Awesome Open Source
Awesome Open Source


🏴‍☠️ Information Gathering tool 🏴‍☠️ - DNS / Subdomains / Ports / Directories enumeration

go-report-card workflows ubuntu-build win10-build pr-welcome
Mainteinance yes ask me anything gobadge license-GPL3
Coded with 💙 by edoardottt.
Share on Twitter!

Preview • Install • Get Started • Examples • Contributing

Preview 📊

asciicast

Installation 📡

You need Go.

  • Linux

    • git clone https://github.com/edoardottt/scilla.git
    • cd scilla
    • go get
    • sudo make linux (to install)
    • sudo make unlinux (to uninstall)

    Or in one line: git clone https://github.com/edoardottt/scilla.git;cd scilla; go get; sudo make linux

  • Windows (executable works only in scilla folder. Alias?)

    • git clone https://github.com/edoardottt/scilla.git
    • cd scilla
    • go get
    • .\make.bat windows (to install)
    • .\make.bat unwindows (to uninstall)

Get Started ğŸŽ‰

scilla help prints the help in the command line.

usage: scilla subcommand { options }

   Available subcommands:
       - dns [-o output-format]
             [-plain Print only results]
             -target <target (URL/IP)> REQUIRED
       - port [-p <start-end> or ports divided by comma]
              [-o output-format]
              [-common scan common ports]
              [-plain Print only results]
              -target <target (URL/IP)> REQUIRED
       - subdomain [-w wordlist]
                   [-o output-format]
                   [-i ignore status codes]
                   [-c use also a web crawler]
                   [-db use also a public database]
                   [-plain Print only results]
                   -target <target (URL)> REQUIRED
       - dir [-w wordlist]
             [-o output-format]
             [-i ignore status codes]
             [-c use also a web crawler]
             [-plain Print only results]
             -target <target (URL)> REQUIRED
       - report [-p <start-end> or ports divided by comma]
                [-ws subdomains wordlist]
                [-wd directories wordlist]
                [-o output-format]
                [-id ignore status codes in directories scanning]
                [-is ignore status codes in subdomains scanning]
                [-cd use also a web crawler for directories scanning]
                [-cs use also a web crawler for subdomains scanning]
                [-db use also a public database for subdomains scanning]
                [-common scan common ports]
                -target <target (URL/IP)> REQUIRED
       - help
       - examples

Examples 💡

  • DNS enumeration:

    • scilla dns -target target.domain
    • scilla dns -o txt -target target.domain
    • scilla dns -o html -target target.domain
    • scilla dns -plain -target target.domain
  • Subdomains enumeration:

    • scilla subdomain -target target.domain
    • scilla subdomain -w wordlist.txt -target target.domain
    • scilla subdomain -o txt -target target.domain
    • scilla subdomain -o html -target target.domain
    • scilla subdomain -i 400 -target target.domain
    • scilla subdomain -i 4** -target target.domain
    • scilla subdomain -c -target target.domain
    • scilla subdomain -db -target target.domain
    • scilla subdomain -plain -target target.domain
  • Directories enumeration:

    • scilla dir -target target.domain
    • scilla dir -w wordlist.txt -target target.domain
    • scilla dir -o txt -target target.domain
    • scilla dir -o html -target target.domain
    • scilla dir -i 500,401 -target target.domain
    • scilla dir -i 5**,401 -target target.domain
    • scilla dir -c -target target.domain
    • scilla dir -plain -target target.domain
  • Ports enumeration:

    • Default (all ports, so 1-65635) scilla port -target target.domain
    • Specifying ports range scilla port -p 20-90 -target target.domain
    • Specifying starting port (until the last one) scilla port -p 20- -target target.domain
    • Specifying ending port (from the first one) scilla port -p -90 -target target.domain
    • Specifying single port scilla port -p 80 -target target.domain
    • Specifying output format (txt)scilla port -o txt -target target.domain
    • Specifying output format (html)scilla port -o html -target target.domain
    • Specifying multiple ports scilla port -p 21,25,80 -target target.domain
    • Specifying common ports scilla port -common -target target.domain
    • Print only results scilla port -plain -target target.domain
  • Full report:

    • Default (all ports, so 1-65635) scilla report -target target.domain
    • Specifying ports range scilla report -p 20-90 -target target.domain
    • Specifying starting port (until the last one) scilla report -p 20- -target target.domain
    • Specifying ending port (from the first one) scilla report -p -90 -target target.domain
    • Specifying single port scilla report -p 80 -target target.domain
    • Specifying output format (txt)scilla report -o txt -target target.domain
    • Specifying output format (html)scilla report -o html -target target.domain
    • Specifying directories wordlist scilla report -wd dirs.txt -target target.domain
    • Specifying subdomains wordlist scilla report -ws subdomains.txt -target target.domain
    • Specifying status codes to be ignored in directories scanning scilla report -id 500,501,502 -target target.domain
    • Specifying status codes to be ignored in subdomains scanning scilla report -is 500,501,502 -target target.domain
    • Specifying status codes classes to be ignored in directories scanning scilla report -id 5**,4** -target target.domain
    • Specifying status codes classes to be ignored in subdomains scanning scilla report -is 5**,4** -target target.domain
    • Use also a web crawler for directories enumeration scilla report -cd -target target.domain
    • Use also a web crawler for subdomains enumeration scilla report -cs -target target.domain
    • Use also a public database for subdomains enumeration scilla report -db -target target.domain
    • Specifying multiple ports scilla report -p 21,25,80 -target target.domain
    • Specifying common ports scilla report -common -target target.domain

Contributing 🛠

Just open an issue/pull request. See also CONTRIBUTING.md and CODE OF CONDUCT.md

Help me building this!

A special thanks to:

To do:

  • [ ] Tests (😂)

  • [ ] Tor support

  • [ ] Proxy support

  • [ ] JSON output

  • [ ] XML output

  • [x] Plain output (print only results)

  • [x] Scan only common ports

  • [x] Add option to use a public database of known subdomains

  • [x] Recursive Web crawling for subdomains and directories

  • [x] Check input and if it's an IP try to change to hostname when dns or subdomain is active

  • [x] Ignore responses by status codes (partially done, to do with *, e.g. -i 4**)

  • [x] HTML output

  • [x] Build an Input Struct and use it as parameter

  • [x] Output color

  • [x] Subdomains enumeration

  • [x] DNS enumeration

  • [x] Subdomains enumeration

  • [x] Port enumeration

  • [x] Directories enumeration

  • [x] TXT output

License 📝

This repository is under GNU General Public License v3.0.
edoardoottavianelli.it to contact me.


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
go (14,921) 
security (1,874) 
hacking (546) 
network (467) 
security-tools (402) 
pentesting (371) 
penetration-testing (244) 
hacking-tool (153) 
reconnaissance (92) 
recon (90) 
information-gathering (83) 
information-retrieval (78) 
enumeration (74) 
ctf-tools (51) 
subdomain-scanner (18)