gitea-mirror/sif
1
0
Fork 0
mirror of https://github.com/lunchcat/sif.git synced 2026-01-10 20:23:38 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
02bb8aed1b06b2a47e1b2d1055466041e990b84f
sif/docs/configuration.md
Celeste Hickenlooper 4942425ce5 docs: add comprehensive documentation and fix github actions 
- add docs/ with installation, usage, modules, scans, and api docs
- add docs link to main readme
- fix release.yml to bundle modules directory with releases
- add module system tests to runtest.yml
- standardize go version to 1.23 across workflows
2026-01-03 05:57:10 -08:00

2.4 KiB
Raw Blame History

configuration

runtime configuration options for sif.

environment variables

SHODAN_API_KEY

required for shodan lookups.

export SHODAN_API_KEY=your-api-key-here
./sif -u https://example.com -shodan

command line options

timeout

default request timeout is 10 seconds.

# increase for slow targets
./sif -u https://example.com -t 30s

# decrease for fast scans
./sif -u https://example.com -t 5s

threads

default is 10 concurrent threads.

# more threads for faster scanning
./sif -u https://example.com --threads 50

# fewer threads to reduce load
./sif -u https://example.com --threads 5

logging

save output to files:

./sif -u https://example.com -l ./logs

creates timestamped log files in the specified directory.

debug mode

enable verbose logging:

./sif -u https://example.com -d

user modules

place custom modules in:

  • linux/macos: ~/.config/sif/modules/
  • windows: %LOCALAPPDATA%\sif\modules\

directory structure

~/.config/sif/
├── modules/
│   ├── http/
│   │   └── my-sqli-check.yaml
│   ├── recon/
│   │   └── custom-paths.yaml
│   └── my-module.yaml

modules can be organized in subdirectories or placed directly in the modules folder.

overriding built-in modules

user modules with the same id as built-in modules will override them:

# ~/.config/sif/modules/sqli-error-based.yaml
# this overrides the built-in sqli-error-based module

id: sqli-error-based
info:
  name: my custom sqli check
  # ...

performance tuning

fast scans

./sif -u https://example.com \
  --threads 50 \
  -t 5s \
  -dirlist small \
  -dnslist small

thorough scans

./sif -u https://example.com \
  --threads 10 \
  -t 30s \
  -dirlist large \
  -dnslist large \
  -ports full

low-impact scans

reduce load on target:

./sif -u https://example.com \
  --threads 2 \
  -t 10s

output formats

console (default)

human-readable output with colors and formatting.

json (api mode)

./sif -u https://example.com -api

returns structured json:

{
  "url": "https://example.com",
  "results": [
    {
      "id": "sqli-error-based",
      "data": {
        "findings": [...]
      }
    }
  ]
}

log files

./sif -u https://example.com -l ./logs

creates separate log files for each scan type.

Reference in New Issue View Git Blame Copy Permalink