner

Web Application Security Scanner & Website Vulnerability Scanner

Sitadel is a scanner with open source web application. The tool uses the black box method to detect various hazards. Sitadel provides a command line interface that you can use in the Kali Linux terminal to scan strangers and domains. The interactive console provides many useful features, such as command completion and status assistance. Sitadel provides a powerful place where web-based information from an open source can be made and you can gather all the information about the target. This tool is written in python language you must have a python language installed in your kali linux operating system.

Sitadel is a python-based web application scanner. It is flexible and has many different scanning options. It can get full server fingerprints and bruteforce references, manager pages, files etc. Also, it can search for injection type attacks (slq, html, xss, rfi, ldap and more), other information disclosures and popular risk-taking tools.

Features :

  • Fingerprints

    • Server
    • Web Frameworks (CakePHP,CherryPy,…)
    • Frontend Frameworks (AngularJS,MeteorJS,VueJS,…)
    • Web Application Firewall (Waf)
    • Content Management System (CMS)
    • Operating System (Linux,Unix,..)
    • Language (PHP,Ruby,…)
    • Cookie Security
    • Content Delivery Networks (CDN)
  • Attacks:

    • Bruteforce

      • Admin Interface
      • Backdoors
      • Backup Directory
      • Backup File
      • Directory
      • File
      • Log File
    • Injection

      • HTML Injection
      • SQL Injection
      • LDAP Injection
      • XPath Injection
      • Cross Site Scripting (XSS)
      • Remote File Inclusion (RFI)
      • PHP Code Injection
    • Other

      • HTTP Allow Methods
      • HTML Object
      • Multiple Index
      • Robots Paths
      • Web Dav
      • Cross Site Tracing (XST)
      • PHPINFO
      • .Listing
    • Vulnerabilities

      • ShellShock
      • Anonymous Cipher (CVE-2007-1858)
      • Crime (SPDY) (CVE-2012-4929)
      • Struts-Shock
Installation Sitadel


Install Android Termux :

Fast Install Linux Your Termux Your Android Devices read this Post & Articles how to Install Linux Termux App. Using Termux Linux & Using Linux Installation Commands Step by Step

Also Read : How to Install Kali NetHunter Android Termux No Root

AIso Read : How to Install & Run Ubuntu on Android Termux No Root


Install Linux :

Step 1:- Use the following command to install the tool in your kali Linux operating system. Use the second command given below to access the toolbar directory.

git clone
cd Sitadel


Step 2 :- So this time we will follow the easy way to install this tool. Look !! Git Utility comes pre-installed on all debian systems so we can download any tool using the “git clone” command. After downloading the project on github we have to install another app on our system called “pip”. Now until the resource is downloaded, we can relax our mind.

apt install pip
pip3 install .

web scanner

Step 3 :- That’s all and now we can use this tool very well without any problems. Let’s start with a good overview of this tool by using its individual features.

python3 --help


Step 4 :- Missing Protection Articles
In simple words you just need to enter the domain name you want to get the details from and we will show you all the details in the forum. As you can see for example in the image below that when we provide a domain and start giving us that number of security topics that are not available in the web application.


web scanner

Acquisition of CMS and WAF
We try many different tools to see these things but this has discarded useful things in just a moment.

web scanner


Step 5 :- Increase the Risk Level
Basically the risk level feature provided by this tool is only used to find the most useful features in a web application.

python3 --risk 2


Step 6 :- Custom User Agent
This is very useful for every login inspector to make them completely secure and these same features come together to hide their true identity. As you can see we have included fake user agent details so that each request is recorded on the victim’s web server log called.

python3 -ua "onlino 1.1."

We’ve done it again as you can see each log comes with the same user agent we set up for the attack terminal.

Step 6 :- Run with risk level at DANGEROUS and do not follow redirections

python3 --r 2 --no-redirect


Step 6 :- Run specifics modules only and full verbosity

python3 -a bruteforce -f header server -v


Usage : [-h] [-r {0,1,2}] [-ua USER_AGENT] [--redirect]
           [--no-redirect] [-t TIMEOUT] [-c COOKIE] [-p PROXY]
           [-f FINGERPRINT [MODULE ...]] [-a ATTACK [MODULE ...]]
           [--config CONFIG] [-v] [--version]
-h, –help Display help
-r, –risk {0,1,2} Decide the risk level you want Sitadel to run (some attacks won’t be executed)
-ua, –user-agent User agent used for the HTTP request of the attacks
–redirect Indicates to Sitadel to follow the 302 request for page redirection
–no-redirect Indicates to Sitadel NOT to follow the 302 request for page redirection
-t, –timeout Specify the timeout for the HTTP requests to the website
-c, –cookie Allows to specify the cookie to send with the attack requests
-p, –proxy Allows to specify a proxy to perform the HTTP requests
-f, –fingerprint Specify the fingerprint modules to activate to scan the website {cdn,cms,framework,frontend,header,lang,server,system,waf}
-a, –attack Specify the attack modules to activate to scan the website {bruteforce, injection, vulns, other}
-c, –config Specify the config file for Sitadel scan, default one is in config/config.yml
-v, –verbosity Increase the default verbosity of the logs, for instance: -v , -vv, -vvv
–version Show Sitadel version

Modules list

cdn Try to guess if the target uses Content Delivery Network (fastly, akamai,cloudflare…)
cms Try to guess if the target uses a Content Management System (drupal,wordpress,magento…)
framework Try to guess if the target uses a backend framework (cakephp, rails, symfony…)
frontend Try to guess if the target uses a frontend framework (angularjs, jquery, vuejs…)
header Inspect the headers exchanged with the target
lang Try to guess the server language used by the target (asp, python, php…)
server Try to guess the server technology used by the target (nginx,apache…)
system Try to guess the Operation System used by the target (linux,windows…)
waf Try to guess if the target uses a Web Application Firewall (barracuda, bigip,paloalto…)

bruteforce Try to bruteforce the location of multiple files (backup files, admin consoles…)
injection Try to perform injection on various language (SQL,html,ldap, javascript…)
vulns Try to test for some known vulnerabilities (crime,shellshock)
other Try to probe for various interesting resources (DAV, htmlobjects,phpinfo,robots.txt…)


Initially we get basic fingerprints about the target (x frame options, titles, server version). Then it starts to clear on the website. Then the scanner starts to attack something basic against the target. We have found many different results. Now we can search for them in person. In our example we can see that our server is at risk of HTML injection and SQL injection, okay, we did not find any lies in this test.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button