š“āā ļø Information Gathering tool š“āā ļø - DNS / Subdomains / Ports / Directories enumeration
Coded with š by edoardottt
Share on Twitter!
Install ā¢ Get Started ā¢ Examples ā¢ Changelog ā¢ Contributing ā¢ License
Installation š”
Homebrew
brew install scillaSnap
sudo snap install scillaGo
go install -v github.com/edoardottt/scilla/cmd/scilla@latestBuilding from source
You need Go.
-
Linux
git clone https://github.com/edoardottt/scilla.gitcd scillamake linux(to install)- Edit the
~/.config/scilla/keys.yamlfile if you want to use API keys make unlinux(to uninstall)
-
Windows (executable works only in scilla folder. Alias?)
git clone https://github.com/edoardottt/scilla.gitcd scilla.\make.bat windows(to install)- Create a
keys.yamlfile if you want to use api keys .\make.bat unwindows(to uninstall)
Using Docker
docker build -t scilla .
docker run scilla helpGet Started š
scilla help prints the help in the command line.
usage: scilla subcommand { options }
Available subcommands:
- dns [-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-plain Print only results]
-target <target (URL/IP)> REQUIRED
- port [-p <start-end> or ports divided by comma]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-common scan common ports]
[-plain Print only results]
-target <target (URL/IP)> REQUIRED
- subdomain [-w wordlist]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-i ignore status codes]
[-c use also a web crawler]
[-db use also a public database]
[-plain Print only results]
[-db -no-check Don't check status codes for subdomains]
[-db -vt Use VirusTotal as subdomains source]
[-db -bw Use BuiltWith as subdomains source]
[-ua Set the User Agent]
[-rua Generate a random user agent for each request]
[-dns Set DNS IP to resolve the subdomains]
[-alive Check also if the subdomains are alive]
-target <target (URL)> REQUIRED
- dir [-w wordlist]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-i ignore status codes]
[-c use also a web crawler]
[-plain Print only results]
[-nr No follow redirects]
[-ua Set the User Agent]
[-rua Generate a random user agent for each request]
-target <target (URL/IP)> REQUIRED
- report [-p <start-end> or ports divided by comma]
[-ws subdomains wordlist]
[-wd directories wordlist]
[-oj JSON output file]
[-oh HTML output file]
[-ot TXT output file]
[-id ignore status codes in directories scanning]
[-is ignore status codes in subdomains scanning]
[-cd use also a web crawler for directories scanning]
[-cs use also a web crawler for subdomains scanning]
[-db use also a public database for subdomains scanning]
[-common scan common ports]
[-nr No follow redirects]
[-db -vt Use VirusTotal as subdomains source]
[-ua Set the User Agent]
[-rua Generate a random user agent for each request]
[-dns Set DNS IP to resolve the subdomains]
[-alive Check also if the subdomains are alive]
-target <target (URL)> REQUIRED
- help
- examplesExamples š”
-
DNS enumeration:
scilla dns -target target.domainscilla dns -oj output -target target.domainscilla dns -oh output -target target.domainscilla dns -ot output -target target.domainscilla dns -plain -target target.domain
-
Subdomains enumeration:
scilla subdomain -target target.domainscilla subdomain -w wordlist.txt -target target.domainscilla subdomain -oj output -target target.domainscilla subdomain -oh output -target target.domainscilla subdomain -ot output -target target.domainscilla subdomain -i 400 -target target.domainscilla subdomain -i 4** -target target.domainscilla subdomain -c -target target.domainscilla subdomain -db -target target.domainscilla subdomain -plain -target target.domainscilla subdomain -db -no-check -target target.domainscilla subdomain -db -vt -target target.domainscilla subdomain -db -bw -target target.domainscilla subdomain -ua "CustomUA" -target target.domainscilla subdomain -rua -target target.domainscilla subdomain -dns 8.8.8.8 -target target.domainscilla subdomain -alive -target target.domain
-
Directories enumeration:
scilla dir -target target.domainscilla dir -w wordlist.txt -target target.domainscilla dir -oj output -target target.domainscilla dir -oh output -target target.domainscilla dir -ot output -target target.domainscilla dir -i 500,401 -target target.domainscilla dir -i 5**,401 -target target.domainscilla dir -c -target target.domainscilla dir -plain -target target.domainscilla dir -nr -target target.domainscilla dir -ua "CustomUA" -target target.domainscilla dir -rua -target target.domain
-
Ports enumeration:
- Default (all ports, so 1-65635)
scilla port -target target.domain - Specifying ports range
scilla port -p 20-90 -target target.domain - Specifying starting port (until the last one)
scilla port -p 20- -target target.domain - Specifying ending port (from the first one)
scilla port -p -90 -target target.domain - Specifying single port
scilla port -p 80 -target target.domain - Specifying output format (json)
scilla port -oj output -target target.domain - Specifying output format (html)
scilla port -oh output -target target.domain - Specifying output format (txt)
scilla port -ot output -target target.domain - Specifying multiple ports
scilla port -p 21,25,80 -target target.domain - Specifying common ports
scilla port -common -target target.domain - Print only results
scilla port -plain -target target.domain
- Default (all ports, so 1-65635)
-
Full report:
- Default (all ports, so 1-65635)
scilla report -target target.domain - Specifying ports range
scilla report -p 20-90 -target target.domain - Specifying starting port (until the last one)
scilla report -p 20- -target target.domain - Specifying ending port (from the first one)
scilla report -p -90 -target target.domain - Specifying single port
scilla report -p 80 -target target.domain - Specifying output format (json)
scilla report -oj output -target target.domain - Specifying output format (html)
scilla report -oh output -target target.domain - Specifying output format (txt)
scilla report -ot output -target target.domain - Specifying directories wordlist
scilla report -wd dirs.txt -target target.domain - Specifying subdomains wordlist
scilla report -ws subdomains.txt -target target.domain - Specifying status codes to be ignored in directories scanning
scilla report -id 500,501,502 -target target.domain - Specifying status codes to be ignored in subdomains scanning
scilla report -is 500,501,502 -target target.domain - Specifying status codes classes to be ignored in directories scanning
scilla report -id 5**,4** -target target.domain - Specifying status codes classes to be ignored in subdomains scanning
scilla report -is 5**,4** -target target.domain - Use also a web crawler for directories enumeration
scilla report -cd -target target.domain - Use also a web crawler for subdomains enumeration
scilla report -cs -target target.domain - Use also a public database for subdomains enumeration
scilla report -db -target target.domain - Specifying multiple ports
scilla report -p 21,25,80 -target target.domain - Specifying common ports
scilla report -common -target target.domain - No follow redirects
scilla report -nr -target target.domain - Use VirusTotal as subdomains source
scilla report -db -vt -target target.domain - Set the User Agent
scilla report -ua "CustomUA" -target target.domain - Generate a random user agent for each request
scilla report -rua -target target.domain - Set DNS IP to resolve the subdomains
scilla report -dns 8.8.8.8 -target target.domain - Check also if the subdomains are alive
scilla report -alive -target target.domain
- Default (all ports, so 1-65635)
Changelog š
Detailed changes for each release are documented in the release notes.
Contributing š
Just open an issue / pull request.
Before opening a pull request, download golangci-lint and run
golangci-lint runIf there aren't errors, go ahead :)
To do:
-
[ ] Add more tests
-
[ ] Tor support
-
[ ] Proxy support
In the news š°
License š
This repository is under GNU General Public License v3.0.
edoardottt.com to contact me.