Skip to content

Latest commit

 

History

History
279 lines (235 loc) · 11.2 KB

README.md

File metadata and controls

279 lines (235 loc) · 11.2 KB


🏴‍☠️ Information Gathering tool 🏴‍☠️ - DNS / Subdomains / Ports / Directories enumeration

go-report-card workflows
Coded with 💙 by edoardottt
Share on Twitter!

InstallGet StartedExamplesChangelogContributingLicense

Installation 📡

Homebrew

brew install scilla

Snap

sudo snap install scilla

Go

go install -v github.com/edoardottt/scilla/cmd/scilla@latest

Building from source

You need Go.

  • Linux

    • git clone https://github.com/edoardottt/scilla.git
    • cd scilla
    • make linux (to install)
    • Edit the ~/.config/scilla/keys.yaml file if you want to use API keys
    • make unlinux (to uninstall)
  • Windows (executable works only in scilla folder. Alias?)

    • git clone https://github.com/edoardottt/scilla.git
    • cd scilla
    • .\make.bat windows (to install)
    • Create a keys.yaml file if you want to use api keys
    • .\make.bat unwindows (to uninstall)

Using Docker

docker build -t scilla .
docker run scilla help

Get Started 🎉

scilla help prints the help in the command line.

usage: scilla subcommand { options }

   Available subcommands:
       - dns [-oj JSON output file]
             [-oh HTML output file]
             [-ot TXT output file]
             [-plain Print only results]
             -target <target (URL/IP)> REQUIRED
       - port [-p <start-end> or ports divided by comma]
              [-oj JSON output file]
              [-oh HTML output file]
              [-ot TXT output file]
              [-common scan common ports]
              [-plain Print only results]
              -target <target (URL/IP)> REQUIRED
       - subdomain [-w wordlist]
                   [-oj JSON output file]
                   [-oh HTML output file]
                   [-ot TXT output file]
                   [-i ignore status codes]
                   [-c use also a web crawler]
                   [-db use also a public database]
                   [-plain Print only results]
                   [-db -no-check Don't check status codes for subdomains]
                   [-db -vt Use VirusTotal as subdomains source]
                   [-db -bw Use BuiltWith as subdomains source]
                   [-ua Set the User Agent]
                   [-rua Generate a random user agent for each request]
                   [-dns Set DNS IP to resolve the subdomains]
                   [-alive Check also if the subdomains are alive]
                   -target <target (URL)> REQUIRED
       - dir [-w wordlist]
             [-oj JSON output file]
             [-oh HTML output file]
             [-ot TXT output file]
             [-i ignore status codes]
             [-c use also a web crawler]
             [-plain Print only results]
             [-nr No follow redirects]
             [-ua Set the User Agent]
             [-rua Generate a random user agent for each request]
             -target <target (URL/IP)> REQUIRED
       - report [-p <start-end> or ports divided by comma]
                [-ws subdomains wordlist]
                [-wd directories wordlist]
                [-oj JSON output file]
                [-oh HTML output file]
                [-ot TXT output file]
                [-id ignore status codes in directories scanning]
                [-is ignore status codes in subdomains scanning]
                [-cd use also a web crawler for directories scanning]
                [-cs use also a web crawler for subdomains scanning]
                [-db use also a public database for subdomains scanning]
                [-common scan common ports]
                [-nr No follow redirects]
                [-db -vt Use VirusTotal as subdomains source]
                [-ua Set the User Agent]
                [-rua Generate a random user agent for each request]
                [-dns Set DNS IP to resolve the subdomains]
                [-alive Check also if the subdomains are alive]
                -target <target (URL)> REQUIRED
       - help
       - examples

Examples 💡

  • DNS enumeration:

    • scilla dns -target target.domain
    • scilla dns -oj output -target target.domain
    • scilla dns -oh output -target target.domain
    • scilla dns -ot output -target target.domain
    • scilla dns -plain -target target.domain
  • Subdomains enumeration:

    • scilla subdomain -target target.domain
    • scilla subdomain -w wordlist.txt -target target.domain
    • scilla subdomain -oj output -target target.domain
    • scilla subdomain -oh output -target target.domain
    • scilla subdomain -ot output -target target.domain
    • scilla subdomain -i 400 -target target.domain
    • scilla subdomain -i 4** -target target.domain
    • scilla subdomain -c -target target.domain
    • scilla subdomain -db -target target.domain
    • scilla subdomain -plain -target target.domain
    • scilla subdomain -db -no-check -target target.domain
    • scilla subdomain -db -vt -target target.domain
    • scilla subdomain -db -bw -target target.domain
    • scilla subdomain -ua "CustomUA" -target target.domain
    • scilla subdomain -rua -target target.domain
    • scilla subdomain -dns 8.8.8.8 -target target.domain
    • scilla subdomain -alive -target target.domain
  • Directories enumeration:

    • scilla dir -target target.domain
    • scilla dir -w wordlist.txt -target target.domain
    • scilla dir -oj output -target target.domain
    • scilla dir -oh output -target target.domain
    • scilla dir -ot output -target target.domain
    • scilla dir -i 500,401 -target target.domain
    • scilla dir -i 5**,401 -target target.domain
    • scilla dir -c -target target.domain
    • scilla dir -plain -target target.domain
    • scilla dir -nr -target target.domain
    • scilla dir -ua "CustomUA" -target target.domain
    • scilla dir -rua -target target.domain
  • Ports enumeration:

    • Default (all ports, so 1-65635) scilla port -target target.domain
    • Specifying ports range scilla port -p 20-90 -target target.domain
    • Specifying starting port (until the last one) scilla port -p 20- -target target.domain
    • Specifying ending port (from the first one) scilla port -p -90 -target target.domain
    • Specifying single port scilla port -p 80 -target target.domain
    • Specifying output format (json)scilla port -oj output -target target.domain
    • Specifying output format (html)scilla port -oh output -target target.domain
    • Specifying output format (txt)scilla port -ot output -target target.domain
    • Specifying multiple ports scilla port -p 21,25,80 -target target.domain
    • Specifying common ports scilla port -common -target target.domain
    • Print only results scilla port -plain -target target.domain
  • Full report:

    • Default (all ports, so 1-65635) scilla report -target target.domain
    • Specifying ports range scilla report -p 20-90 -target target.domain
    • Specifying starting port (until the last one) scilla report -p 20- -target target.domain
    • Specifying ending port (from the first one) scilla report -p -90 -target target.domain
    • Specifying single port scilla report -p 80 -target target.domain
    • Specifying output format (json)scilla report -oj output -target target.domain
    • Specifying output format (html)scilla report -oh output -target target.domain
    • Specifying output format (txt)scilla report -ot output -target target.domain
    • Specifying directories wordlist scilla report -wd dirs.txt -target target.domain
    • Specifying subdomains wordlist scilla report -ws subdomains.txt -target target.domain
    • Specifying status codes to be ignored in directories scanning scilla report -id 500,501,502 -target target.domain
    • Specifying status codes to be ignored in subdomains scanning scilla report -is 500,501,502 -target target.domain
    • Specifying status codes classes to be ignored in directories scanning scilla report -id 5**,4** -target target.domain
    • Specifying status codes classes to be ignored in subdomains scanning scilla report -is 5**,4** -target target.domain
    • Use also a web crawler for directories enumeration scilla report -cd -target target.domain
    • Use also a web crawler for subdomains enumeration scilla report -cs -target target.domain
    • Use also a public database for subdomains enumeration scilla report -db -target target.domain
    • Specifying multiple ports scilla report -p 21,25,80 -target target.domain
    • Specifying common ports scilla report -common -target target.domain
    • No follow redirects scilla report -nr -target target.domain
    • Use VirusTotal as subdomains source scilla report -db -vt -target target.domain
    • Set the User Agent scilla report -ua "CustomUA" -target target.domain
    • Generate a random user agent for each request scilla report -rua -target target.domain
    • Set DNS IP to resolve the subdomains scilla report -dns 8.8.8.8 -target target.domain
    • Check also if the subdomains are alive scilla report -alive -target target.domain

Changelog 📌

Detailed changes for each release are documented in the release notes.

Contributing 🛠

Just open an issue / pull request.

Before opening a pull request, download golangci-lint and run

golangci-lint run

If there aren't errors, go ahead :)

To do:

  • Add more tests

  • Tor support

  • Proxy support

In the news 📰

License 📝

This repository is under GNU General Public License v3.0.
edoardottt.com to contact me.