if i want use all modules in attack i need add other arguments, such as -a ?

Environment

• OS: Pentoo (I'm a developer)
• Python version 3.11, 3.12
• Sitadel version: latest git

First of all, config.yml was not installed by default, I had to extract it to a local folder.
It would be good to install it, copy to a user's folder (~/.siteadel/config.yml)

And when, after running it:

Current Behavior

---------  Scan Started: 27/02/2024 09:28:01 ---------
[i] Launching fingerprints modules...
[i] For better waf detection we recommend you to run with --no-redirect
[+] X-Frame-Options header is not present.
[+] X-XSS-Protection header is not present.
[+] Lang detected: Java
[+] Server detected: nginx
[i] Start crawling the target website
[i] Launching attacks modules...
[i] Checking admin interfaces...
sitadelLog - ERROR - [Errno 2] No such file or directory: 'lib/data/admin.txt'
---------  Scan Finished: 27/02/2024 09:28:08 ---------
Traceback (most recent call last):
  File "/usr/lib/python-exec/python3.12/sitadel.py", line 174, in <module>
    Sitadel().main()
  File "/usr/lib/python-exec/python3.12/sitadel.py", line 165, in main
    self.ma.attacks(args.attack, self.url, discovered_urls)
  File "/usr/lib/python3.12/site-packages/lib/utils/manager.py", line 25, in attacks
    Attacks(url, crawled_urls).run(plugins)
  File "/usr/lib/python3.12/site-packages/lib/modules/attacks/__init__.py", line 56, in run
    raise e
  File "/usr/lib/python3.12/site-packages/lib/modules/attacks/__init__.py", line 43, in run
    (p(), p().process(self.start_url, self.crawled_urls))
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/lib/modules/attacks/bruteforce/admin.py", line 28, in process
    with self.datastore.open("admin.txt", "r") as db:
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/lib/utils/datastore.py", line 13, in open
    return open(os.path.join(self.rootpath, filename), mode,encoding="utf-8")
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: 'lib/data/admin.txt'

I checked and confirmed, that /usr/lib/python3.12/site-packages/lib/data/admin.txt file does exist.

Tell us what happens instead of the expected behavior
The "lib" directory should be discovered

To Reproduce

Steps to reproduce the behavior:

1. run python setup.py install
   It should be possible to use --user and --prefix to install to a local folder, and run it from home folder

2. run $ sitadel.py --config https://

Hello,
I'm trying to use Sitadel. But during the "Checking cross site scripting" analysis, the error "AttributeError: 'Output' object has no attribute 'test'" occured.

Below the complete error :
[i] Checking cross site scripting...
Traceback (most recent call last):
File "sitadel.py", line 93, in
Sitadel().main()
File "sitadel.py", line 88, in main
self.ma.attacks(args.attack, self.url, discovered_urls)
File "/root/Documents/Sitadel/lib/utils/manager.py", line 29, in attacks
Attacks(url, crawled_urls).run(plugins)
File "/root/Documents/Sitadel/lib/modules/attacks/init.py", line 45, in run
raise (e)
File "/root/Documents/Sitadel/lib/modules/attacks/init.py", line 39, in run
attacks = ([(p(), p().process(self.start_url, self.crawled_urls)) for p in AttackPlugin.plugins])
File "/root/Documents/Sitadel/lib/modules/attacks/init.py", line 39, in
attacks = ([(p(), p().process(self.start_url, self.crawled_urls)) for p in AttackPlugin.plugins])
File "/root/Documents/Sitadel/lib/modules/attacks/vulns/anonymous.py", line 13, in process
output.test('Scanning anonymous cipher vuln...')
AttributeError: 'Output' object has no attribute 'test'

Can you help me ?

Thanks

Hello
I see you haven't docs for your project
I write study project with sphinx, which generate docs as you wish

Here is it: https://github.com/Niccolum/intrst_algrms
https://intrst-algrms.readthedocs.io/en/latest/index.html

For my docs helps two projects:
https://github.com/inveniosoftware/flask-sso/tree/master/docs
And
https://github.com/aio-libs/aiohttp/tree/master/docs

Maybe all of it helps you too.
Thanks

test on python3.6
[+] Found "/" directory at http://example.com/
cannot use a string pattern on a bytes-like object
[i] Checking common files...
Cannot mix str and non-str arguments
[i] Checking common log files..
Cannot mix str and non-str arguments
[i] Checking html injection...
[i] Checking ldap injection...
[i] Checking php code injection...
[i] Checking remote file inclusion...
[i] Checking sql injection...
[i] Checking xpath injection...
[i] Checking cross site scripting...
[i] Scanning anonymous cipher vuln...
a bytes-like object is required, not 'str'
[i] Scanning crime (SPDY) vuln...
a bytes-like object is required, not 'str'
[i] Scanning shellshock vuln..
nothing to repeat at position 0
[i] Scanning struts-shock vuln..
nothing to repeat at position 0
[i] Checking http allow methods..
'list' object has no attribute 'upper'
[i] Checking webdav..
cannot use a string pattern on a bytes-like object
[i] Checking html object..
cannot use a string pattern on a bytes-like object
[i] Checking listing..
[i] Checking multiple index..
Cannot mix str and non-str arguments
Traceback (most recent call last):
File "sitadel.py", line 93, in
Sitadel().main()
File "sitadel.py", line 88, in main
self.ma.attacks(args.attack, self.url, discovered_urls)
File "/wd/lib/utils/manager.py", line 29, in attacks
Attacks(url, crawled_urls).run(plugins)
File "/wd/lib/modules/attacks/init.py", line 45, in run
raise (e)
File "/wd/lib/modules/attacks/init.py", line 39, in run
attacks = ([(p(), p().process(self.start_url, self.crawled_urls)) for p in AttackPlugin.plugins])
File "/wd/lib/modules/attacks/init.py", line 39, in
attacks = ([(p(), p().process(self.start_url, self.crawled_urls)) for p in AttackPlugin.plugins])
File "/wd/lib/modules/attacks/other/phpinfo.py", line 14, in process
output.infot('Checking phpinfo..')
AttributeError: 'Output' object has no attribute 'infot'

Add dockerfile with linguini as an entry point

add "pip3 install scrapy" to install Sitadel without errors

Congratulations , this is one of the best cli security scanners i have seen on the web .
Very nice work .
Thank you for the contribution

Hi all,

I try to use Sitadel, I have installed it successfully, but when I run it, I get the following error message:

Traceback (most recent call last):
File "sitadel.py", line 14, in
from lib.config import settings
File "/mnt/c/Users/M.Basheer/Desktop/Sitadel/lib/config/init.py", line 1, in
from .settings import Settings
File "/mnt/c/Users/M.Basheer/Desktop/Sitadel/lib/config/settings.py", line 50
cls.cfg = {**cls.cfg, **config}
^
SyntaxError: invalid syntax

Can someone please help me to explain how I can solve that?

Thanks in advance.

└─$ python sitadel.py https://site.com

| || || | / |) _ | | | |
| | ( (___ _ | | _____ | || |
| _ | __ | (_ |___ |/ _ | ___ | |
| || | _____) ) | | |/ ___ ( (| | | |
| | (/|| __)|_|___)_) 1.0.1

~/# Sitadel - Web Application Security Scanner #~
~/# Shenril (@shenril) #~
~/# https://github.com/shenril/Sitadel #~

Traceback (most recent call last):
File "/home/pc/Desktop/Sitadel/sitadel.py", line 174, in
Sitadel().main()
File "/home/pc/Desktop/Sitadel/sitadel.py", line 99, in main
settings.from_yaml(args.config)
File "/home/pc/Desktop/Sitadel/lib/config/settings.py", line 48, in from_yaml
config = yaml.load(yamlfile, Loader=yaml.SafeLoader)
File "/usr/local/lib/python3.10/dist-packages/yaml/init.py", line 72, in load
return loader.get_single_data()
File "/usr/local/lib/python3.10/dist-packages/yaml/constructor.py", line 37, in get_single_data
return self.construct_document(node)
File "/usr/local/lib/python3.10/dist-packages/yaml/constructor.py", line 46, in construct_document
for dummy in generator:
File "/usr/local/lib/python3.10/dist-packages/yaml/constructor.py", line 398, in construct_yaml_map
value = self.construct_mapping(node)
File "/usr/local/lib/python3.10/dist-packages/yaml/constructor.py", line 204, in construct_mapping
return super().construct_mapping(node, deep=deep)
File "/usr/local/lib/python3.10/dist-packages/yaml/constructor.py", line 126, in construct_mapping
if not isinstance(key, collections.Hashable):
AttributeError: module 'collections' has no attribute 'Hashable'

Hi, I'm trying to install the latest version (1.0.0) and figured that there is no binary is getting installed.
The command is the following:
python3.6 setup.py install --user

Introduction

Hi! Could you also add some Websocket Discovery and/or Cross Site Websocket Hijacking (CSWSH) for the tool? I have sorted subdomain list with your CDN and Server Module, it really helps alot. Altho, it would be great if this also could be added :)

Implementation

Input hostname list from a file, that will appended after ws scheme: ws://hostname.com

Required Scheme: wss:// or ws://

Required Header: Connection: Upgrade, Upgrade: websocket

Additional Header: Sec-Websocket-Version: 13, Sec-Websocket-Key: <dummy ws key>

The output result is HTTP Codes 101 Switch Protocol.

Background

The behind reason for this is; to find subdomain that support for websocket especially for Cloudflare region. Also, there is not many tool that provide this.

Thank you so much for your hard work that you put into this tool, so far this is my main daily tool to use 👌

How to save log file ? Now when finised scan sitadel.log file size = 0 kb
Thank you ..

Hi, I'm running the tool with --no-redirect parameter, however there is an info message:
[i] For better waf detection we recommend you to run with --no-redirect
in the output.

This is confusing. Was my parameter skipped for some reason?

Environment

• OS: Windows 10
• Python version 3.7
• Sitadel version

I have tested on my virtual environment with list of vulnerabilities such as XSS and SQLi. XSS is detect properly but SQLi is not detect. The vulnerability is simple to add quotation marks after ID such as localhost/xyz/catagory.php?id=23'

Also, I would like to add vulnerabilities and CVE in the tool.

[i] Checking common backup files..
Traceback (most recent call last):
File "sitadel.py", line 93, in
Sitadel().main()
File "sitadel.py", line 88, in main
self.ma.attacks(args.attack, self.url, discovered_urls)
File "/root/tools/Sitadel/lib/utils/manager.py", line 29, in attacks
Attacks(url, crawled_urls).run(plugins)
File "/root/tools/Sitadel/lib/modules/attacks/init.py", line 45, in run
raise (e)
File "/root/tools/Sitadel/lib/modules/attacks/init.py", line 39, in run
attacks = ([(p(), p().process(self.start_url, self.crawled_urls)) for p in AttackPlugin.plugins])
File "/root/tools/Sitadel/lib/modules/attacks/init.py", line 39, in
attacks = ([(p(), p().process(self.start_url, self.crawled_urls)) for p in AttackPlugin.plugins])
File "/root/tools/Sitadel/lib/modules/attacks/bruteforce/bfile.py", line 17, in process
dbfiles1 = [x for x in db1.readlines()]
File "/usr/lib64/python3.6/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 6559: ordinal not in range(128)

Specifically, the message is:

"Sitadel/lib/config/settings.py:48: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
config = yaml.load(yamlfile)

Thanks

Trying to run Sitadel. It's never run successfully for me. I get a stack trace (see below). I'm running python3 or 3.5. Same results with either version.
OS: DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="LXLE Eclectica 16.04.4 64-bit"
NAME="Ubuntu"
VERSION="16.04.4 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.4 LTS"

Here's the stack trace:
python3 sitadel.py --help
Traceback (most recent call last):
File "sitadel.py", line 17, in
from lib.utils import banner, manager, output, validator
File "/media/qwerty/OS/Linux/Dev/python-code/Sitadel/lib/utils/manager.py", line 3, in
from lib.modules.crawler.crawler import crawl
File "/media/qwerty/OS/Linux/Dev/python-code/Sitadel/lib/modules/crawler/crawler.py", line 3, in
import scrapy
File "/usr/local/lib/python3.5/dist-packages/Scrapy-1.5.1-py3.5.egg/scrapy/init.py", line 27, in
from . import _monkeypatches
File "/usr/local/lib/python3.5/dist-packages/Scrapy-1.5.1-py3.5.egg/scrapy/_monkeypatches.py", line 20, in
import twisted.persisted.styles # NOQA
File "/usr/local/lib/python3.5/dist-packages/Twisted-18.9.0-py3.5-linux-x86_64.egg/twisted/init.py", line 11, in
from twisted._version import version as version
File "/usr/local/lib/python3.5/dist-packages/Twisted-18.9.0-py3.5-linux-x86_64.egg/twisted/_version.py", line 8, in
from incremental import Version
ImportError: No module named 'incremental'

Thanks in Advance!

In the attack modules, we should do parallel requests to make it faster
Octopus library looks good

cara ambil log output bagimana ya ?
trims

I run python3 sitadel.py http://www.mijacllefia.org and, after launching attack modules and checking admin interfaces, it hangs at checking common backdoors: I've waited more than twenty minutes and it stills is there without showing anything more on screen.
Thanks.

hello. thank your for this project. I did a scan with sitadel for the target site. i did change xss.list.. The sitadel program tells me there is an xss vulnerability..sitadel does not show which xss payload it finds. There are 1500 xss loads in my payload list..How do we know which payload is correct?

it just shows an address like this.

That site is may be vulnerable to Cross Site Scripting (XSS) at https://example.com/category=5

how do we know which payload it uses?

How to calculate Low , medium , high of risk level ? i don't know sitadel where function return output .. thank you

Refactor the logging to use log handler to write to console and files