Awesome Open Source
Awesome Open Source


Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

go-report-card workflows ubuntu-build win10-build
pr-welcome Mainteinance yes ask me anything license-GPL3
Coded with by edoardottt
Share on Twitter!

Preview Install Get Started Examples Changelog Contributing License

Preview 📊

asciicast

Installation

Building from source

You need Go.

  • Linux

    • git clone https://github.com/edoardottt/scilla.git
    • cd scilla
    • make linux (to install)
    • Edit the ~/.config/scilla/keys.yaml file if you want to use API keys
    • make unlinux (to uninstall)
  • Windows (executable works only in scilla folder. Alias?)

    • git clone https://github.com/edoardottt/scilla.git
    • cd scilla
    • .\make.bat windows (to install)
    • Create a keys.yaml file if you want to use api keys
    • .\make.bat unwindows (to uninstall)

Using Docker

docker build -t scilla .
docker run scilla help

Get Started

scilla help prints the help in the command line.

usage: scilla subcommand { options }

   Available subcommands:
       - dns [-oj JSON output file]
             [-oh HTML output file]
             [-ot TXT output file]
             [-plain Print only results]
             -target <target (URL/IP)> REQUIRED
       - port [-p <start-end> or ports divided by comma]
              [-oj JSON output file]
              [-oh HTML output file]
              [-ot TXT output file]
              [-common scan common ports]
              [-plain Print only results]
              -target <target (URL/IP)> REQUIRED
       - subdomain [-w wordlist]
                   [-oj JSON output file]
                   [-oh HTML output file]
                   [-ot TXT output file]
                   [-i ignore status codes]
                   [-c use also a web crawler]
                   [-db use also a public database]
                   [-plain Print only results]
                   [-db -no-check Don't check status codes for subdomains]
                   [-db -vt Use VirusTotal as subdomains source]
                   [-ua Set the User Agent]
                   [-rua Generate a random user agent for each request]
                   [-dns Set DNS IP to resolve the subdomains]
                   [-alive Check also if the subdomains are alive]
                   -target <target (URL)> REQUIRED
       - dir [-w wordlist]
             [-oj JSON output file]
             [-oh HTML output file]
             [-ot TXT output file]
             [-i ignore status codes]
             [-c use also a web crawler]
             [-plain Print only results]
             [-nr No follow redirects]
             [-ua Set the User Agent]
             [-rua Generate a random user agent for each request]
             -target <target (URL/IP)> REQUIRED
       - report [-p <start-end> or ports divided by comma]
                [-ws subdomains wordlist]
                [-wd directories wordlist]
                [-oj JSON output file]
                [-oh HTML output file]
                [-ot TXT output file]
                [-id ignore status codes in directories scanning]
                [-is ignore status codes in subdomains scanning]
                [-cd use also a web crawler for directories scanning]
                [-cs use also a web crawler for subdomains scanning]
                [-db use also a public database for subdomains scanning]
                [-common scan common ports]
                [-nr No follow redirects]
                [-db -vt Use VirusTotal as subdomains source]
                [-ua Set the User Agent]
                [-rua Generate a random user agent for each request]
                [-dns Set DNS IP to resolve the subdomains]
                [-alive Check also if the subdomains are alive]
                -target <target (URL)> REQUIRED
       - help
       - examples

Examples

  • DNS enumeration:

    • scilla dns -target target.domain
    • scilla dns -oj output -target target.domain
    • scilla dns -oh output -target target.domain
    • scilla dns -ot output -target target.domain
    • scilla dns -plain -target target.domain
  • Subdomains enumeration:

    • scilla subdomain -target target.domain
    • scilla subdomain -w wordlist.txt -target target.domain
    • scilla subdomain -oj output -target target.domain
    • scilla subdomain -oh output -target target.domain
    • scilla subdomain -ot output -target target.domain
    • scilla subdomain -i 400 -target target.domain
    • scilla subdomain -i 4** -target target.domain
    • scilla subdomain -c -target target.domain
    • scilla subdomain -db -target target.domain
    • scilla subdomain -plain -target target.domain
    • scilla subdomain -db -no-check -target target.domain
    • scilla subdomain -db -vt -target target.domain
    • scilla subdomain -ua "CustomUA" -target target.domain
    • scilla subdomain -rua -target target.domain
    • scilla subdomain -dns 8.8.8.8 -target target.domain
    • scilla subdomain -alive -target target.domain
  • Directories enumeration:

    • scilla dir -target target.domain
    • scilla dir -w wordlist.txt -target target.domain
    • scilla dir -oj output -target target.domain
    • scilla dir -oh output -target target.domain
    • scilla dir -ot output -target target.domain
    • scilla dir -i 500,401 -target target.domain
    • scilla dir -i 5**,401 -target target.domain
    • scilla dir -c -target target.domain
    • scilla dir -plain -target target.domain
    • scilla dir -nr -target target.domain
    • scilla dir -ua "CustomUA" -target target.domain
    • scilla dir -rua -target target.domain
  • Ports enumeration:

    • Default (all ports, so 1-65635) scilla port -target target.domain
    • Specifying ports range scilla port -p 20-90 -target target.domain
    • Specifying starting port (until the last one) scilla port -p 20- -target target.domain
    • Specifying ending port (from the first one) scilla port -p -90 -target target.domain
    • Specifying single port scilla port -p 80 -target target.domain
    • Specifying output format (json)scilla port -oj output -target target.domain
    • Specifying output format (html)scilla port -oh output -target target.domain
    • Specifying output format (txt)scilla port -ot output -target target.domain
    • Specifying multiple ports scilla port -p 21,25,80 -target target.domain
    • Specifying common ports scilla port -common -target target.domain
    • Print only results scilla port -plain -target target.domain
  • Full report:

    • Default (all ports, so 1-65635) scilla report -target target.domain
    • Specifying ports range scilla report -p 20-90 -target target.domain
    • Specifying starting port (until the last one) scilla report -p 20- -target target.domain
    • Specifying ending port (from the first one) scilla report -p -90 -target target.domain
    • Specifying single port scilla report -p 80 -target target.domain
    • Specifying output format (json)scilla report -oj output -target target.domain
    • Specifying output format (html)scilla report -oh output -target target.domain
    • Specifying output format (txt)scilla report -ot output -target target.domain
    • Specifying directories wordlist scilla report -wd dirs.txt -target target.domain
    • Specifying subdomains wordlist scilla report -ws subdomains.txt -target target.domain
    • Specifying status codes to be ignored in directories scanning scilla report -id 500,501,502 -target target.domain
    • Specifying status codes to be ignored in subdomains scanning scilla report -is 500,501,502 -target target.domain
    • Specifying status codes classes to be ignored in directories scanning scilla report -id 5**,4** -target target.domain
    • Specifying status codes classes to be ignored in subdomains scanning scilla report -is 5**,4** -target target.domain
    • Use also a web crawler for directories enumeration scilla report -cd -target target.domain
    • Use also a web crawler for subdomains enumeration scilla report -cs -target target.domain
    • Use also a public database for subdomains enumeration scilla report -db -target target.domain
    • Specifying multiple ports scilla report -p 21,25,80 -target target.domain
    • Specifying common ports scilla report -common -target target.domain
    • No follow redirects scilla report -nr -target target.domain
    • Use VirusTotal as subdomains source scilla report -db -vt -target target.domain
    • Set the User Agent scilla report -ua "CustomUA" -target target.domain
    • Generate a random user agent for each request scilla report -rua -target target.domain
    • Set DNS IP to resolve the subdomains scilla report -dns 8.8.8.8 -target target.domain
    • Check also if the subdomains are alive scilla report -alive -target target.domain

Changelog

Detailed changes for each release are documented in the release notes.

Contributing

Just open an issue / pull request.

Before opening a pull request, download golangci-lint and run

golangci-lint run

If there aren't errors, go ahead :)

Help me building this!

Special thanks to: danielmiessler, sonarSearch, HackerTarget, BufferOverrun, Threatcrowd, Crt.sh, VirusTotal, tomnomnom.

To do:

  • [ ] Add more tests

  • [ ] Tor support

  • [ ] Proxy support

In the news

License

This repository is under GNU General Public License v3.0.
edoardoottavianelli.it to contact me.



Alternative Project Comparisons
Related Awesome Lists
Top Programming Languages

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Go (172,580
Network (37,422
Security (32,284
Port (19,707
Dns (10,315
Hacking (8,104
Penetration Testing (3,506
Pentesting (3,505
Security Tools (2,200
Subdomain (2,008
Hacking Tool (1,195
Wordlist (1,037
Recon (950
Information Retrieval (872
Reconnaissance (661
Port Scanner (465
Information Gathering (418
Ctf Tools (298
Subdomain Scanner (127
Subdomains Enumeration (15
Dns Enumeration (10