[](https://go.dev/)
[](https://github.com/vmfunc/sif/actions)
[](LICENSE)
**[install](#install) ยท [usage](#usage) ยท [modules](#modules) ยท [contribute](#contribute)**
---
## what is sif?
sif is a modular pentesting toolkit written in go. it's designed to be fast, concurrent, and extensible. run multiple scan types against targets with a single command.
```bash
./sif -u https://example.com -all
```
## install
### from releases
grab the latest binary from [releases](https://github.com/vmfunc/sif/releases).
### from source
```bash
git clone https://github.com/dropalldatabases/sif.git
cd sif
make
```
requires go 1.23+
## usage
```bash
# basic scan
./sif -u https://example.com
# directory fuzzing
./sif -u https://example.com -dirlist medium
# subdomain enumeration
./sif -u https://example.com -dnslist medium
# port scanning
./sif -u https://example.com -ports common
# javascript framework detection + cloud misconfig
./sif -u https://example.com -js -c3
# everything
./sif -u https://example.com -all
```
run `./sif -h` for all options.
## modules
| module | description |
|--------|-------------|
| `dirlist` | directory and file fuzzing |
| `dnslist` | subdomain enumeration |
| `ports` | port and service scanning |
| `nuclei` | vulnerability scanning with nuclei templates |
| `dork` | automated google dorking |
| `js` | javascript framework detection (next.js, supabase) |
| `c3` | cloud storage misconfiguration scanning |
| `headers` | http header analysis |
| `takeover` | subdomain takeover detection |
| `cms` | cms detection |
| `whois` | whois lookups |
| `git` | exposed git repository detection |
## contribute
contributions welcome. see [contributing.md](CONTRIBUTING.md) for guidelines.
```bash
# format
gofmt -w .
# lint
golangci-lint run
# test
go test ./...
```
## contributors
## acknowledgements
- [projectdiscovery](https://projectdiscovery.io/) for nuclei and other security tools
- [shodan](https://www.shodan.io/) for infrastructure intelligence
---
bsd 3-clause license ยท made by vmfunc, xyzeva, and contributors
