Sitadel- A Web Application Security Scanner

Sitadel is basically an update for WAScan making it compatible for python >= 3.4 It allows more flexibility for you to write new modules and implement new features :

  • Frontend framework detection
  • Content Delivery Network detection
  • Define Risk Level to allow for scans
  • Plugin system
  • Docker image available to build and run


$ git clone
$ cd Sitadel
$ pip install .
$ python –help


  1. Server
  2. Web Frameworks (CakePHP,CherryPy,…)
  3. Frontend Frameworks (AngularJS,MeteorJS,VueJS,…)
  4. Web Application Firewall (Waf)
  5. Content Management System (CMS)
  6. Operating System (Linux,Unix,..)
  7. Language (PHP,Ruby,…)
  8. Cookie Security
  9. Content Delivery Networks (CDN)


  • Admin Interface
  • Common Backdoors
  • Common Backup Directory
  • Common Backup File
  • Common Directory
  • Common File
  • Log File


  • HTML Injection
  • SQL Injection
  • LDAP Injection
  • XPath Injection
  • Cross Site Scripting (XSS)
  • Remote File Inclusion (RFI)
  • PHP Code Injection


  • HTTP Allow Methods
  • HTML Object
  • Multiple Index
  • Robots Paths
  • Web Dav
  • Cross Site Tracing (XST)
  • Listing


  • ShellShock
  • Anonymous Cipher (CVE-2007-1858)
  • Crime (SPDY) (CVE-2012-4929)
  • Struts-Shock


Simple run

python sitadel

Run with risk level at DANGEROUS and do not follow redirection

python sitadel -r 2 –no-redirect

Run specifics modules only and full verbosity

python sitadel -a admin backdoor -f header server -vvv

Run with docker
docker build -t sitadel 

docker run sitadel

Download Sitadel

Source link