Scilla – Information Gathering Tool DNS / Subdomains / Ports / Directories Enumeration

Admin
scilla

Example bar_chart

Example

Installation satellite

  • First of all, clone the repo locally
    • git clone https://github.com/edoardottt/scilla.git
  • Scilla has external dependencies, so they need to be pulled in:
    • go get
  • Linux (Requires high perms, run with sudo)
    • make linux
    • make unlinux
  • Windows (executable works only in scilla folder. Alias?)
    • make windows or .\make.bat windows (on powershell)
    • make unwindows or .\make.bat unwindows (on powershell)
  • Other commands:
    • make fmt run the golang formatter.
    • make update Update.
    • make remod Remod.
    • make test runs the tests.

Get Started tada

scilla help prints the help in the command line.

usage: scilla subcommand { options }

	Available subcommands:
		- dns -target [-o output-format] <target (URL)> REQUIRED
		- subdomain [-w wordlist] [-o output-format] [-i ignore status codes] -target <target (URL)> REQUIRED
		- port [-p <start-end>] [-o output-format] -target <target (URL/IP)> REQUIRED
		- dir [-w wordlist] [-o output-format] [-i ignore status codes] -target <target (URL/IP)> REQUIRED
		- report [-p <start-end>]
			 [-ws subdomains wordlist]
			 [-wd directories wordlist]
			 [-o output-format]
			 [-id ignore status codes in directories scanning]
			 [-is ignore status codes in subdomains scanning]
			 -target <target (URL/IP)> REQUIRED
		- help
		- examples

Examples bulb

  • DNS enumeration:
    • scilla dns -target target.domain
    • scilla dns -target -o txt target.domain
    • scilla dns -target -o html target.domain
  • Subdomains enumeration:
    • scilla subdomain -target target.domain
    • scilla subdomain -w wordlist.txt -target target.domain
    • scilla subdomain -o txt -target target.domain
    • scilla subdomain -o html -target target.domain
    • scilla subdomain -i 400 -target target.domain
    • scilla subdomain -i 4** -target target.domain
  • Directories enumeration:
    • scilla dir -target target.domain
    • scilla dir -w wordlist.txt -target target.domain
    • scilla dir -o txt -target target.domain
    • scilla dir -o html -target target.domain
    • scilla dir -i 500,401 -target target.domain
    • scilla dir -i 5**,401 -target target.domain
  • Ports enumeration:
    • Default (all ports, so 1-65635) scilla port -target target.domain
    • Specifying ports range scilla port -p 20-90 -target target.domain
    • Specifying starting port (until the last one) scilla port -p 20- -target target.domain
    • Specifying ending port (from the first one) scilla port -p -90 -target target.domain
    • Specifying single port scilla port -p 80 -target target.domain
    • Specifying output format (txt)scilla port -o txt -target target.domain
    • Specifying output format (html)scilla port -o html -target target.domain
  • Full report:
    • Default (all ports, so 1-65635) scilla report -target target.domain
    • Specifying ports range scilla report -p 20-90 -target target.domain
    • Specifying starting port (until the last one) scilla report -p 20- -target target.domain
    • Specifying ending port (from the first one) scilla report -p -90 -target target.domain
    • Specifying single port scilla report -p 80 -target target.domain
    • Specifying output format (txt)scilla report -o txt -target target.domain
    • Specifying output format (html)scilla report -o html -target target.domain
    • Specifying directories wordlist scilla report -wd dirs.txt -target target.domain
    • Specifying subdomains wordlist scilla report -ws subdomains.txt -target target.domain
    • Specifying status codes to be ignored in directories scanning scilla report -id 500,501,502 -target target.domain
    • Specifying status codes to be ignored in subdomains scanning scilla report -is 500,501,502 -target target.domain
    • Specifying status codes classes to be ignored in directories scanning scilla report -id 5**,4** -target target.domain
    • Specifying status codes classes to be ignored in subdomains scanning scilla report -is 5**,4** -target target.domain

Contributing hammer_and_wrench

Just open an issue/pull request. See also CONTRIBUTING.md and CODE OF CONDUCT.md

Help me building this!

A special thanks to danielmiessler, using those lists.

To do:

  • Tests
  • Recursive Web crawling for subdomains and directories
  • Check input and if it’s an IP try to change to hostname when dns or subdomain is active
  • Tor support
  • JSON report output
  • XML report output
  • (report mode) In all the subdomains found enumerates ports???
  • Proxy support
  • Ignore responses by status codes (partially done, to do with *, e.g. -i 4**)
  • HTML output
  • Build an Input Struct and use it as parameter
  • Output color
  • Subdomains enumeration
  • DNS enumeration
  • Subdomains enumeration
  • Port enumeration
  • Directories enumeration
  • TXT output

Download: https://github.com/edoardottt/scilla

Please follow and like us:
error
fb-share-icon
Tweet
fb-share-icon

Leave a Reply

Your email address will not be published. Required fields are marked *