edoardottt/scilla

GitHub: edoardottt/scilla

该项目是一个信息收集工具，可帮助安全团队快速获取目标系统的 DNS 记录、子域名、开放端口等信息。

Stars: 1196 | Forks: 148

🏴‍☠️ Information Gathering tool 🏴‍☠️ - DNS / Subdomains / Ports / Directories enumeration

_{Coded with 💙 by edoardottt}
Share on Twitter!

Install • Get Started • Examples • Changelog • Contributing • License

## 安装 📡 ### Homebrew ``` brew install scilla ``` ### Snap ``` sudo snap install scilla ``` ### Golang ``` go install -v github.com/edoardottt/scilla/cmd/scilla@latest ``` ### 从源码构建您需要 [Go](https://go.dev/) (>=1.23)

在 Linux 和 Windows 上从源码构建

#### Linux ``` git clone https://github.com/edoardottt/scilla.git cd scilla go get ./... make linux # (to install) make unlinux # (to uninstall) ``` 如果要使用 API 密钥，请编辑 `~/.config/scilla/keys.yaml` 文件。一行命令：`git clone https://github.com/edoardottt/scilla.git && cd scilla && go get ./... && make linux` #### Windows 请注意可执行文件仅在 cariddi 文件夹（[Alias?](https://github.com/edoardottt/scilla/issues/10)）中有效。 ``` git clone https://github.com/edoardottt/scilla.git cd scilla .\make.bat windows # (to install) .\make.bat unwindows # (to uninstall) ``` 如果要使用 API 密钥，请创建 `keys.yaml` 文件。

### 使用 Docker ``` docker build -t scilla . docker run scilla help ``` ## 示例 💡 - DNS 枚举： - `scilla dns -target example.com` - `scilla dns -oj output -target example.com` - `scilla dns -oh output -target example.com` - `scilla dns -ot output -target example.com` - `scilla dns -plain -target example.com` - 子域名枚举： - `scilla subdomain -target example.com` - `scilla subdomain -w wordlist.txt -target example.com` - `scilla subdomain -oj output -target example.com` - `scilla subdomain -oh output -target example.com` - `scilla subdomain -ot output -target example.com` - `scilla subdomain -i 400 -target example.com` - `scilla subdomain -i 4** -target example.com` - `scilla subdomain -c -target example.com` - `scilla subdomain -db -target example.com` - `scilla subdomain -plain -target example.com` - `scilla subdomain -db -no-check -target example.com` - `scilla subdomain -db -vt -target example.com` - `scilla subdomain -db -bw -target example.com` - `scilla subdomain -ua "CustomUA" -target example.com` - `scilla subdomain -rua -target example.com` - `scilla subdomain -dns 8.8.8.8 -target example.com` - `scilla subdomain -alive -target example.com` - 目录枚举： - `scilla dir -target example.com` - `scilla dir -w wordlist.txt -target example.com` - `scilla dir -oj output -target example.com` - `scilla dir -oh output -target example.com` - `scilla dir -ot output -target example.com` - `scilla dir -i 500,401 -target example.com` - `scilla dir -i 5**,401 -target example.com` - `scilla dir -c -target example.com` - `scilla dir -plain -target example.com` - `scilla dir -nr -target example.com` - `scilla dir -ua "CustomUA" -target example.com` - `scilla dir -rua -target example.com` - 端口枚举： - 默认（所有端口，即 1-65635） `scilla port -target example.com` - 指定端口范围 `scilla port -p 20-90 -target example.com` - 指定起始端口（直到最后一个） `scilla port -p 20- -target example.com` - 指定结束端口（从第一个开始） `scilla port -p -90 -target example.com` - 指定多个端口 `scilla port -p 21,25,80 -target example.com` - 指定常用端口 `scilla port -common -target example.com` - 指定单个端口 `scilla port -p 80 -target example.com` - 指定输出格式（json）`scilla port -oj output -target example.com` - 指定输出格式（html）`scilla port -oh output -target example.com` - 指定输出格式（txt）`scilla port -ot output -target example.com` - 仅打印结果 `scilla port -plain -target example.com` - 完整报告： - 默认（所有端口，即 1-65635） `scilla report -target example.com` - 指定端口范围 `scilla report -p 20-90 -target example.com` - 指定起始端口（直到最后一个） `scilla report -p 20- -target example.com` - 指定结束端口（从第一个开始） `scilla report -p -90 -target example.com` - 指定单个端口 `scilla report -p 80 -target example.com` - 指定多个端口 `scilla report -p 21,25,80 -target example.com` - 指定输出格式（json）`scilla report -oj output -target example.com` - 指定输出格式（html）`scilla report -oh output -target example.com` - 指定输出格式（txt）`scilla report -ot output -target example.com` - 指定目录词表 `scilla report -wd dirs.txt -target example.com` - 指定子域名词表 `scilla report -ws subdomains.txt -target example.com` - 指定在目录扫描中忽略的状态码 `scilla report -id 500,501,502 -target example.com` - 指定在子域名扫描中忽略的状态码 `scilla report -is 500,501,502 -target example.com` - 指定在目录扫描中忽略的状态码类别 `scilla report -id 5**,4** -target example.com` - 指定在子域名扫描中忽略的状态码类别 `scilla report -is 5**,4** -target example.com` - 同时使用网络爬虫进行目录枚举 `scilla report -cd -target example.com` - 同时使用网络爬虫进行子域名枚举 `scilla report -cs -target example.com` - 同时使用公共数据库进行子域名枚举 `scilla report -db -target example.com` - 指定常用端口 `scilla report -common -target example.com` - 不跟随重定向 `scilla report -nr -target example.com` - 使用 VirusTotal 作为子域名来源 `scilla report -db -vt -target example.com` - 设置用户代理 `scilla report -ua "CustomUA" -target example.com` - 为每个请求生成随机用户代理 `scilla report -rua -target example.com` - 设置 DNS IP 以解析子域名 `scilla report -dns 8.8.8.8 -target example.com` - 还检查子域名是否存活 `scilla report -alive -target example.com` ## 入门 🎉 `scilla help` 在命令行中打印帮助信息。 ``` usage: scilla subcommand { options } Available subcommands: - dns [-oj JSON output file] [-oh HTML output file] [-ot TXT output file] [-plain Print only results] -target REQUIRED - port [-p or ports divided by comma] [-oj JSON output file] [-oh HTML output file] [-ot TXT output file] [-common scan common ports] [-plain Print only results] -target REQUIRED - subdomain [-w wordlist] [-oj JSON output file] [-oh HTML output file] [-ot TXT output file] [-i ignore status codes] [-c use also a web crawler] [-db use also a public database] [-plain Print only results] [-db -no-check Don't check status codes for subdomains] [-db -vt Use VirusTotal as subdomains source] [-db -bw Use BuiltWith as subdomains source] [-ua Set the User Agent] [-rua Generate a random user agent for each request] [-dns Set DNS IP to resolve the subdomains] [-alive Check also if the subdomains are alive] -target REQUIRED - dir [-w wordlist] [-oj JSON output file] [-oh HTML output file] [-ot TXT output file] [-i ignore status codes] [-c use also a web crawler] [-plain Print only results] [-nr No follow redirects] [-ua Set the User Agent] [-rua Generate a random user agent for each request] -target REQUIRED - report [-p or ports divided by comma] [-ws subdomains wordlist] [-wd directories wordlist] [-oj JSON output file] [-oh HTML output file] [-ot TXT output file] [-id ignore status codes in directories scanning] [-is ignore status codes in subdomains scanning] [-cd use also a web crawler for directories scanning] [-cs use also a web crawler for subdomains scanning] [-db use also a public database for subdomains scanning] [-common scan common ports] [-nr No follow redirects] [-db -vt Use VirusTotal as subdomains source] [-ua Set the User Agent] [-rua Generate a random user agent for each request] [-dns Set DNS IP to resolve the subdomains] [-alive Check also if the subdomains are alive] -target REQUIRED - help - examples ``` ## 更新日志 📌 每个版本的详细更改记录在 [release notes](https://github.com/edoardottt/scilla/releases) 中。 ## 媒体报道 📰 - [Kali Linux Tutorials](https://kalilinuxtutorials.com/scilla/) - [GeeksForGeeks.org](https://www.geeksforgeeks.org/scilla-information-gathering-dns-subdomain-port-enumeration/) - [Brisk Infosec](https://www.briskinfosec.com/tooloftheday/toolofthedaydetail/Scilla) - [Kalitut](https://kalitut.com/scilla-nformation-gathering-tool/) ## 许可证 📝 本仓库遵循 [GNU General Public License v3.0](https://github.com/edoardottt/scilla/blob/main/LICENSE)。 [edoardottt.com](https://edoardottt.com/) 联系我。

标签：AI合规, CTI, DNS枚举, DNS解析, EVTX分析, EVTX分析, EVTX分析, Go语言, Linux工具, 云存储安全, 代码生成, 信息收集自动化, 子域名发现, 子域名枚举, 安全信息和事件管理, 安全测试, 安全研发, 应用安全, 开源项目, 攻击性安全, 数字取证, 数据统计, 日志审计, 渗透测试工具, 目录枚举, 移动安全, 程序破解, 端口扫描, 端口探测, 系统安全, 网络安全, 网络安全工具, 网络情报, 网络扫描, 自动化脚本, 请求拦截, 逆向工具, 隐私保护