https://github.com/vmfunc/sif
the blazing-fast pentesting suite.
https://github.com/vmfunc/sif
attack-surface cve-scanner cve-scanning cybersecurity directory-enumeration dirlist dns-enumeration hacktoberfest infosec pentest pentest-scripts pentest-tool pentesting security vulnerability-detection vulnerability-scanners
Last synced: about 1 month ago
JSON representation
the blazing-fast pentesting suite.
- Host: GitHub
- URL: https://github.com/vmfunc/sif
- Owner: vmfunc
- License: other
- Created: 2023-09-01T14:58:27.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-04-18T14:49:14.000Z (10 months ago)
- Last Synced: 2025-04-19T04:14:57.493Z (10 months ago)
- Topics: attack-surface, cve-scanner, cve-scanning, cybersecurity, directory-enumeration, dirlist, dns-enumeration, hacktoberfest, infosec, pentest, pentest-scripts, pentest-tool, pentesting, security, vulnerability-detection, vulnerability-scanners
- Language: Go
- Homepage:
- Size: 1.91 MB
- Stars: 232
- Watchers: 3
- Forks: 15
- Open Issues: 13
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
[](https://go.dev/)
[](https://github.com/vmfunc/sif/actions)
[](LICENSE)
[](https://discord.gg/sifcli)
**[install](#install) ยท [usage](#usage) ยท [modules](#modules) ยท [contribute](#contribute)**
---
## what is sif?
sif is a modular pentesting toolkit written in go. it's designed to be fast, concurrent, and extensible. run multiple scan types against targets with a single command.
```bash
./sif -u https://example.com -all
```
## install
### from releases
grab the latest binary from [releases](https://github.com/vmfunc/sif/releases).
### from source
```bash
git clone https://github.com/dropalldatabases/sif.git
cd sif
make
```
requires go 1.23+
## usage
```bash
# basic scan
./sif -u https://example.com
# directory fuzzing
./sif -u https://example.com -dirlist medium
# subdomain enumeration
./sif -u https://example.com -dnslist medium
# port scanning
./sif -u https://example.com -ports common
# javascript framework detection + cloud misconfig
./sif -u https://example.com -js -c3
# shodan host intelligence (requires SHODAN_API_KEY env var)
./sif -u https://example.com -shodan
# sql recon + lfi scanning
./sif -u https://example.com -sql -lfi
# framework detection (with cve lookup)
./sif -u https://example.com -framework
# everything
./sif -u https://example.com -all
```
run `./sif -h` for all options.
## modules
| module | description |
|--------|-------------|
| `dirlist` | directory and file fuzzing |
| `dnslist` | subdomain enumeration |
| `ports` | port and service scanning |
| `nuclei` | vulnerability scanning with nuclei templates |
| `dork` | automated google dorking |
| `js` | javascript framework detection (next.js, supabase) |
| `c3` | cloud storage misconfiguration scanning |
| `headers` | http header analysis |
| `takeover` | subdomain takeover detection |
| `cms` | cms detection |
| `whois` | whois lookups |
| `git` | exposed git repository detection |
| `shodan` | shodan host intelligence (requires SHODAN_API_KEY) |
| `sql` | sql admin panel and error disclosure detection |
| `lfi` | local file inclusion vulnerability scanning |
| `framework` | web framework detection with version + cve lookup |
## contribute
contributions welcome. see [contributing.md](CONTRIBUTING.md) for guidelines.
```bash
# format
gofmt -w .
# lint
golangci-lint run
# test
go test ./...
```
## community
join our discord for support, feature discussions, and pentesting tips:
[](https://discord.gg/sifcli)
## contributors
mel
๐ง ๐งโ๐ซ ๐ ๐ก๏ธ โ ๏ธ ๐ผ ๐ป ๐จ ๐ต ๐ค
ProjectDiscovery
๐ฆ
macdoos
๐ป
Matthieu Witrowiez
๐ค
tessa
๐ ๐ฌ ๐
Eva
๐ ๐ ๐ฌ ๐ก๏ธ โ ๏ธ ๐ป
## acknowledgements
- [projectdiscovery](https://projectdiscovery.io/) for nuclei and other security tools
- [shodan](https://www.shodan.io/) for infrastructure intelligence
---
bsd 3-clause license ยท made by vmfunc, xyzeva, and contributors