4942425ce5
- add docs/ with installation, usage, modules, scans, and api docs - add docs link to main readme - fix release.yml to bundle modules directory with releases - add module system tests to runtest.yml - standardize go version to 1.23 across workflows
4.1 KiB
usage
complete guide to sif command line options.
target options
-u, --urls
specify target urls (comma-separated):
./sif -u https://example.com
./sif -u https://site1.com,https://site2.com
-f, --file
read targets from a file (one url per line):
./sif -f targets.txt
scan options
directory fuzzing
-dirlist <size> - fuzz for directories and files
sizes: small, medium, large
./sif -u https://example.com -dirlist medium
subdomain enumeration
-dnslist <size> - enumerate subdomains
sizes: small, medium, large
./sif -u https://example.com -dnslist small
port scanning
-ports <scope> - scan for open ports
scopes: common (top ports), full (all ports)
./sif -u https://example.com -ports common
google dorking
-dork - automated google dorking
./sif -u https://example.com -dork
git repository detection
-git - check for exposed git repositories
./sif -u https://example.com -git
nuclei scanning
-nuclei - run nuclei vulnerability templates
./sif -u https://example.com -nuclei
javascript analysis
-js - analyze javascript files
./sif -u https://example.com -js
cms detection
-cms - detect content management systems
./sif -u https://example.com -cms
http headers
-headers - analyze security headers
./sif -u https://example.com -headers
cloud storage
-c3 - check for cloud storage misconfigurations
./sif -u https://example.com -c3
subdomain takeover
-st - check for subdomain takeover vulnerabilities
requires -dnslist to be enabled
./sif -u https://example.com -dnslist small -st
shodan lookup
-shodan - query shodan for host intelligence
requires SHODAN_API_KEY environment variable
export SHODAN_API_KEY=your-api-key
./sif -u https://example.com -shodan
sql reconnaissance
-sql - detect sql admin panels and error disclosure
./sif -u https://example.com -sql
lfi scanning
-lfi - local file inclusion vulnerability checks
./sif -u https://example.com -lfi
framework detection
-framework - detect web frameworks with version and cve lookup
./sif -u https://example.com -framework
whois lookup
-whois - perform whois lookups
./sif -u https://example.com -whois
skip base scan
-noscan - skip the base url scan (robots.txt, etc)
./sif -u https://example.com -noscan -dirlist medium
module options
-lm, --list-modules
list all available modules:
./sif -lm
-m, --modules
run specific modules by id (comma-separated):
./sif -u https://example.com -m sqli-error-based,xss-reflected
-mt, --module-tags
run modules matching tags:
./sif -u https://example.com -mt owasp-top10
./sif -u https://example.com -mt injection
-am, --all-modules
run all available modules:
./sif -u https://example.com -am
runtime options
-t, --timeout
http request timeout (default: 10s):
./sif -u https://example.com -t 30s
--threads
number of concurrent threads (default: 10):
./sif -u https://example.com --threads 20
-l, --log
directory to save log files:
./sif -u https://example.com -l ./logs
-d, --debug
enable debug logging:
./sif -u https://example.com -d
api options
-api
enable api mode for json output:
./sif -u https://example.com -api
output is a json object with scan results.
examples
quick recon
./sif -u https://example.com -framework -headers -git
full scan
./sif -u https://example.com \
-dirlist large \
-dnslist medium \
-ports full \
-framework \
-js \
-headers \
-cms \
-git \
-sql \
-lfi \
-am
ci/cd pipeline
./sif -u https://staging.example.com -api -am > results.json
batch scanning
echo "https://site1.com
https://site2.com
https://site3.com" > targets.txt
./sif -f targets.txt -am -l ./logs