🏴‍☠️ Information Gathering tool 🏴‍☠️ - DNS / Subdomains / Ports / Directories enumeration
_{Coded with 💙 by edoardottt.}
Share on Twitter!

• Example
• Installation
  • Linux
  • Windows
• Get Started
• Examples
• Contributing

• First of all, clone the repo locally

  • git clone https://github.com/edoardottt/scilla.git

• Scilla has external dependencies, so they need to be pulled in:

  • go get

• Linux (Requires high perms, run with sudo)

  • make linux

  • make unlinux

• Windows (executable works only in scilla folder. Alias?)

  • make windows or .\make.bat windows (on powershell)

  • make unwindows or .\make.bat unwindows (on powershell)

• Other commands:

  • make fmt run the golang formatter.

  • make update Update.

  • make remod Remod.

  • make test runs the tests.

scilla help prints the help in the command line.

usage: scilla subcommand { options }

	Available subcommands:
		- dns -target [-o output-format] <target (URL)> REQUIRED
		- subdomain [-w wordlist] [-o output-format] [-i ignore status codes] -target <target (URL)> REQUIRED
		- port [-p <start-end>] [-o output-format] -target <target (URL/IP)> REQUIRED
		- dir [-w wordlist] [-o output-format] [-i ignore status codes] -target <target (URL/IP)> REQUIRED
		- report [-p <start-end>]
			 [-ws subdomains wordlist]
			 [-wd directories wordlist]
			 [-o output-format]
			 [-id ignore status codes in directories scanning]
			 [-is ignore status codes in subdomains scanning]
			 -target <target (URL/IP)> REQUIRED
		- help
		- examples

• DNS enumeration:

  • scilla dns -target target.domain
  • scilla dns -target -o txt target.domain
  • scilla dns -target -o html target.domain

• Subdomains enumeration:

  • scilla subdomain -target target.domain
  • scilla subdomain -w wordlist.txt -target target.domain
  • scilla subdomain -o txt -target target.domain
  • scilla subdomain -o html -target target.domain
  • scilla subdomain -i 400 -target target.domain
  • scilla subdomain -i 4** -target target.domain

• Directories enumeration:

  • scilla dir -target target.domain
  • scilla dir -w wordlist.txt -target target.domain
  • scilla dir -o txt -target target.domain
  • scilla dir -o html -target target.domain
  • scilla dir -i 500,401 -target target.domain
  • scilla dir -i 5**,401 -target target.domain

• Ports enumeration:

  • Default (all ports, so 1-65635) scilla port -target target.domain
  • Specifying ports range scilla port -p 20-90 -target target.domain
  • Specifying starting port (until the last one) scilla port -p 20- -target target.domain
  • Specifying ending port (from the first one) scilla port -p -90 -target target.domain
  • Specifying single port scilla port -p 80 -target target.domain
  • Specifying output format (txt)scilla port -o txt -target target.domain
  • Specifying output format (html)scilla port -o html -target target.domain

• Full report:

  • Default (all ports, so 1-65635) scilla report -target target.domain
  • Specifying ports range scilla report -p 20-90 -target target.domain
  • Specifying starting port (until the last one) scilla report -p 20- -target target.domain
  • Specifying ending port (from the first one) scilla report -p -90 -target target.domain
  • Specifying single port scilla report -p 80 -target target.domain
  • Specifying output format (txt)scilla report -o txt -target target.domain
  • Specifying output format (html)scilla report -o html -target target.domain
  • Specifying directories wordlist scilla report -wd dirs.txt -target target.domain
  • Specifying subdomains wordlist scilla report -ws subdomains.txt -target target.domain
  • Specifying status codes to be ignored in directories scanning scilla report -id 500,501,502 -target target.domain
  • Specifying status codes to be ignored in subdomains scanning scilla report -is 500,501,502 -target target.domain
  • Specifying status codes classes to be ignored in directories scanning scilla report -id 5**,4** -target target.domain
  • Specifying status codes classes to be ignored in subdomains scanning scilla report -is 5**,4** -target target.domain

Just open an issue/pull request. See also CONTRIBUTING.md and CODE OF CONDUCT.md

Help me building this!

A special thanks to danielmiessler, using those lists.

To do:

• Tests

• Recursive Web crawling for subdomains and directories

• Check input and if it's an IP try to change to hostname when dns or subdomain is active

• Tor support

• JSON report output

• XML report output

• (report mode) In all the subdomains found enumerates ports???

• Proxy support

• Ignore responses by status codes (partially done, to do with *, e.g. -i 4**)

• HTML output

• Build an Input Struct and use it as parameter

• Output color

• Subdomains enumeration

• DNS enumeration

• Subdomains enumeration

• Port enumeration

• Directories enumeration

• TXT output

https://www.edoardoottavianelli.it for contact me.

                                                                Edoardo Ottavianelli