SiteBroker – Website Penetration Testing Framework

Information gathering and penetration testing is becoming more and more automated using a predefined scripts and tools. If you are looking to test web application you can check SiteBroker.

This tool is a framework with several module to run security assessment against online resources. at the moment the tool allow to make the following tests:

  1. Cloudflare Bypass.
  2. Website Crawler.
    |____ Google Based Crawling
    |____ Bing Based Crawling
    |____ Manually Crawling
  3. Reverse IP.
    |____ YouGetSignal Based
    |____ HackerTarget’s API Based
  4.  Information Gathering.
    |____ Whois Lookup
    |____ BrowserSpy Report
  5. Nameservers.
  6. WebSite Speed.
  7. Subdomains Scanner
  8. Shell Finder.
  9. Admin Panel Finder.
  10. Grab Banner.
  11. All Things.

All the listed options are general module that allow to just initiate the testing so will not run a deep scan or vulnerability scanning. Once the user have the different finding he will be able to make further testing against the target subdomains , IP addresses and identified services.

The good addition on SiteBroker is collecting the information from Google, Bing or YouGetSignal which will make a reverse IP lookup to find all associated hostname/IP.  This will be useful on the shared hostage for example when the user purchased a shared IP and on the same IP several services. With this option any unpatched vulnerability on the remote service will allow attacker to have a full access to the target.

You can read more and download the tool over here:

Notify of
Inline Feedbacks
View all comments