🏴‍☠️ Information Gathering tool 🏴‍☠️ - DNS / Subdomains / Ports / Directories enumeration



_{Coded with 💙 by edoardottt}
Share on Twitter!

Preview • Install • Get Started • Examples • Changelog • Contributing • License

docker build -t scilla . docker run scilla help

You need Go.

• Linux

  • git clone https://github.com/edoardottt/scilla.git
  • cd scilla
  • go get
  • make linux (to install)
  • Edit the ~/.config/scilla/keys.yaml file if you want to use api keys
  • make unlinux (to uninstall)

• Windows (executable works only in scilla folder. Alias?)

  • git clone https://github.com/edoardottt/scilla.git
  • cd scilla
  • go get
  • .\make.bat windows (to install)
  • Create a keys.yaml file if you want to use api keys
  • .\make.bat unwindows (to uninstall)

scilla help prints the help in the command line.

usage: scilla subcommand{options } Available subcommands: - dns [-oj JSON output file] [-oh HTML output file] [-ot TXT output file] [-plain Print only results] -target <target (URL/IP)> REQUIRED - port [-p <start-end> or ports divided by comma] [-oj JSON output file] [-oh HTML output file] [-ot TXT output file] [-common scan common ports] [-plain Print only results] -target <target (URL/IP)> REQUIRED - subdomain [-w wordlist] [-oj JSON output file] [-oh HTML output file] [-ot TXT output file] [-i ignore status codes] [-c use also a web crawler] [-db use also a public database] [-plain Print only results] [-db -no-check Don't check status codes for subdomains] [-db -vt Use VirusTotal as subdomains source] -target <target (URL)> REQUIRED - dir [-w wordlist] [-oj JSON output file] [-oh HTML output file] [-ot TXT output file] [-i ignore status codes] [-c use also a web crawler] [-plain Print only results] [-nr No follow redirects] -target <target (URL)> REQUIRED - report [-p <start-end> or ports divided by comma] [-ws subdomains wordlist] [-wd directories wordlist] [-oj JSON output file] [-oh HTML output file] [-ot TXT output file] [-id ignore status codes in directories scanning] [-is ignore status codes in subdomains scanning] [-cd use also a web crawler for directories scanning] [-cs use also a web crawler for subdomains scanning] [-db use also a public database for subdomains scanning] [-common scan common ports] [-nr No follow redirects] [-db -vt Use VirusTotal as subdomains source] -target <target (URL/IP)> REQUIRED - help - examples 

• DNS enumeration:

  • scilla dns -target target.domain
  • scilla dns -oj output -target target.domain
  • scilla dns -oh output -target target.domain
  • scilla dns -ot output -target target.domain
  • scilla dns -plain -target target.domain

• Subdomains enumeration:

  • scilla subdomain -target target.domain
  • scilla subdomain -w wordlist.txt -target target.domain
  • scilla subdomain -oj output -target target.domain
  • scilla subdomain -oh output -target target.domain
  • scilla subdomain -ot output -target target.domain
  • scilla subdomain -i 400 -target target.domain
  • scilla subdomain -i 4** -target target.domain
  • scilla subdomain -c -target target.domain
  • scilla subdomain -db -target target.domain
  • scilla subdomain -plain -target target.domain
  • scilla subdomain -db -no-check -target target.domain
  • scilla subdomain -db -vt -target target.domain

• Directories enumeration:

  • scilla dir -target target.domain
  • scilla dir -w wordlist.txt -target target.domain
  • scilla dir -oj output -target target.domain
  • scilla dir -oh output -target target.domain
  • scilla dir -ot output -target target.domain
  • scilla dir -i 500,401 -target target.domain
  • scilla dir -i 5**,401 -target target.domain
  • scilla dir -c -target target.domain
  • scilla dir -plain -target target.domain
  • scilla dir -nr -target target.domain

• Ports enumeration:

  • Default (all ports, so 1-65635) scilla port -target target.domain
  • Specifying ports range scilla port -p 20-90 -target target.domain
  • Specifying starting port (until the last one) scilla port -p 20- -target target.domain
  • Specifying ending port (from the first one) scilla port -p -90 -target target.domain
  • Specifying single port scilla port -p 80 -target target.domain
  • Specifying output format (json)scilla port -oj output -target target.domain
  • Specifying output format (html)scilla port -oh output -target target.domain
  • Specifying output format (txt)scilla port -ot output -target target.domain
  • Specifying multiple ports scilla port -p 21,25,80 -target target.domain
  • Specifying common ports scilla port -common -target target.domain
  • Print only results scilla port -plain -target target.domain

• Full report:

  • Default (all ports, so 1-65635) scilla report -target target.domain
  • Specifying ports range scilla report -p 20-90 -target target.domain
  • Specifying starting port (until the last one) scilla report -p 20- -target target.domain
  • Specifying ending port (from the first one) scilla report -p -90 -target target.domain
  • Specifying single port scilla report -p 80 -target target.domain
  • Specifying output format (json)scilla report -oj output -target target.domain
  • Specifying output format (html)scilla report -oh output -target target.domain
  • Specifying output format (txt)scilla report -ot output -target target.domain
  • Specifying directories wordlist scilla report -wd dirs.txt -target target.domain
  • Specifying subdomains wordlist scilla report -ws subdomains.txt -target target.domain
  • Specifying status codes to be ignored in directories scanning scilla report -id 500,501,502 -target target.domain
  • Specifying status codes to be ignored in subdomains scanning scilla report -is 500,501,502 -target target.domain
  • Specifying status codes classes to be ignored in directories scanning scilla report -id 5**,4** -target target.domain
  • Specifying status codes classes to be ignored in subdomains scanning scilla report -is 5**,4** -target target.domain
  • Use also a web crawler for directories enumeration scilla report -cd -target target.domain
  • Use also a web crawler for subdomains enumeration scilla report -cs -target target.domain
  • Use also a public database for subdomains enumeration scilla report -db -target target.domain
  • Specifying multiple ports scilla report -p 21,25,80 -target target.domain
  • Specifying common ports scilla report -common -target target.domain
  • No follow redirects scilla report -nr -target target.domain
  • Use VirusTotal as subdomains source scilla report -db -vt -target target.domain

Detailed changes for each release are documented in the release notes.

Just open an issue / pull request. See also CONTRIBUTING.md and CODE OF CONDUCT.md

Help me building this!

Special thanks to: danielmiessler, sonarSearch, HackerTarget, BufferOverrun, Threatcrowd, Crt.sh, VirusTotal, tomnomnom.

To do:

• Tests (😂)

• Tor support

• Proxy support

• JSON output

• Dockerfile

• Plain output (print only results)

• Scan only common ports

• Add option to use a public database of known subdomains

• Recursive Web crawling for subdomains and directories

• Check input and if it's an IP try to change to hostname when dns or subdomain is active

• Ignore responses by status codes (partially done, to do with *, e.g. -i 4**)

• HTML output

• Build an Input Struct and use it as parameter

• Output color

• Subdomains enumeration

• DNS enumeration

• Port enumeration

• Directories enumeration

• TXT output

This repository is under GNU General Public License v3.0.
edoardoottavianelli.it to contact me.