Awesome Open Source
Awesome Open Source


Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

go-report-card workflows ubuntu-build win10-build pr-welcome
Mainteinance yes ask me anything gobadge license-GPL3
Coded with by edoardottt.
Share on Twitter!

Preview Install Get Started Examples Contributing License

Preview 📊

asciicast

Installation

Using Docker

docker build -t scilla .
docker run scilla help

Building from source

You need Go.

  • Linux

    • git clone https://github.com/edoardottt/scilla.git
    • cd scilla
    • go get
    • make linux (to install)
    • Edit the ~/.config/scilla/keys.yaml file if you want to use api keys
    • make unlinux (to uninstall)
  • Windows (executable works only in scilla folder. Alias?)

    • git clone https://github.com/edoardottt/scilla.git
    • cd scilla
    • go get
    • .\make.bat windows (to install)
    • Create a keys.yaml file if you want to use api keys
    • .\make.bat unwindows (to uninstall)

Get Started

scilla help prints the help in the command line.

usage: scilla subcommand { options }

   Available subcommands:
       - dns [-o output-format]
             [-plain Print only results]
             -target <target (URL/IP)> REQUIRED
       - port [-p <start-end> or ports divided by comma]
              [-o output-format]
              [-common scan common ports]
              [-plain Print only results]
              -target <target (URL/IP)> REQUIRED
       - subdomain [-w wordlist]
                   [-o output-format]
                   [-i ignore status codes]
                   [-c use also a web crawler]
                   [-db use also a public database]
                   [-plain Print only results]
                   [-db -no-check Don't check status codes for subdomains]
                   [-db -spyse Use Spyse as subdomains source]
                   [-db -vt Use VirusTotal as subdomains source]
                   -target <target (URL)> REQUIRED
       - dir [-w wordlist]
             [-o output-format]
             [-i ignore status codes]
             [-c use also a web crawler]
             [-plain Print only results]
             [-nr No follow redirects]
             -target <target (URL)> REQUIRED
       - report [-p <start-end> or ports divided by comma]
                [-ws subdomains wordlist]
                [-wd directories wordlist]
                [-o output-format]
                [-id ignore status codes in directories scanning]
                [-is ignore status codes in subdomains scanning]
                [-cd use also a web crawler for directories scanning]
                [-cs use also a web crawler for subdomains scanning]
                [-db use also a public database for subdomains scanning]
                [-common scan common ports]
                [-nr No follow redirects]
                [-db -spyse Use Spyse as subdomains source]
                [-db -vt Use VirusTotal as subdomains source]
                -target <target (URL/IP)> REQUIRED
       - help
       - examples

Examples

  • DNS enumeration:

    • scilla dns -target target.domain
    • scilla dns -o txt -target target.domain
    • scilla dns -o html -target target.domain
    • scilla dns -plain -target target.domain
  • Subdomains enumeration:

    • scilla subdomain -target target.domain
    • scilla subdomain -w wordlist.txt -target target.domain
    • scilla subdomain -o txt -target target.domain
    • scilla subdomain -o html -target target.domain
    • scilla subdomain -i 400 -target target.domain
    • scilla subdomain -i 4** -target target.domain
    • scilla subdomain -c -target target.domain
    • scilla subdomain -db -target target.domain
    • scilla subdomain -plain -target target.domain
    • scilla subdomain -db -no-check -target target.domain
    • scilla subdomain -db -spyse -target target.domain
    • scilla subdomain -db -vt -target target.domain
  • Directories enumeration:

    • scilla dir -target target.domain
    • scilla dir -w wordlist.txt -target target.domain
    • scilla dir -o txt -target target.domain
    • scilla dir -o html -target target.domain
    • scilla dir -i 500,401 -target target.domain
    • scilla dir -i 5**,401 -target target.domain
    • scilla dir -c -target target.domain
    • scilla dir -plain -target target.domain
    • scilla dir -nr -target target.domain
  • Ports enumeration:

    • Default (all ports, so 1-65635) scilla port -target target.domain
    • Specifying ports range scilla port -p 20-90 -target target.domain
    • Specifying starting port (until the last one) scilla port -p 20- -target target.domain
    • Specifying ending port (from the first one) scilla port -p -90 -target target.domain
    • Specifying single port scilla port -p 80 -target target.domain
    • Specifying output format (txt)scilla port -o txt -target target.domain
    • Specifying output format (html)scilla port -o html -target target.domain
    • Specifying multiple ports scilla port -p 21,25,80 -target target.domain
    • Specifying common ports scilla port -common -target target.domain
    • Print only results scilla port -plain -target target.domain
  • Full report:

    • Default (all ports, so 1-65635) scilla report -target target.domain
    • Specifying ports range scilla report -p 20-90 -target target.domain
    • Specifying starting port (until the last one) scilla report -p 20- -target target.domain
    • Specifying ending port (from the first one) scilla report -p -90 -target target.domain
    • Specifying single port scilla report -p 80 -target target.domain
    • Specifying output format (txt)scilla report -o txt -target target.domain
    • Specifying output format (html)scilla report -o html -target target.domain
    • Specifying directories wordlist scilla report -wd dirs.txt -target target.domain
    • Specifying subdomains wordlist scilla report -ws subdomains.txt -target target.domain
    • Specifying status codes to be ignored in directories scanning scilla report -id 500,501,502 -target target.domain
    • Specifying status codes to be ignored in subdomains scanning scilla report -is 500,501,502 -target target.domain
    • Specifying status codes classes to be ignored in directories scanning scilla report -id 5**,4** -target target.domain
    • Specifying status codes classes to be ignored in subdomains scanning scilla report -is 5**,4** -target target.domain
    • Use also a web crawler for directories enumeration scilla report -cd -target target.domain
    • Use also a web crawler for subdomains enumeration scilla report -cs -target target.domain
    • Use also a public database for subdomains enumeration scilla report -db -target target.domain
    • Specifying multiple ports scilla report -p 21,25,80 -target target.domain
    • Specifying common ports scilla report -common -target target.domain
    • No follow redirects scilla report -nr -target target.domain
    • Use Spyse as subdomains source scilla report -db -spyse -target target.domain
    • Use VirusTotal as subdomains source scilla report -db -vt -target target.domain

Contributing

Just open an issue / pull request. See also CONTRIBUTING.md and CODE OF CONDUCT.md

Help me building this!

Special thanks to:

To do:

  • [ ] Tests ()

  • [ ] Tor support

  • [ ] Proxy support

  • [ ] XML output

  • [x] JSON output

  • [x] Dockerfile

  • [x] Plain output (print only results)

  • [x] Scan only common ports

  • [x] Add option to use a public database of known subdomains

  • [x] Recursive Web crawling for subdomains and directories

  • [x] Check input and if it's an IP try to change to hostname when dns or subdomain is active

  • [x] Ignore responses by status codes (partially done, to do with *, e.g. -i 4**)

  • [x] HTML output

  • [x] Build an Input Struct and use it as parameter

  • [x] Output color

  • [x] Subdomains enumeration

  • [x] DNS enumeration

  • [x] Port enumeration

  • [x] Directories enumeration

  • [x] TXT output

License

This repository is under GNU General Public License v3.0.
edoardoottavianelli.it to contact me.


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Go (196,386
Security (8,734
Network (3,647
Hacking (2,441
Security Tools (1,680
Pentesting (1,355
Hacking Tool (901
Penetration Testing (805
Information Retrieval (660
Enumeration (360
Reconnaissance (343
Information Gathering (316
Recon (303
Port Scanner (251
Ctf Tools (239
Related Projects