Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/edoardottt/scilla

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
https://github.com/edoardottt/scilla

bugbounty directories-enumeration dns-enumeration enumeration hacking hacking-tool hacktoberfest information-gathering information-retrieval network penetration-testing pentesting port-enumeration portscanner recon reconnaissance security security-tools subdomain-scanner subdomains-enumeration

Last synced: about 2 months ago
JSON representation

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

Host: GitHub
URL: https://github.com/edoardottt/scilla
Owner: edoardottt
License: gpl-3.0
Created: 2020-09-26T10:36:09.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2024-06-02T08:39:33.000Z (4 months ago)
Last Synced: 2024-07-19T23:23:18.125Z (about 2 months ago)
Topics: bugbounty, directories-enumeration, dns-enumeration, enumeration, hacking, hacking-tool, hacktoberfest, information-gathering, information-retrieval, network, penetration-testing, pentesting, port-enumeration, portscanner, recon, reconnaissance, security, security-tools, subdomain-scanner, subdomains-enumeration
Language: Go
Homepage: https://edoardoottavianelli.it
Size: 31.4 MB
Stars: 886
Watchers: 22
Forks: 113
Open Issues: 8
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

project-awesome - edoardottt/scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration (Go)
awesome-bugbounty-tools - scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration (Recon / Subdomain Enumeration)
WebHackersWeapons - scilla
awesome-hacking-lists - edoardottt/scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration (Go)
StarryDivineSky - edoardottt/scilla - DNS / 子域 / 端口 / 目录枚举 (扫描器、资产收集、子域名 / 网络服务_其他)

README

🏴‍☠️ Information Gathering tool 🏴‍☠️ - DNS / Subdomains / Ports / Directories enumeration

_{Coded with 💙 by edoardottt}

Share on Twitter!

Install •
Get Started •
Examples •
Changelog •
Contributing •
License

Installation 📡
----------

### Homebrew
```console
brew install scilla
```

### Snap
```console
sudo snap install scilla
```

### Go
```console
go install -v github.com/edoardottt/scilla/cmd/scilla@latest
```

### Building from source

You need [Go](https://golang.org/).

- **Linux**

- `git clone https://github.com/edoardottt/scilla.git`
- `cd scilla`
- `make linux` (to install)
- Edit the `~/.config/scilla/keys.yaml` file if you want to use API keys
- `make unlinux` (to uninstall)

- **Windows** (executable works only in scilla folder. [Alias?](https://github.com/edoardottt/scilla/issues/10))

- `git clone https://github.com/edoardottt/scilla.git`
- `cd scilla`
- `.\make.bat windows` (to install)
- Create a `keys.yaml` file if you want to use api keys
- `.\make.bat unwindows` (to uninstall)

### Using Docker

```shell
docker build -t scilla .
docker run scilla help
```

Get Started 🎉
----------

`scilla help` prints the help in the command line.

```
usage: scilla subcommand { options }

Available subcommands:
- dns [-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-plain Print only results]
-target REQUIRED
- port [-p or ports divided by comma]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-common scan common ports]
[-plain Print only results]
-target REQUIRED
- subdomain [-w wordlist]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-i ignore status codes]
[-c use also a web crawler]
[-db use also a public database]
[-plain Print only results]
[-db -no-check Don't check status codes for subdomains]
[-db -vt Use VirusTotal as subdomains source]
[-db -bw Use BuiltWith as subdomains source]
[-ua Set the User Agent]
[-rua Generate a random user agent for each request]
[-dns Set DNS IP to resolve the subdomains]
[-alive Check also if the subdomains are alive]
-target REQUIRED
- dir [-w wordlist]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-i ignore status codes]
[-c use also a web crawler]
[-plain Print only results]
[-nr No follow redirects]
[-ua Set the User Agent]
[-rua Generate a random user agent for each request]
-target REQUIRED
- report [-p or ports divided by comma]
[-ws subdomains wordlist]
[-wd directories wordlist]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-id ignore status codes in directories scanning]
[-is ignore status codes in subdomains scanning]
[-cd use also a web crawler for directories scanning]
[-cs use also a web crawler for subdomains scanning]
[-db use also a public database for subdomains scanning]
[-common scan common ports]
[-nr No follow redirects]
[-db -vt Use VirusTotal as subdomains source]
[-ua Set the User Agent]
[-rua Generate a random user agent for each request]
[-dns Set DNS IP to resolve the subdomains]
[-alive Check also if the subdomains are alive]
-target REQUIRED
- help
- examples
```

Examples 💡
----------

- DNS enumeration:

- `scilla dns -target target.domain`
- `scilla dns -oj output -target target.domain`
- `scilla dns -oh output -target target.domain`
- `scilla dns -ot output -target target.domain`
- `scilla dns -plain -target target.domain`

- Subdomains enumeration:

- `scilla subdomain -target target.domain`
- `scilla subdomain -w wordlist.txt -target target.domain`
- `scilla subdomain -oj output -target target.domain`
- `scilla subdomain -oh output -target target.domain`
- `scilla subdomain -ot output -target target.domain`
- `scilla subdomain -i 400 -target target.domain`
- `scilla subdomain -i 4** -target target.domain`
- `scilla subdomain -c -target target.domain`
- `scilla subdomain -db -target target.domain`
- `scilla subdomain -plain -target target.domain`
- `scilla subdomain -db -no-check -target target.domain`
- `scilla subdomain -db -vt -target target.domain`
- `scilla subdomain -db -bw -target target.domain`
- `scilla subdomain -ua "CustomUA" -target target.domain`
- `scilla subdomain -rua -target target.domain`
- `scilla subdomain -dns 8.8.8.8 -target target.domain`
- `scilla subdomain -alive -target target.domain`

- Directories enumeration:

- `scilla dir -target target.domain`
- `scilla dir -w wordlist.txt -target target.domain`
- `scilla dir -oj output -target target.domain`
- `scilla dir -oh output -target target.domain`
- `scilla dir -ot output -target target.domain`
- `scilla dir -i 500,401 -target target.domain`
- `scilla dir -i 5**,401 -target target.domain`
- `scilla dir -c -target target.domain`
- `scilla dir -plain -target target.domain`
- `scilla dir -nr -target target.domain`
- `scilla dir -ua "CustomUA" -target target.domain`
- `scilla dir -rua -target target.domain`

- Ports enumeration:

- Default (all ports, so 1-65635) `scilla port -target target.domain`
- Specifying ports range `scilla port -p 20-90 -target target.domain`
- Specifying starting port (until the last one) `scilla port -p 20- -target target.domain`
- Specifying ending port (from the first one) `scilla port -p -90 -target target.domain`
- Specifying single port `scilla port -p 80 -target target.domain`
- Specifying output format (json)`scilla port -oj output -target target.domain`
- Specifying output format (html)`scilla port -oh output -target target.domain`
- Specifying output format (txt)`scilla port -ot output -target target.domain`
- Specifying multiple ports `scilla port -p 21,25,80 -target target.domain`
- Specifying common ports `scilla port -common -target target.domain`
- Print only results `scilla port -plain -target target.domain`

- Full report:

- Default (all ports, so 1-65635) `scilla report -target target.domain`
- Specifying ports range `scilla report -p 20-90 -target target.domain`
- Specifying starting port (until the last one) `scilla report -p 20- -target target.domain`
- Specifying ending port (from the first one) `scilla report -p -90 -target target.domain`
- Specifying single port `scilla report -p 80 -target target.domain`
- Specifying output format (json)`scilla report -oj output -target target.domain`
- Specifying output format (html)`scilla report -oh output -target target.domain`
- Specifying output format (txt)`scilla report -ot output -target target.domain`
- Specifying directories wordlist `scilla report -wd dirs.txt -target target.domain`
- Specifying subdomains wordlist `scilla report -ws subdomains.txt -target target.domain`
- Specifying status codes to be ignored in directories scanning `scilla report -id 500,501,502 -target target.domain`
- Specifying status codes to be ignored in subdomains scanning `scilla report -is 500,501,502 -target target.domain`
- Specifying status codes classes to be ignored in directories scanning `scilla report -id 5**,4** -target target.domain`
- Specifying status codes classes to be ignored in subdomains scanning `scilla report -is 5**,4** -target target.domain`
- Use also a web crawler for directories enumeration `scilla report -cd -target target.domain`
- Use also a web crawler for subdomains enumeration `scilla report -cs -target target.domain`
- Use also a public database for subdomains enumeration `scilla report -db -target target.domain`
- Specifying multiple ports `scilla report -p 21,25,80 -target target.domain`
- Specifying common ports `scilla report -common -target target.domain`
- No follow redirects `scilla report -nr -target target.domain`
- Use VirusTotal as subdomains source `scilla report -db -vt -target target.domain`
- Set the User Agent `scilla report -ua "CustomUA" -target target.domain`
- Generate a random user agent for each request `scilla report -rua -target target.domain`
- Set DNS IP to resolve the subdomains `scilla report -dns 8.8.8.8 -target target.domain`
- Check also if the subdomains are alive `scilla report -alive -target target.domain`

Changelog 📌
-------

Detailed changes for each release are documented in the [release notes](https://github.com/edoardottt/scilla/releases).

Contributing 🛠
-------

Just open an [issue](https://github.com/edoardottt/scilla/issues) / [pull request](https://github.com/edoardottt/scilla/pulls).

Before opening a pull request, download [golangci-lint](https://golangci-lint.run/usage/install/) and run

```bash
golangci-lint run
```

If there aren't errors, go ahead :)

**To do:**

- [ ] Add more tests

- [ ] Tor support

- [ ] Proxy support

In the news 📰
-------

- [Kali Linux Tutorials](https://kalilinuxtutorials.com/scilla/)
- [GeeksForGeeks.org](https://www.geeksforgeeks.org/scilla-information-gathering-dns-subdomain-port-enumeration/)
- [Brisk Infosec](https://www.briskinfosec.com/tooloftheday/toolofthedaydetail/Scilla)
- [Kalitut](https://kalitut.com/scilla-nformation-gathering-tool/)

License 📝
-------

This repository is under [GNU General Public License v3.0](https://github.com/edoardottt/scilla/blob/main/LICENSE).
[edoardoottavianelli.it](https://www.edoardoottavianelli.it) to contact me.