https://github.com/edoardottt/scilla

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
https://github.com/edoardottt/scilla

bugbounty directories-enumeration dns-enumeration enumeration hacking hacking-tool hacktoberfest information-gathering information-retrieval network penetration-testing pentesting port-enumeration portscanner recon reconnaissance security security-tools subdomain-scanner subdomains-enumeration

Last synced: 5 months ago
JSON representation

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

Host: GitHub
URL: https://github.com/edoardottt/scilla
Owner: edoardottt
License: gpl-3.0
Created: 2020-09-26T10:36:09.000Z (about 5 years ago)
Default Branch: main
Last Pushed: 2025-05-08T09:02:30.000Z (6 months ago)
Last Synced: 2025-05-14T19:08:03.354Z (5 months ago)
Topics: bugbounty, directories-enumeration, dns-enumeration, enumeration, hacking, hacking-tool, hacktoberfest, information-gathering, information-retrieval, network, penetration-testing, pentesting, port-enumeration, portscanner, recon, reconnaissance, security, security-tools, subdomain-scanner, subdomains-enumeration
Language: Go
Homepage: https://edoardottt.com/
Size: 31.5 MB
Stars: 1,008
Watchers: 21
Forks: 124
Open Issues: 8
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

awesome-bugbounty-tools - scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration (Recon / Subdomain Enumeration)
WebHackersWeapons - scilla
awesome-hacking-lists - edoardottt/scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration (Go)
StarryDivineSky - edoardottt/scilla - DNS / 子域 / 端口 / 目录枚举 (扫描器、资产收集、子域名 / 网络服务_其他)
awesome-starts - edoardottt/scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration (security-tools)

README

🏴‍☠️ Information Gathering tool 🏴‍☠️ - DNS / Subdomains / Ports / Directories enumeration

_{Coded with 💙 by edoardottt}

Share on Twitter!

Install •
Get Started •
Examples •
Changelog •
Contributing •
License

Installation 📡
----------

### Homebrew

```console
brew install scilla
```

### Snap

```console
sudo snap install scilla
```

### Golang

```console
go install -v github.com/edoardottt/scilla/cmd/scilla@latest
```

### Building from source

You need [Go](https://go.dev/) (>=1.23)

Building from source for Linux and Windows

#### Linux

```console
git clone https://github.com/edoardottt/scilla.git
cd scilla
go get ./...
make linux # (to install)
make unlinux # (to uninstall)
```

Edit the `~/.config/scilla/keys.yaml` file if you want to use API keys.

One-liner: `git clone https://github.com/edoardottt/scilla.git && cd scilla && go get ./... && make linux`

#### Windows

Note that the executable works only in cariddi folder ([Alias?](https://github.com/edoardottt/scilla/issues/10)).

```console
git clone https://github.com/edoardottt/scilla.git
cd scilla
.\make.bat windows # (to install)
.\make.bat unwindows # (to uninstall)
```

Create a `keys.yaml` file if you want to use API keys.

### Using Docker

```shell
docker build -t scilla .
docker run scilla help
```

Examples 💡
----------

- DNS enumeration:

- `scilla dns -target example.com`
- `scilla dns -oj output -target example.com`
- `scilla dns -oh output -target example.com`
- `scilla dns -ot output -target example.com`
- `scilla dns -plain -target example.com`

- Subdomains enumeration:

- `scilla subdomain -target example.com`
- `scilla subdomain -w wordlist.txt -target example.com`
- `scilla subdomain -oj output -target example.com`
- `scilla subdomain -oh output -target example.com`
- `scilla subdomain -ot output -target example.com`
- `scilla subdomain -i 400 -target example.com`
- `scilla subdomain -i 4** -target example.com`
- `scilla subdomain -c -target example.com`
- `scilla subdomain -db -target example.com`
- `scilla subdomain -plain -target example.com`
- `scilla subdomain -db -no-check -target example.com`
- `scilla subdomain -db -vt -target example.com`
- `scilla subdomain -db -bw -target example.com`
- `scilla subdomain -ua "CustomUA" -target example.com`
- `scilla subdomain -rua -target example.com`
- `scilla subdomain -dns 8.8.8.8 -target example.com`
- `scilla subdomain -alive -target example.com`

- Directories enumeration:

- `scilla dir -target example.com`
- `scilla dir -w wordlist.txt -target example.com`
- `scilla dir -oj output -target example.com`
- `scilla dir -oh output -target example.com`
- `scilla dir -ot output -target example.com`
- `scilla dir -i 500,401 -target example.com`
- `scilla dir -i 5**,401 -target example.com`
- `scilla dir -c -target example.com`
- `scilla dir -plain -target example.com`
- `scilla dir -nr -target example.com`
- `scilla dir -ua "CustomUA" -target example.com`
- `scilla dir -rua -target example.com`

- Ports enumeration:

- Default (all ports, so 1-65635) `scilla port -target example.com`
- Specifying ports range `scilla port -p 20-90 -target example.com`
- Specifying starting port (until the last one) `scilla port -p 20- -target example.com`
- Specifying ending port (from the first one) `scilla port -p -90 -target example.com`
- Specifying single port `scilla port -p 80 -target example.com`
- Specifying output format (json)`scilla port -oj output -target example.com`
- Specifying output format (html)`scilla port -oh output -target example.com`
- Specifying output format (txt)`scilla port -ot output -target example.com`
- Specifying multiple ports `scilla port -p 21,25,80 -target example.com`
- Specifying common ports `scilla port -common -target example.com`
- Print only results `scilla port -plain -target example.com`

- Full report:

- Default (all ports, so 1-65635) `scilla report -target example.com`
- Specifying ports range `scilla report -p 20-90 -target example.com`
- Specifying starting port (until the last one) `scilla report -p 20- -target example.com`
- Specifying ending port (from the first one) `scilla report -p -90 -target example.com`
- Specifying single port `scilla report -p 80 -target example.com`
- Specifying output format (json)`scilla report -oj output -target example.com`
- Specifying output format (html)`scilla report -oh output -target example.com`
- Specifying output format (txt)`scilla report -ot output -target example.com`
- Specifying directories wordlist `scilla report -wd dirs.txt -target example.com`
- Specifying subdomains wordlist `scilla report -ws subdomains.txt -target example.com`
- Specifying status codes to be ignored in directories scanning `scilla report -id 500,501,502 -target example.com`
- Specifying status codes to be ignored in subdomains scanning `scilla report -is 500,501,502 -target example.com`
- Specifying status codes classes to be ignored in directories scanning `scilla report -id 5**,4** -target example.com`
- Specifying status codes classes to be ignored in subdomains scanning `scilla report -is 5**,4** -target example.com`
- Use also a web crawler for directories enumeration `scilla report -cd -target example.com`
- Use also a web crawler for subdomains enumeration `scilla report -cs -target example.com`
- Use also a public database for subdomains enumeration `scilla report -db -target example.com`
- Specifying multiple ports `scilla report -p 21,25,80 -target example.com`
- Specifying common ports `scilla report -common -target example.com`
- No follow redirects `scilla report -nr -target example.com`
- Use VirusTotal as subdomains source `scilla report -db -vt -target example.com`
- Set the User Agent `scilla report -ua "CustomUA" -target example.com`
- Generate a random user agent for each request `scilla report -rua -target example.com`
- Set DNS IP to resolve the subdomains `scilla report -dns 8.8.8.8 -target example.com`
- Check also if the subdomains are alive `scilla report -alive -target example.com`

Get Started 🎉
----------

`scilla help` prints the help in the command line.

```
usage: scilla subcommand { options }

Available subcommands:
- dns [-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-plain Print only results]
-target REQUIRED
- port [-p or ports divided by comma]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-common scan common ports]
[-plain Print only results]
-target REQUIRED
- subdomain [-w wordlist]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-i ignore status codes]
[-c use also a web crawler]
[-db use also a public database]
[-plain Print only results]
[-db -no-check Don't check status codes for subdomains]
[-db -vt Use VirusTotal as subdomains source]
[-db -bw Use BuiltWith as subdomains source]
[-ua Set the User Agent]
[-rua Generate a random user agent for each request]
[-dns Set DNS IP to resolve the subdomains]
[-alive Check also if the subdomains are alive]
-target REQUIRED
- dir [-w wordlist]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-i ignore status codes]
[-c use also a web crawler]
[-plain Print only results]
[-nr No follow redirects]
[-ua Set the User Agent]
[-rua Generate a random user agent for each request]
-target REQUIRED
- report [-p or ports divided by comma]
[-ws subdomains wordlist]
[-wd directories wordlist]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-id ignore status codes in directories scanning]
[-is ignore status codes in subdomains scanning]
[-cd use also a web crawler for directories scanning]
[-cs use also a web crawler for subdomains scanning]
[-db use also a public database for subdomains scanning]
[-common scan common ports]
[-nr No follow redirects]
[-db -vt Use VirusTotal as subdomains source]
[-ua Set the User Agent]
[-rua Generate a random user agent for each request]
[-dns Set DNS IP to resolve the subdomains]
[-alive Check also if the subdomains are alive]
-target REQUIRED
- help
- examples
```

Changelog 📌
-------

Detailed changes for each release are documented in the [release notes](https://github.com/edoardottt/scilla/releases).

Contributing 🛠
-------

Just open an [issue](https://github.com/edoardottt/scilla/issues) / [pull request](https://github.com/edoardottt/scilla/pulls).

Before opening a pull request, download [golangci-lint](https://golangci-lint.run/usage/install/) and run

```bash
golangci-lint run
```

If there aren't errors, go ahead :)

**To do:**

- [ ] Add more tests

- [ ] Tor support

- [ ] Proxy support

In the news 📰
-------

- [Kali Linux Tutorials](https://kalilinuxtutorials.com/scilla/)
- [GeeksForGeeks.org](https://www.geeksforgeeks.org/scilla-information-gathering-dns-subdomain-port-enumeration/)
- [Brisk Infosec](https://www.briskinfosec.com/tooloftheday/toolofthedaydetail/Scilla)
- [Kalitut](https://kalitut.com/scilla-nformation-gathering-tool/)

License 📝
-------

This repository is under [GNU General Public License v3.0](https://github.com/edoardottt/scilla/blob/main/LICENSE).
[edoardottt.com](https://edoardottt.com/) to contact me.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/edoardottt/scilla

Awesome Lists containing this project

README