Scilla

🏴‍☠️ Information Gathering tool 🏴‍☠️ - DNS / Subdomains / Ports / Directories enumeration
_{Coded with 💙 by edoardottt.}
Share on Twitter!

Example 📊

Installation 📡

• First of all, clone the repo locally

  • git clone https://github.com/edoardottt/scilla.git

• Scilla has external dependencies, so they need to be pulled in:

  • go get

• Linux (Requires high perms, run with sudo)

  • make linux

  • make unlinux

• Windows (executable works only in scilla folder. Alias?)

  • make windows

  • make unwindows

• make fmt run the golang formatter.

• make update Update.

• make remod Remod.

• make test runs the tests.

Get Started 🎉

scilla help prints the help in the command line.

usage: scilla [subcommand] { options }

    Available subcommands:
	   - dns { -target <target (URL)> REQUIRED}
	   - subdomain { [-w wordlist] -target <target (URL)> REQUIRED}
	   - port { [-p <start-end>] -target <target (URL/IP)> REQUIRED}
	   - dir { [-w wordlist] -target <target (URL/IP)> REQUIRED}
	   - report { [-p <start-end>] -target <target (URL/IP)> REQUIRED}
	   - help

Examples 💡

• DNS enumeration:

  • scilla dns -target target.domain

• Subdomains enumeration:

  • scilla subdomain -target target.domain

  • scilla subdomain -w wordlist.txt -target target.domain

• Directories enumeration:

  • scilla dir -target target.domain

  • scilla dir -w wordlist.txt -target target.domain

• Ports enumeration:

  • Default (all ports, so 1-65635) scilla port -target target.domain

  • Specifying ports range scilla port -p 20-90 -target target.domain

  • Specifying starting port (until the last one) scilla port -p 20- -target target.domain

  • Specifying ending port (from the first one) scilla port -p -90 -target target.domain

  • Specifying single port scilla port -p 80 -target target.domain

• Full report:

  • Default (all ports, so 1-65635) scilla report -target target.domain

  • Specifying ports range scilla report -p 20-90 -target target.domain

  • Specifying starting port (until the last one) scilla report -p 20- -target target.domain

  • Specifying ending port (from the first one) scilla report -p -90 -target target.domain

  • Specifying single port scilla report -p 80 -target target.domain

  • Specifying wordlist scilla report -w wordlist.txt -target target.domain

Contributing 🛠

Just open an issue/pull request. See also CONTRIBUTING.md and CODE OF CONDUCT.md

Help me building this!

A special thanks to danielmiessler. Now using one of those lists.

To do:

• Test the functions

• Subdomains enumeration

• DNS enumeration

• Subdomains enumeration

• Port enumeration

• Directories enumeration

• Print the progress percentage value when CR is pressed (not in output doc)

• Build an Input Struct and use it as parameter

• Output color

• Check input and if it's an IP try to change to hostname when dns or subdomain is active

• JSON report output

• PDF report output

• XML report output

• (report mode) In all the subdomains found enumerates ports???

• Tor support

• Proxy support

If you liked it drop a ⭐

https://www.edoardoottavianelli.it for contact me.

                                                                Edoardo Ottavianelli