gitea-mirror/sif
1
0
Fork 0
mirror of https://github.com/lunchcat/sif.git synced 2026-06-12 19:11:25 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
ci/release-ldflags
sif/docs/usage.md
T
vmfunc 661480a56d feat: stamp and surface the build version 
- add internal/version: resolve from the release ldflag, else the go build
  info (module tag / vcs revision), else "dev"
- show the version on the boot banner and for `sif version`
- Makefile now stamps `make` builds via git describe (matching the release ci),
  so local/go-install builds report a real version instead of "dev"
- patchnotes.ShowOnce skips pseudo/dev versions so non-release builds dont make
  a doomed github call
- document sif version / sif patchnote / SIF_NO_PATCHNOTES in the readme + usage
2026-06-09 14:18:28 -07:00

4.8 KiB
Raw Permalink Blame History

usage

complete guide to sif command line options.

target options

-u, --urls

specify target urls (comma-separated):

./sif -u https://example.com
./sif -u https://site1.com,https://site2.com

-f, --file

read targets from a file (one url per line):

./sif -f targets.txt

scan options

directory fuzzing

-dirlist <size> - fuzz for directories and files

sizes: small, medium, large

./sif -u https://example.com -dirlist medium

subdomain enumeration

-dnslist <size> - enumerate subdomains

sizes: small, medium, large

./sif -u https://example.com -dnslist small

port scanning

-ports <scope> - scan for open ports

scopes: common (top ports), full (all ports)

./sif -u https://example.com -ports common

google dorking

-dork - automated google dorking

./sif -u https://example.com -dork

git repository detection

-git - check for exposed git repositories

./sif -u https://example.com -git

nuclei scanning

-nuclei - run nuclei vulnerability templates

./sif -u https://example.com -nuclei

javascript analysis

-js - analyze javascript files

./sif -u https://example.com -js

cms detection

-cms - detect content management systems

./sif -u https://example.com -cms

http headers

-headers - dump the target's response headers

./sif -u https://example.com -headers

security headers

-sh - flag missing/weak security headers (hsts, csp, x-frame-options, ...) and headers that leak server internals

./sif -u https://example.com -sh

cloud storage

-c3 - check for cloud storage misconfigurations

./sif -u https://example.com -c3

subdomain takeover

-st - check for subdomain takeover vulnerabilities

requires -dnslist to be enabled

./sif -u https://example.com -dnslist small -st

shodan lookup

-shodan - query shodan for host intelligence

requires SHODAN_API_KEY environment variable

export SHODAN_API_KEY=your-api-key
./sif -u https://example.com -shodan

sql reconnaissance

-sql - detect sql admin panels and error disclosure

./sif -u https://example.com -sql

lfi scanning

-lfi - local file inclusion vulnerability checks

./sif -u https://example.com -lfi

framework detection

-framework - detect web frameworks with version and cve lookup

./sif -u https://example.com -framework

whois lookup

-whois - perform whois lookups

./sif -u https://example.com -whois

skip base scan

-noscan - skip the base url scan (robots.txt, etc)

./sif -u https://example.com -noscan -dirlist medium

module options

-lm, --list-modules

list all available modules:

./sif -lm

-m, --modules

run specific modules by id (comma-separated):

./sif -u https://example.com -m sqli-error-based,xss-reflected

-mt, --module-tags

run modules matching tags:

./sif -u https://example.com -mt owasp-top10
./sif -u https://example.com -mt injection

-am, --all-modules

run all available modules:

./sif -u https://example.com -am

runtime options

-t, --timeout

http request timeout (default: 10s):

./sif -u https://example.com -t 30s

--threads

number of concurrent threads (default: 10):

./sif -u https://example.com --threads 20

-l, --log

directory to save log files:

./sif -u https://example.com -l ./logs

-d, --debug

enable debug logging:

./sif -u https://example.com -d

api options

-api

enable api mode for json output:

./sif -u https://example.com -api

output is a json object with scan results.

commands

these run without scanning a target.

version

print the sif version. release builds are stamped via ldflags, local make builds derive it from git describe, and go installed builds read it from the module build info:

./sif version

patchnote

show the latest release's notes, fetched from github (also -pn):

./sif patchnote

the first time you run a new release sif also prints that release's notes once. set SIF_NO_PATCHNOTES=1 to disable that.

examples

quick recon

./sif -u https://example.com -framework -headers -git

full scan

./sif -u https://example.com \
  -dirlist large \
  -dnslist medium \
  -ports full \
  -framework \
  -js \
  -headers \
  -cms \
  -git \
  -sql \
  -lfi \
  -am

ci/cd pipeline

./sif -u https://staging.example.com -api -am > results.json

batch scanning

echo "https://site1.com
https://site2.com
https://site3.com" > targets.txt

./sif -f targets.txt -am -l ./logs
Reference in New Issue View Git Blame Copy Permalink