gitea-mirror/sif: the blazing-fast pentesting suite. - sif

mirror of https://github.com/lunchcat/sif.git synced 2026-01-12 04:55:39 -08:00

Go to file

Celeste Hickenlooper 3e67164da2 fix: add io.LimitReader and proper error handling to shodan.go

Add io.LimitReader with 5MB limit to prevent memory exhaustion and
fix ignored error in queryShodanHost. The error from io.ReadAll was
previously being discarded with _, which could mask read failures.

2026-01-03 05:57:10 -08:00

.github/workflows

ci: add test coverage reporting to workflow

2026-01-03 05:57:09 -08:00

assets

design: update banner

2024-11-14 06:51:54 +01:00

cmd/sif

refactor: move config to internal

2026-01-03 05:57:10 -08:00

internal

feat: implement loadYAML in module loader

2026-01-03 05:57:10 -08:00

modules

feat: add built-in yaml modules for security scanning

2026-01-03 05:57:10 -08:00

pkg/scan

fix: add io.LimitReader and proper error handling to shodan.go

2026-01-03 05:57:10 -08:00

.all-contributorsrc

docs: update contributor name and add vxfemboy

2026-01-02 19:56:44 -08:00

.gitignore

chore: upgrade to go 1.25 and ignore claude files

2026-01-02 17:13:16 -08:00

.golangci.yml

ci: enhance golangci-lint with additional linters

2026-01-03 05:57:09 -08:00

CODE_OF_CONDUCT.md

Update README.md and add CONTRIBUTING, COC

2023-09-14 20:48:26 +03:00

CONTRIBUTING.md

fix: improve version detection and add documentation

2026-01-02 19:04:37 -08:00

flake.lock

chore(nix): modernize flake to use buildGoModule

2026-01-03 00:25:37 -08:00

flake.nix

chore(nix): modernize flake to use buildGoModule

2026-01-03 00:25:37 -08:00

go.mod

fix: update dependencies to address security vulnerabilities

2026-01-02 18:03:27 -08:00

go.sum

fix: update dependencies to address security vulnerabilities

2026-01-02 18:03:27 -08:00

LICENSE

license: switch to bsd 3-clause, update headers and readme

2026-01-02 17:41:18 -08:00

Makefile

chore: update to be compatible with all minor Go updates

2025-03-15 15:26:09 +05:30

README.md

docs: update contributor name and add vxfemboy

2026-01-02 19:56:44 -08:00

sif_test.go

refactor: move config to internal

2026-01-03 05:57:10 -08:00

sif.code-workspace

adding vscode workspace files to project

2023-09-01 18:39:00 +02:00

sif.go

feat: integrate module system into sif.go

2026-01-03 05:57:10 -08:00

template-example.toml

feat: update template properly

2024-07-10 05:00:53 -04:00

README.md

install · usage · modules · contribute

what is sif?

sif is a modular pentesting toolkit written in go. it's designed to be fast, concurrent, and extensible. run multiple scan types against targets with a single command.

./sif -u https://example.com -all

install

from releases

grab the latest binary from releases.

from source

git clone https://github.com/dropalldatabases/sif.git
cd sif
make

requires go 1.23+

usage

# basic scan
./sif -u https://example.com

# directory fuzzing
./sif -u https://example.com -dirlist medium

# subdomain enumeration
./sif -u https://example.com -dnslist medium

# port scanning
./sif -u https://example.com -ports common

# javascript framework detection + cloud misconfig
./sif -u https://example.com -js -c3

# shodan host intelligence (requires SHODAN_API_KEY env var)
./sif -u https://example.com -shodan

# sql recon + lfi scanning
./sif -u https://example.com -sql -lfi

# framework detection (with cve lookup)
./sif -u https://example.com -framework

# everything
./sif -u https://example.com -all

run ./sif -h for all options.

modules

module	description
`dirlist`	directory and file fuzzing
`dnslist`	subdomain enumeration
`ports`	port and service scanning
`nuclei`	vulnerability scanning with nuclei templates
`dork`	automated google dorking
`js`	javascript framework detection (next.js, supabase)
`c3`	cloud storage misconfiguration scanning
`headers`	http header analysis
`takeover`	subdomain takeover detection
`cms`	cms detection
`whois`	whois lookups
`git`	exposed git repository detection
`shodan`	shodan host intelligence (requires SHODAN_API_KEY)
`sql`	sql admin panel and error disclosure detection
`lfi`	local file inclusion vulnerability scanning
`framework`	web framework detection with version + cve lookup

contribute

contributions welcome. see contributing.md for guidelines.

# format
gofmt -w .

# lint
golangci-lint run

# test
go test ./...

community

join our discord for support, feature discussions, and pentesting tips:

contributors

_{Celeste Hickenlooper}
🚧 🧑‍🏫 📆 🛡️ 💻

_{ProjectDiscovery}
📦

_macdoos
💻

_{Matthieu Witrowiez}
🤔

_tessa
🚇 💬 📓

_Eva
📝 🖋 🔬 🛡️ ⚠️ 💻

_{Zoa Hickenlooper}
💻

acknowledgements

projectdiscovery for nuclei and other security tools
shodan for infrastructure intelligence

_{bsd 3-clause license · made by vmfunc, xyzeva, and contributors}