{"id":27611288,"url":"https://github.com/vmfunc/sif","last_synced_at":"2026-02-13T01:46:07.839Z","repository":{"id":194145575,"uuid":"686025131","full_name":"vmfunc/sif","owner":"vmfunc","description":"the blazing-fast pentesting suite.","archived":false,"fork":false,"pushed_at":"2026-02-08T20:49:29.000Z","size":2104,"stargazers_count":317,"open_issues_count":9,"forks_count":25,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-02-09T01:52:09.497Z","etag":null,"topics":["attack-surface","cve-scanner","cve-scanning","cybersecurity","directory-enumeration","dirlist","dns-enumeration","hacktoberfest","infosec","pentest","pentest-scripts","pentest-tool","pentesting","security","vulnerability-detection","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vmfunc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-09-01T14:58:27.000Z","updated_at":"2026-02-08T20:31:12.000Z","dependencies_parsed_at":null,"dependency_job_id":"79f94ef3-b1bc-49bd-a8f3-2a4ca0e3fd09","html_url":"https://github.com/vmfunc/sif","commit_stats":null,"previous_names":["dropalldatabases/sif","lunchcat/sif","vmfunc/sif"],"tags_count":50,"template":false,"template_full_name":null,"purl":"pkg:github/vmfunc/sif","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmfunc%2Fsif","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmfunc%2Fsif/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmfunc%2Fsif/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmfunc%2Fsif/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vmfunc","download_url":"https://codeload.github.com/vmfunc/sif/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmfunc%2Fsif/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29392103,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-13T00:53:09.511Z","status":"ssl_error","status_checked_at":"2026-02-13T00:53:09.126Z","response_time":55,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack-surface","cve-scanner","cve-scanning","cybersecurity","directory-enumeration","dirlist","dns-enumeration","hacktoberfest","infosec","pentest","pentest-scripts","pentest-tool","pentesting","security","vulnerability-detection","vulnerability-scanners"],"created_at":"2025-04-23T00:01:49.314Z","updated_at":"2026-02-13T01:46:07.835Z","avatar_url":"https://github.com/vmfunc.png","language":"Go","readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"assets/banner.png\" alt=\"sif\" width=\"600\"\u003e\n\n\u003cbr\u003e\u003cbr\u003e\n\n[![go version](https://img.shields.io/github/go-mod/go-version/vmfunc/sif?style=flat-square\u0026color=00ADD8)](https://go.dev/)\n[![build](https://img.shields.io/github/actions/workflow/status/vmfunc/sif/go.yml?style=flat-square)](https://github.com/vmfunc/sif/actions)\n[![license](https://img.shields.io/badge/license-BSD--3--Clause-blue?style=flat-square)](LICENSE)\n[![aur](https://img.shields.io/aur/version/sif?style=flat-square\u0026logo=archlinux\u0026logoColor=white\u0026color=1793D1)](https://aur.archlinux.org/packages/sif)\n[![nixpkgs](https://img.shields.io/badge/nixpkgs-sif-5277C3?style=flat-square\u0026logo=nixos\u0026logoColor=white)](https://search.nixos.org/packages?query=sif)\n[![homebrew](https://img.shields.io/badge/homebrew-tap-FBB040?style=flat-square\u0026logo=homebrew\u0026logoColor=white)](https://github.com/vmfunc/homebrew-sif)\n[![apt](https://img.shields.io/badge/apt-cloudsmith-2A5ADF?style=flat-square\u0026logo=debian\u0026logoColor=white)](https://cloudsmith.io/~sif/repos/deb/packages/)\n[![discord](https://img.shields.io/badge/discord-join-5865F2?style=flat-square\u0026logo=discord\u0026logoColor=white)](https://discord.gg/sifcli)\n\n**[install](#install) · [usage](#usage) · [modules](#modules) · [docs](docs/) · [contribute](#contribute)**\n\n\u003c/div\u003e\n\n---\n\n## what is sif?\n\nsif is a modular pentesting toolkit written in go. it's designed to be fast, concurrent, and extensible. run multiple scan types against targets with a single command.\n\n```bash\n./sif -u https://example.com -all\n```\n\n## install\n\n### homebrew (macos)\n\n```bash\nbrew tap vmfunc/sif\nbrew install sif\n```\n\n### arch linux (aur)\n\ninstall using your preferred aur helper:\n\n```bash\nyay -S sif\n# or\nparu -S sif\n```\n\n### nix\n\n```bash\n# nixpkgs (declarative — add to configuration.nix or home-manager)\nenvironment.systemPackages = [ pkgs.sif ];\n\n# or imperatively\nnix profile install nixpkgs#sif\n\n# or just run it without installing\nnix run nixpkgs#sif -- -u https://example.com -all\n```\n\nthe repo also ships a flake if you want to build from source:\n\n```bash\nnix run github:vmfunc/sif\n```\n\n### debian/ubuntu (apt)\n\n```bash\ncurl -1sLf 'https://dl.cloudsmith.io/public/sif/deb/setup.deb.sh' | sudo -E bash\nsudo apt-get install sif\n```\n\n### from releases\n\ngrab the latest binary from [releases](https://github.com/vmfunc/sif/releases).\n\n### from source\n\n```bash\ngit clone https://github.com/vmfunc/sif.git\ncd sif\nmake\n```\n\nrequires go 1.23+\n\n### aur (manual install)\n\n```bash\ngit clone https://aur.archlinux.org/sif.git\ncd sif\nmakepkg -si\n```\n\n## usage\n\n```bash\n# basic scan\n./sif -u https://example.com\n\n# directory fuzzing\n./sif -u https://example.com -dirlist medium\n\n# subdomain enumeration\n./sif -u https://example.com -dnslist medium\n\n# port scanning\n./sif -u https://example.com -ports common\n\n# javascript framework detection + cloud misconfig\n./sif -u https://example.com -js -c3\n\n# shodan host intelligence (requires SHODAN_API_KEY env var)\n./sif -u https://example.com -shodan\n\n# sql recon + lfi scanning\n./sif -u https://example.com -sql -lfi\n\n# framework detection (with cve lookup)\n./sif -u https://example.com -framework\n\n# everything\n./sif -u https://example.com -all\n```\n\nrun `./sif -h` for all options.\n\n## modules\n\nsif has a modular architecture. modules are defined in yaml and can be extended by users.\n\n### built-in scan flags\n\n| flag | description |\n|------|-------------|\n| `-dirlist` | directory and file fuzzing (small/medium/large) |\n| `-dnslist` | subdomain enumeration (small/medium/large) |\n| `-ports` | port scanning (common/full) |\n| `-nuclei` | vulnerability scanning with nuclei templates |\n| `-dork` | automated google dorking |\n| `-js` | javascript analysis |\n| `-c3` | cloud storage misconfiguration |\n| `-headers` | http header analysis |\n| `-st` | subdomain takeover detection |\n| `-cms` | cms detection |\n| `-whois` | whois lookups |\n| `-git` | exposed git repository detection |\n| `-shodan` | shodan lookup (requires SHODAN_API_KEY) |\n| `-sql` | sql recon |\n| `-lfi` | local file inclusion |\n| `-framework` | framework detection with cve lookup |\n\n### yaml modules\n\nlist available modules:\n\n```bash\n./sif -lm\n```\n\nrun specific modules:\n\n```bash\n# run by id\n./sif -u https://example.com -m sqli-error-based,xss-reflected\n\n# run by tag\n./sif -u https://example.com -mt owasp-top10\n\n# run all modules\n./sif -u https://example.com -am\n```\n\n### custom modules\n\ncreate your own modules in `~/.config/sif/modules/`. modules use a yaml format similar to nuclei templates:\n\n```yaml\nid: my-custom-check\ninfo:\n  name: my custom security check\n  author: you\n  severity: medium\n  description: checks for something specific\n  tags: [custom, recon]\n\ntype: http\n\nhttp:\n  method: GET\n  paths:\n    - \"{{BaseURL}}/admin\"\n    - \"{{BaseURL}}/login\"\n\n  matchers:\n    - type: status\n      status:\n        - 200\n\n    - type: word\n      part: body\n      words:\n        - \"admin panel\"\n        - \"login\"\n      condition: or\n```\n\nsee [docs/modules.md](docs/modules.md) for the full module format.\n\n## contribute\n\ncontributions welcome. see [contributing.md](CONTRIBUTING.md) for guidelines.\n\n```bash\n# format\ngofmt -w .\n\n# lint\ngolangci-lint run\n\n# test\ngo test ./...\n```\n\n## community\n\njoin our discord for support, feature discussions, and pentesting tips:\n\n[![discord](https://img.shields.io/badge/join%20our%20discord-5865F2?style=for-the-badge\u0026logo=discord\u0026logoColor=white)](https://discord.gg/sifcli)\n\n## contributors\n\n\u003c!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section --\u003e\n\u003c!-- prettier-ignore-start --\u003e\n\u003c!-- markdownlint-disable --\u003e\n\u003ctable\u003e\n  \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://vmfunc.re\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/59031302?v=4?s=100\" width=\"100px;\" alt=\"Celeste Hickenlooper\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eCeleste Hickenlooper\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"#maintenance-vmfunc\" title=\"Maintenance\"\u003e🚧\u003c/a\u003e \u003ca href=\"#mentoring-vmfunc\" title=\"Mentoring\"\u003e🧑‍🏫\u003c/a\u003e \u003ca href=\"#projectManagement-vmfunc\" title=\"Project Management\"\u003e📆\u003c/a\u003e \u003ca href=\"#security-vmfunc\" title=\"Security\"\u003e🛡️\u003c/a\u003e \u003ca href=\"https://github.com/lunchcat/sif/commits?author=vmfunc\" title=\"Code\"\u003e💻\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://projectdiscovery.io\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/50994705?v=4?s=100\" width=\"100px;\" alt=\"ProjectDiscovery\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eProjectDiscovery\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"#platform-projectdiscovery\" title=\"Packaging/porting to new platform\"\u003e📦\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/macdoos\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/127897805?v=4?s=100\" width=\"100px;\" alt=\"macdoos\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003emacdoos\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/lunchcat/sif/commits?author=macdoos\" title=\"Code\"\u003e💻\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://epitech.eu\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/75166283?v=4?s=100\" width=\"100px;\" alt=\"Matthieu Witrowiez\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eMatthieu Witrowiez\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"#ideas-D3adPlays\" title=\"Ideas, Planning, \u0026 Feedback\"\u003e🤔\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/tessa-u-k\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/109355732?v=4?s=100\" width=\"100px;\" alt=\"tessa \"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003etessa \u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"#infra-tessa-u-k\" title=\"Infrastructure (Hosting, Build-Tools, etc)\"\u003e🚇\u003c/a\u003e \u003ca href=\"#question-tessa-u-k\" title=\"Answering Questions\"\u003e💬\u003c/a\u003e \u003ca href=\"#userTesting-tessa-u-k\" title=\"User Testing\"\u003e📓\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/xyzeva\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/133499694?v=4?s=100\" width=\"100px;\" alt=\"Eva\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eEva\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"#blog-xyzeva\" title=\"Blogposts\"\u003e📝\u003c/a\u003e \u003ca href=\"#content-xyzeva\" title=\"Content\"\u003e🖋\u003c/a\u003e \u003ca href=\"#research-xyzeva\" title=\"Research\"\u003e🔬\u003c/a\u003e \u003ca href=\"#security-xyzeva\" title=\"Security\"\u003e🛡️\u003c/a\u003e \u003ca href=\"https://github.com/lunchcat/sif/commits?author=xyzeva\" title=\"Tests\"\u003e⚠️\u003c/a\u003e \u003ca href=\"https://github.com/lunchcat/sif/commits?author=xyzeva\" title=\"Code\"\u003e💻\u003c/a\u003e\u003c/td\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/vxfemboy\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/79362520?v=4?s=100\" width=\"100px;\" alt=\"Zoa Hickenlooper\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eZoa Hickenlooper\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"https://github.com/lunchcat/sif/commits?author=vxfemboy\" title=\"Code\"\u003e💻\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd align=\"center\" valign=\"top\" width=\"14.28%\"\u003e\u003ca href=\"https://github.com/0xatrilla\"\u003e\u003cimg src=\"https://avatars.githubusercontent.com/u/107285362?v=4?s=100\" width=\"100px;\" alt=\"acxtrilla\"/\u003e\u003cbr /\u003e\u003csub\u003e\u003cb\u003eacxtrilla\u003c/b\u003e\u003c/sub\u003e\u003c/a\u003e\u003cbr /\u003e\u003ca href=\"#platform-0xatrilla\" title=\"Packaging/porting to new platform\"\u003e📦\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n\u003c!-- markdownlint-restore --\u003e\n\u003c!-- prettier-ignore-end --\u003e\n\n\u003c!-- ALL-CONTRIBUTORS-LIST:END --\u003e\n\n## acknowledgements\n\n- [projectdiscovery](https://projectdiscovery.io/) for nuclei and other security tools\n- [shodan](https://www.shodan.io/) for infrastructure intelligence\n\n---\n\n\u003cdiv align=\"center\"\u003e\n  \u003csub\u003ebsd 3-clause license · made by vmfunc, xyzeva, and contributors\u003c/sub\u003e\n\u003c/div\u003e\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmfunc%2Fsif","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvmfunc%2Fsif","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmfunc%2Fsif/lists"}