sif/README.md at 3e67164da2604e47e3e73ea496a5bbf7010393fa

gitea-mirror/sif

Fork 0

mirror of https://github.com/lunchcat/sif.git synced 2026-01-12 13:05:20 -08:00

Files

Celeste Hickenlooper 9e71b512b1 docs: update contributor name and add vxfemboy

2026-01-02 19:56:44 -08:00

6.5 KiB

Raw Blame History

install · usage · modules · contribute

what is sif?

sif is a modular pentesting toolkit written in go. it's designed to be fast, concurrent, and extensible. run multiple scan types against targets with a single command.

./sif -u https://example.com -all

install

from releases

grab the latest binary from releases.

from source

git clone https://github.com/dropalldatabases/sif.git
cd sif
make

requires go 1.23+

usage

# basic scan
./sif -u https://example.com

# directory fuzzing
./sif -u https://example.com -dirlist medium

# subdomain enumeration
./sif -u https://example.com -dnslist medium

# port scanning
./sif -u https://example.com -ports common

# javascript framework detection + cloud misconfig
./sif -u https://example.com -js -c3

# shodan host intelligence (requires SHODAN_API_KEY env var)
./sif -u https://example.com -shodan

# sql recon + lfi scanning
./sif -u https://example.com -sql -lfi

# framework detection (with cve lookup)
./sif -u https://example.com -framework

# everything
./sif -u https://example.com -all

run ./sif -h for all options.

modules

module	description
`dirlist`	directory and file fuzzing
`dnslist`	subdomain enumeration
`ports`	port and service scanning
`nuclei`	vulnerability scanning with nuclei templates
`dork`	automated google dorking
`js`	javascript framework detection (next.js, supabase)
`c3`	cloud storage misconfiguration scanning
`headers`	http header analysis
`takeover`	subdomain takeover detection
`cms`	cms detection
`whois`	whois lookups
`git`	exposed git repository detection
`shodan`	shodan host intelligence (requires SHODAN_API_KEY)
`sql`	sql admin panel and error disclosure detection
`lfi`	local file inclusion vulnerability scanning
`framework`	web framework detection with version + cve lookup

contribute

contributions welcome. see contributing.md for guidelines.

# format
gofmt -w .

# lint
golangci-lint run

# test
go test ./...

community

join our discord for support, feature discussions, and pentesting tips:

contributors

_{Celeste Hickenlooper}
🚧 🧑‍🏫 📆 🛡️ 💻

_{ProjectDiscovery}
📦

_macdoos
💻

_{Matthieu Witrowiez}
🤔

_tessa
🚇 💬 📓

_Eva
📝 🖋 🔬 🛡️ ⚠️ 💻

_{Zoa Hickenlooper}
💻

acknowledgements

projectdiscovery for nuclei and other security tools
shodan for infrastructure intelligence

_{bsd 3-clause license · made by vmfunc, xyzeva, and contributors}

6.5 KiB Raw Blame History