[](https://go.dev/)
[](https://github.com/vmfunc/sif/actions)
[](LICENSE)
[](https://aur.archlinux.org/packages/sif)
[](https://github.com/vmfunc/homebrew-sif)
[](https://cloudsmith.io/~sif/repos/deb/packages/)
[](https://discord.gg/sifcli)
**[install](#install) ยท [usage](#usage) ยท [modules](#modules) ยท [docs](docs/) ยท [contribute](#contribute)**
---
## what is sif?
sif is a modular pentesting toolkit written in go. it's designed to be fast, concurrent, and extensible. run multiple scan types against targets with a single command.
```bash
./sif -u https://example.com -all
```
## install
### homebrew (macos)
```bash
brew tap vmfunc/sif
brew install sif
```
### arch linux (aur)
install using your preferred aur helper:
```bash
yay -S sif
# or
paru -S sif
```
### debian/ubuntu (apt)
```bash
curl -1sLf 'https://dl.cloudsmith.io/public/sif/deb/setup.deb.sh' | sudo -E bash
sudo apt-get install sif
```
### from releases
grab the latest binary from [releases](https://github.com/vmfunc/sif/releases).
### from source
```bash
git clone https://github.com/vmfunc/sif.git
cd sif
make
```
requires go 1.23+
### aur (manual install)
```bash
git clone https://aur.archlinux.org/sif.git
cd sif
makepkg -si
```
## usage
```bash
# basic scan
./sif -u https://example.com
# directory fuzzing
./sif -u https://example.com -dirlist medium
# subdomain enumeration
./sif -u https://example.com -dnslist medium
# port scanning
./sif -u https://example.com -ports common
# javascript framework detection + cloud misconfig
./sif -u https://example.com -js -c3
# shodan host intelligence (requires SHODAN_API_KEY env var)
./sif -u https://example.com -shodan
# sql recon + lfi scanning
./sif -u https://example.com -sql -lfi
# framework detection (with cve lookup)
./sif -u https://example.com -framework
# everything
./sif -u https://example.com -all
```
run `./sif -h` for all options.
## modules
sif has a modular architecture. modules are defined in yaml and can be extended by users.
### built-in scan flags
| flag | description |
|------|-------------|
| `-dirlist` | directory and file fuzzing (small/medium/large) |
| `-dnslist` | subdomain enumeration (small/medium/large) |
| `-ports` | port scanning (common/full) |
| `-nuclei` | vulnerability scanning with nuclei templates |
| `-dork` | automated google dorking |
| `-js` | javascript analysis |
| `-c3` | cloud storage misconfiguration |
| `-headers` | http header analysis |
| `-st` | subdomain takeover detection |
| `-cms` | cms detection |
| `-whois` | whois lookups |
| `-git` | exposed git repository detection |
| `-shodan` | shodan lookup (requires SHODAN_API_KEY) |
| `-sql` | sql recon |
| `-lfi` | local file inclusion |
| `-framework` | framework detection with cve lookup |
### yaml modules
list available modules:
```bash
./sif -lm
```
run specific modules:
```bash
# run by id
./sif -u https://example.com -m sqli-error-based,xss-reflected
# run by tag
./sif -u https://example.com -mt owasp-top10
# run all modules
./sif -u https://example.com -am
```
### custom modules
create your own modules in `~/.config/sif/modules/`. modules use a yaml format similar to nuclei templates:
```yaml
id: my-custom-check
info:
name: my custom security check
author: you
severity: medium
description: checks for something specific
tags: [custom, recon]
type: http
http:
method: GET
paths:
- "{{BaseURL}}/admin"
- "{{BaseURL}}/login"
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "admin panel"
- "login"
condition: or
```
see [docs/modules.md](docs/modules.md) for the full module format.
## contribute
contributions welcome. see [contributing.md](CONTRIBUTING.md) for guidelines.
```bash
# format
gofmt -w .
# lint
golangci-lint run
# test
go test ./...
```
## community
join our discord for support, feature discussions, and pentesting tips:
[](https://discord.gg/sifcli)
## contributors
## acknowledgements
- [projectdiscovery](https://projectdiscovery.io/) for nuclei and other security tools
- [shodan](https://www.shodan.io/) for infrastructure intelligence
---
bsd 3-clause license ยท made by vmfunc, xyzeva, and contributors
