Coded with
Share on Twitter!
Preview β’ Install β’ Get Started β’ Examples β’ Contributing
π
Preview
π‘
Installation -
First of all, clone the repo locally
git clone https://github.com/edoardottt/scilla.git
cd scilla
-
Scilla has external dependencies, so they need to be pulled in:
go get
-
Linux (Requires high perms, run with sudo)
-
make linux
(to install) -
make unlinux
(to uninstall)
-
-
Windows (executable works only in scilla folder. Alias?)
-
make windows
(to install) or.\make.bat windows
(powershell) -
make unwindows
(to uninstall) or.\make.bat unwindows
(powershell)
-
-
Other commands:
-
make fmt
run the golang formatter. -
make update
Update. -
make remod
Remod. -
make test
runs the tests (empty now..)
-
π
Get Started scilla help
prints the help in the command line.
usage: scilla subcommand { options }
Available subcommands:
- dns [-o output-format]
[-plain Print only results]
-target REQUIRED
- port [-p or ports divided by comma]
[-o output-format]
[-common scan common ports]
[-plain Print only results]
-target REQUIRED
- subdomain [-w wordlist]
[-o output-format]
[-i ignore status codes]
[-c use also a web crawler]
[-db use also a public database]
[-plain Print only results]
-target REQUIRED
- dir [-w wordlist]
[-o output-format]
[-i ignore status codes]
[-c use also a web crawler]
[-plain Print only results]
-target REQUIRED
- report [-p or ports divided by comma]
[-ws subdomains wordlist]
[-wd directories wordlist]
[-o output-format]
[-id ignore status codes in directories scanning]
[-is ignore status codes in subdomains scanning]
[-cd use also a web crawler for directories scanning]
[-cs use also a web crawler for subdomains scanning]
[-db use also a public database for subdomains scanning]
[-common scan common ports]
-target REQUIRED
- help
- examples
π‘
Examples -
DNS enumeration:
scilla dns -target target.domain
scilla dns -o txt -target target.domain
scilla dns -o html -target target.domain
scilla dns -plain -target target.domain
-
Subdomains enumeration:
scilla subdomain -target target.domain
scilla subdomain -w wordlist.txt -target target.domain
scilla subdomain -o txt -target target.domain
scilla subdomain -o html -target target.domain
scilla subdomain -i 400 -target target.domain
scilla subdomain -i 4** -target target.domain
scilla subdomain -c -target target.domain
scilla subdomain -db -target target.domain
scilla subdomain -plain -target target.domain
-
Directories enumeration:
scilla dir -target target.domain
scilla dir -w wordlist.txt -target target.domain
scilla dir -o txt -target target.domain
scilla dir -o html -target target.domain
scilla dir -i 500,401 -target target.domain
scilla dir -i 5**,401 -target target.domain
scilla dir -c -target target.domain
scilla dir -plain -target target.domain
-
Ports enumeration:
- Default (all ports, so 1-65635)
scilla port -target target.domain
- Specifying ports range
scilla port -p 20-90 -target target.domain
- Specifying starting port (until the last one)
scilla port -p 20- -target target.domain
- Specifying ending port (from the first one)
scilla port -p -90 -target target.domain
- Specifying single port
scilla port -p 80 -target target.domain
- Specifying output format (txt)
scilla port -o txt -target target.domain
- Specifying output format (html)
scilla port -o html -target target.domain
- Specifying multiple ports
scilla port -p 21,25,80 -target target.domain
- Specifying common ports
scilla port -common -target target.domain
- Print only results
scilla port -plain -target target.domain
- Default (all ports, so 1-65635)
-
Full report:
- Default (all ports, so 1-65635)
scilla report -target target.domain
- Specifying ports range
scilla report -p 20-90 -target target.domain
- Specifying starting port (until the last one)
scilla report -p 20- -target target.domain
- Specifying ending port (from the first one)
scilla report -p -90 -target target.domain
- Specifying single port
scilla report -p 80 -target target.domain
- Specifying output format (txt)
scilla report -o txt -target target.domain
- Specifying output format (html)
scilla report -o html -target target.domain
- Specifying directories wordlist
scilla report -wd dirs.txt -target target.domain
- Specifying subdomains wordlist
scilla report -ws subdomains.txt -target target.domain
- Specifying status codes to be ignored in directories scanning
scilla report -id 500,501,502 -target target.domain
- Specifying status codes to be ignored in subdomains scanning
scilla report -is 500,501,502 -target target.domain
- Specifying status codes classes to be ignored in directories scanning
scilla report -id 5**,4** -target target.domain
- Specifying status codes classes to be ignored in subdomains scanning
scilla report -is 5**,4** -target target.domain
- Use also a web crawler for directories enumeration
scilla report -cd -target target.domain
- Use also a web crawler for subdomains enumeration
scilla report -cs -target target.domain
- Use also a public database for subdomains enumeration
scilla report -db -target target.domain
- Specifying multiple ports
scilla report -p 21,25,80 -target target.domain
- Specifying common ports
scilla report -common -target target.domain
- Default (all ports, so 1-65635)
π
Contributing Just open an issue/pull request. See also CONTRIBUTING.md and CODE OF CONDUCT.md
Help me building this!
A special thanks to danielmiessler, using those lists; and to sonarSearch.
To do:
-
Tests (
π ) -
Tor support
-
Proxy support
-
JSON output
-
XML output
-
Plain output (print only results)
-
Scan only common ports
-
Add option to use a public database of known subdomains
-
Recursive Web crawling for subdomains and directories
-
Check input and if it's an IP try to change to hostname when dns or subdomain is active
-
Ignore responses by status codes (partially done, to do with
*
, e.g.-i 4**
) -
HTML output
-
Build an Input Struct and use it as parameter
-
Output color
-
Subdomains enumeration
-
DNS enumeration
-
Subdomains enumeration
-
Port enumeration
-
Directories enumeration
-
TXT output
β
If you liked it drop a edoardoottavianelli.it for contact me.
Edoardo Ottavianelli