Skip to content

edoardottt/scilla

Folders and files

NameName
Last commit message
Last commit date

Latest commit

b9ec2ba Β· Oct 15, 2022
Oct 15, 2022
Oct 15, 2022
Oct 15, 2022
Mar 29, 2022
Oct 15, 2022
Oct 15, 2022
Oct 15, 2022
Oct 15, 2022
Aug 18, 2022
Sep 26, 2020
Oct 15, 2022
Oct 15, 2022
Oct 15, 2022
Oct 15, 2022
Oct 15, 2022

Repository files navigation


πŸ΄β€β˜ οΈ Information Gathering tool πŸ΄β€β˜ οΈ - DNS / Subdomains / Ports / Directories enumeration

go-report-card workflows ubuntu-build win10-build
pr-welcome Mainteinance yes ask me anything license-GPL3
Coded with πŸ’™ by edoardottt
Share on Twitter!

Preview β€’ Install β€’ Get Started β€’ Examples β€’ Changelog β€’ Contributing β€’ License

Preview πŸ“Š

asciicast

Installation πŸ“‘

Building from source

You need Go.

  • Linux

    • git clone https://github.com/edoardottt/scilla.git
    • cd scilla
    • make linux (to install)
    • Edit the ~/.config/scilla/keys.yaml file if you want to use API keys
    • make unlinux (to uninstall)
  • Windows (executable works only in scilla folder. Alias?)

    • git clone https://github.com/edoardottt/scilla.git
    • cd scilla
    • .\make.bat windows (to install)
    • Create a keys.yaml file if you want to use api keys
    • .\make.bat unwindows (to uninstall)

Using Docker

docker build -t scilla .
docker run scilla help

Get Started πŸŽ‰

scilla help prints the help in the command line.

usage: scilla subcommand { options }

   Available subcommands:
       - dns [-oj JSON output file]
             [-oh HTML output file]
             [-ot TXT output file]
             [-plain Print only results]
             -target <target (URL/IP)> REQUIRED
       - port [-p <start-end> or ports divided by comma]
              [-oj JSON output file]
              [-oh HTML output file]
              [-ot TXT output file]
              [-common scan common ports]
              [-plain Print only results]
              -target <target (URL/IP)> REQUIRED
       - subdomain [-w wordlist]
                   [-oj JSON output file]
                   [-oh HTML output file]
                   [-ot TXT output file]
                   [-i ignore status codes]
                   [-c use also a web crawler]
                   [-db use also a public database]
                   [-plain Print only results]
                   [-db -no-check Don't check status codes for subdomains]
                   [-db -vt Use VirusTotal as subdomains source]
                   [-ua Set the User Agent]
                   [-rua Generate a random user agent for each request]
                   -target <target (URL)> REQUIRED
       - dir [-w wordlist]
             [-oj JSON output file]
             [-oh HTML output file]
             [-ot TXT output file]
             [-i ignore status codes]
             [-c use also a web crawler]
             [-plain Print only results]
             [-nr No follow redirects]
             [-ua Set the User Agent]
             [-rua Generate a random user agent for each request]
             -target <target (URL)> REQUIRED
       - report [-p <start-end> or ports divided by comma]
                [-ws subdomains wordlist]
                [-wd directories wordlist]
                [-oj JSON output file]
                [-oh HTML output file]
                [-ot TXT output file]
                [-id ignore status codes in directories scanning]
                [-is ignore status codes in subdomains scanning]
                [-cd use also a web crawler for directories scanning]
                [-cs use also a web crawler for subdomains scanning]
                [-db use also a public database for subdomains scanning]
                [-common scan common ports]
                [-nr No follow redirects]
                [-db -vt Use VirusTotal as subdomains source]
                [-ua Set the User Agent]
                [-rua Generate a random user agent for each request]
                -target <target (URL/IP)> REQUIRED
       - help
       - examples

Examples πŸ’‘

  • DNS enumeration:

    • scilla dns -target target.domain
    • scilla dns -oj output -target target.domain
    • scilla dns -oh output -target target.domain
    • scilla dns -ot output -target target.domain
    • scilla dns -plain -target target.domain
  • Subdomains enumeration:

    • scilla subdomain -target target.domain
    • scilla subdomain -w wordlist.txt -target target.domain
    • scilla subdomain -oj output -target target.domain
    • scilla subdomain -oh output -target target.domain
    • scilla subdomain -ot output -target target.domain
    • scilla subdomain -i 400 -target target.domain
    • scilla subdomain -i 4** -target target.domain
    • scilla subdomain -c -target target.domain
    • scilla subdomain -db -target target.domain
    • scilla subdomain -plain -target target.domain
    • scilla subdomain -db -no-check -target target.domain
    • scilla subdomain -db -vt -target target.domain
    • scilla subdomain -ua "CustomUA" -target target.domain
    • scilla subdomain -rua -target target.domain
  • Directories enumeration:

    • scilla dir -target target.domain
    • scilla dir -w wordlist.txt -target target.domain
    • scilla dir -oj output -target target.domain
    • scilla dir -oh output -target target.domain
    • scilla dir -ot output -target target.domain
    • scilla dir -i 500,401 -target target.domain
    • scilla dir -i 5**,401 -target target.domain
    • scilla dir -c -target target.domain
    • scilla dir -plain -target target.domain
    • scilla dir -nr -target target.domain
    • scilla dir -ua "CustomUA" -target target.domain
    • scilla dir -rua -target target.domain
  • Ports enumeration:

    • Default (all ports, so 1-65635) scilla port -target target.domain
    • Specifying ports range scilla port -p 20-90 -target target.domain
    • Specifying starting port (until the last one) scilla port -p 20- -target target.domain
    • Specifying ending port (from the first one) scilla port -p -90 -target target.domain
    • Specifying single port scilla port -p 80 -target target.domain
    • Specifying output format (json)scilla port -oj output -target target.domain
    • Specifying output format (html)scilla port -oh output -target target.domain
    • Specifying output format (txt)scilla port -ot output -target target.domain
    • Specifying multiple ports scilla port -p 21,25,80 -target target.domain
    • Specifying common ports scilla port -common -target target.domain
    • Print only results scilla port -plain -target target.domain
  • Full report:

    • Default (all ports, so 1-65635) scilla report -target target.domain
    • Specifying ports range scilla report -p 20-90 -target target.domain
    • Specifying starting port (until the last one) scilla report -p 20- -target target.domain
    • Specifying ending port (from the first one) scilla report -p -90 -target target.domain
    • Specifying single port scilla report -p 80 -target target.domain
    • Specifying output format (json)scilla report -oj output -target target.domain
    • Specifying output format (html)scilla report -oh output -target target.domain
    • Specifying output format (txt)scilla report -ot output -target target.domain
    • Specifying directories wordlist scilla report -wd dirs.txt -target target.domain
    • Specifying subdomains wordlist scilla report -ws subdomains.txt -target target.domain
    • Specifying status codes to be ignored in directories scanning scilla report -id 500,501,502 -target target.domain
    • Specifying status codes to be ignored in subdomains scanning scilla report -is 500,501,502 -target target.domain
    • Specifying status codes classes to be ignored in directories scanning scilla report -id 5**,4** -target target.domain
    • Specifying status codes classes to be ignored in subdomains scanning scilla report -is 5**,4** -target target.domain
    • Use also a web crawler for directories enumeration scilla report -cd -target target.domain
    • Use also a web crawler for subdomains enumeration scilla report -cs -target target.domain
    • Use also a public database for subdomains enumeration scilla report -db -target target.domain
    • Specifying multiple ports scilla report -p 21,25,80 -target target.domain
    • Specifying common ports scilla report -common -target target.domain
    • No follow redirects scilla report -nr -target target.domain
    • Use VirusTotal as subdomains source scilla report -db -vt -target target.domain
    • Set the User Agent scilla report -ua "CustomUA" -target target.domain
    • Generate a random user agent for each request scilla report -rua -target target.domain

Changelog πŸ“Œ

Detailed changes for each release are documented in the release notes.

Contributing πŸ› 

Just open an issue / pull request.

Before opening a pull request, download golangci-lint and run

golangci-lint run

If there aren't errors, go ahead :)

Help me building this!

Special thanks to: danielmiessler, sonarSearch, HackerTarget, BufferOverrun, Threatcrowd, Crt.sh, VirusTotal, tomnomnom.

To do:

  • Tests (πŸ˜‚)

  • Tor support

  • Proxy support

  • JSON output

  • Dockerfile

  • Plain output (print only results)

  • Scan only common ports

  • Add option to use a public database of known subdomains

  • Recursive Web crawling for subdomains and directories

  • Check input and if it's an IP try to change to hostname when dns or subdomain is active

  • Ignore responses by status codes (partially done, to do with *, e.g. -i 4**)

  • HTML output

  • Build an Input Struct and use it as parameter

  • Output color

  • Subdomains enumeration

  • DNS enumeration

  • Port enumeration

  • Directories enumeration

  • TXT output

License πŸ“

This repository is under GNU General Public License v3.0.
edoardoottavianelli.it to contact me.