🏴☠️ Information Gathering tool 🏴☠️ - DNS / Subdomains / Ports / Directories enumeration
Coded with 💙 by edoardottt
Share on Twitter!
Install • Get Started • Examples • Changelog • Contributing • License
brew install scilla
sudo snap install scilla
go install -v github.com/edoardottt/scilla/cmd/scilla@latest
You need Go.
-
Linux
git clone https://github.com/edoardottt/scilla.git
cd scilla
make linux
(to install)- Edit the
~/.config/scilla/keys.yaml
file if you want to use API keys make unlinux
(to uninstall)
-
Windows (executable works only in scilla folder. Alias?)
git clone https://github.com/edoardottt/scilla.git
cd scilla
.\make.bat windows
(to install)- Create a
keys.yaml
file if you want to use api keys .\make.bat unwindows
(to uninstall)
docker build -t scilla .
docker run scilla help
scilla help
prints the help in the command line.
usage: scilla subcommand { options }
Available subcommands:
- dns [-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-plain Print only results]
-target <target (URL/IP)> REQUIRED
- port [-p <start-end> or ports divided by comma]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-common scan common ports]
[-plain Print only results]
-target <target (URL/IP)> REQUIRED
- subdomain [-w wordlist]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-i ignore status codes]
[-c use also a web crawler]
[-db use also a public database]
[-plain Print only results]
[-db -no-check Don't check status codes for subdomains]
[-db -vt Use VirusTotal as subdomains source]
[-db -bw Use BuiltWith as subdomains source]
[-ua Set the User Agent]
[-rua Generate a random user agent for each request]
[-dns Set DNS IP to resolve the subdomains]
[-alive Check also if the subdomains are alive]
-target <target (URL)> REQUIRED
- dir [-w wordlist]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-i ignore status codes]
[-c use also a web crawler]
[-plain Print only results]
[-nr No follow redirects]
[-ua Set the User Agent]
[-rua Generate a random user agent for each request]
-target <target (URL/IP)> REQUIRED
- report [-p <start-end> or ports divided by comma]
[-ws subdomains wordlist]
[-wd directories wordlist]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-id ignore status codes in directories scanning]
[-is ignore status codes in subdomains scanning]
[-cd use also a web crawler for directories scanning]
[-cs use also a web crawler for subdomains scanning]
[-db use also a public database for subdomains scanning]
[-common scan common ports]
[-nr No follow redirects]
[-db -vt Use VirusTotal as subdomains source]
[-ua Set the User Agent]
[-rua Generate a random user agent for each request]
[-dns Set DNS IP to resolve the subdomains]
[-alive Check also if the subdomains are alive]
-target <target (URL)> REQUIRED
- help
- examples
-
DNS enumeration:
scilla dns -target target.domain
scilla dns -oj output -target target.domain
scilla dns -oh output -target target.domain
scilla dns -ot output -target target.domain
scilla dns -plain -target target.domain
-
Subdomains enumeration:
scilla subdomain -target target.domain
scilla subdomain -w wordlist.txt -target target.domain
scilla subdomain -oj output -target target.domain
scilla subdomain -oh output -target target.domain
scilla subdomain -ot output -target target.domain
scilla subdomain -i 400 -target target.domain
scilla subdomain -i 4** -target target.domain
scilla subdomain -c -target target.domain
scilla subdomain -db -target target.domain
scilla subdomain -plain -target target.domain
scilla subdomain -db -no-check -target target.domain
scilla subdomain -db -vt -target target.domain
scilla subdomain -db -bw -target target.domain
scilla subdomain -ua "CustomUA" -target target.domain
scilla subdomain -rua -target target.domain
scilla subdomain -dns 8.8.8.8 -target target.domain
scilla subdomain -alive -target target.domain
-
Directories enumeration:
scilla dir -target target.domain
scilla dir -w wordlist.txt -target target.domain
scilla dir -oj output -target target.domain
scilla dir -oh output -target target.domain
scilla dir -ot output -target target.domain
scilla dir -i 500,401 -target target.domain
scilla dir -i 5**,401 -target target.domain
scilla dir -c -target target.domain
scilla dir -plain -target target.domain
scilla dir -nr -target target.domain
scilla dir -ua "CustomUA" -target target.domain
scilla dir -rua -target target.domain
-
Ports enumeration:
- Default (all ports, so 1-65635)
scilla port -target target.domain
- Specifying ports range
scilla port -p 20-90 -target target.domain
- Specifying starting port (until the last one)
scilla port -p 20- -target target.domain
- Specifying ending port (from the first one)
scilla port -p -90 -target target.domain
- Specifying single port
scilla port -p 80 -target target.domain
- Specifying output format (json)
scilla port -oj output -target target.domain
- Specifying output format (html)
scilla port -oh output -target target.domain
- Specifying output format (txt)
scilla port -ot output -target target.domain
- Specifying multiple ports
scilla port -p 21,25,80 -target target.domain
- Specifying common ports
scilla port -common -target target.domain
- Print only results
scilla port -plain -target target.domain
- Default (all ports, so 1-65635)
-
Full report:
- Default (all ports, so 1-65635)
scilla report -target target.domain
- Specifying ports range
scilla report -p 20-90 -target target.domain
- Specifying starting port (until the last one)
scilla report -p 20- -target target.domain
- Specifying ending port (from the first one)
scilla report -p -90 -target target.domain
- Specifying single port
scilla report -p 80 -target target.domain
- Specifying output format (json)
scilla report -oj output -target target.domain
- Specifying output format (html)
scilla report -oh output -target target.domain
- Specifying output format (txt)
scilla report -ot output -target target.domain
- Specifying directories wordlist
scilla report -wd dirs.txt -target target.domain
- Specifying subdomains wordlist
scilla report -ws subdomains.txt -target target.domain
- Specifying status codes to be ignored in directories scanning
scilla report -id 500,501,502 -target target.domain
- Specifying status codes to be ignored in subdomains scanning
scilla report -is 500,501,502 -target target.domain
- Specifying status codes classes to be ignored in directories scanning
scilla report -id 5**,4** -target target.domain
- Specifying status codes classes to be ignored in subdomains scanning
scilla report -is 5**,4** -target target.domain
- Use also a web crawler for directories enumeration
scilla report -cd -target target.domain
- Use also a web crawler for subdomains enumeration
scilla report -cs -target target.domain
- Use also a public database for subdomains enumeration
scilla report -db -target target.domain
- Specifying multiple ports
scilla report -p 21,25,80 -target target.domain
- Specifying common ports
scilla report -common -target target.domain
- No follow redirects
scilla report -nr -target target.domain
- Use VirusTotal as subdomains source
scilla report -db -vt -target target.domain
- Set the User Agent
scilla report -ua "CustomUA" -target target.domain
- Generate a random user agent for each request
scilla report -rua -target target.domain
- Set DNS IP to resolve the subdomains
scilla report -dns 8.8.8.8 -target target.domain
- Check also if the subdomains are alive
scilla report -alive -target target.domain
- Default (all ports, so 1-65635)
Detailed changes for each release are documented in the release notes.
Just open an issue / pull request.
Before opening a pull request, download golangci-lint and run
golangci-lint run
If there aren't errors, go ahead :)
To do:
-
Add more tests
-
Tor support
-
Proxy support
This repository is under GNU General Public License v3.0.
edoardottt.com to contact me.