gitea-mirror/sif: the blazing-fast pentesting suite. - sif

mirror of https://github.com/lunchcat/sif.git synced 2026-01-13 05:16:44 -08:00

Go to file

Celeste Hickenlooper 79b60a5259 refactor: extract cve database to separate file

move CVEEntry struct and knownCVEs map to cve.go for better
organization. this reduces detect.go by another 170 lines and makes
the CVE database easier to maintain and extend.

2026-01-03 05:57:09 -08:00

.github/workflows

ci: add test coverage reporting to workflow

2026-01-03 05:57:09 -08:00

assets

design: update banner

2024-11-14 06:51:54 +01:00

cmd/sif

license: switch to bsd 3-clause, update headers and readme

2026-01-02 17:41:18 -08:00

internal

feat: add generic worker pool for concurrent task processing

2026-01-03 05:57:09 -08:00

pkg

refactor: extract cve database to separate file

2026-01-03 05:57:09 -08:00

.all-contributorsrc

docs: update contributor name and add vxfemboy

2026-01-02 19:56:44 -08:00

.gitignore

chore: upgrade to go 1.25 and ignore claude files

2026-01-02 17:13:16 -08:00

.golangci.yml

ci: enhance golangci-lint with additional linters

2026-01-03 05:57:09 -08:00

CODE_OF_CONDUCT.md

Update README.md and add CONTRIBUTING, COC

2023-09-14 20:48:26 +03:00

CONTRIBUTING.md

fix: improve version detection and add documentation

2026-01-02 19:04:37 -08:00

flake.lock

chore(nix): modernize flake to use buildGoModule

2026-01-03 00:25:37 -08:00

flake.nix

chore(nix): modernize flake to use buildGoModule

2026-01-03 00:25:37 -08:00

go.mod

fix: update dependencies to address security vulnerabilities

2026-01-02 18:03:27 -08:00

go.sum

fix: update dependencies to address security vulnerabilities

2026-01-02 18:03:27 -08:00

LICENSE

license: switch to bsd 3-clause, update headers and readme

2026-01-02 17:41:18 -08:00

Makefile

chore: update to be compatible with all minor Go updates

2025-03-15 15:26:09 +05:30

README.md

docs: update contributor name and add vxfemboy

2026-01-02 19:56:44 -08:00

sif.code-workspace

adding vscode workspace files to project

2023-09-01 18:39:00 +02:00

sif.go

fix: error patterns and string building in sif.go and js/scan.go

2026-01-03 05:57:09 -08:00

template-example.toml

feat: update template properly

2024-07-10 05:00:53 -04:00

README.md

install · usage · modules · contribute

what is sif?

sif is a modular pentesting toolkit written in go. it's designed to be fast, concurrent, and extensible. run multiple scan types against targets with a single command.

./sif -u https://example.com -all

install

from releases

grab the latest binary from releases.

from source

git clone https://github.com/dropalldatabases/sif.git
cd sif
make

requires go 1.23+

usage

# basic scan
./sif -u https://example.com

# directory fuzzing
./sif -u https://example.com -dirlist medium

# subdomain enumeration
./sif -u https://example.com -dnslist medium

# port scanning
./sif -u https://example.com -ports common

# javascript framework detection + cloud misconfig
./sif -u https://example.com -js -c3

# shodan host intelligence (requires SHODAN_API_KEY env var)
./sif -u https://example.com -shodan

# sql recon + lfi scanning
./sif -u https://example.com -sql -lfi

# framework detection (with cve lookup)
./sif -u https://example.com -framework

# everything
./sif -u https://example.com -all

run ./sif -h for all options.

modules

module	description
`dirlist`	directory and file fuzzing
`dnslist`	subdomain enumeration
`ports`	port and service scanning
`nuclei`	vulnerability scanning with nuclei templates
`dork`	automated google dorking
`js`	javascript framework detection (next.js, supabase)
`c3`	cloud storage misconfiguration scanning
`headers`	http header analysis
`takeover`	subdomain takeover detection
`cms`	cms detection
`whois`	whois lookups
`git`	exposed git repository detection
`shodan`	shodan host intelligence (requires SHODAN_API_KEY)
`sql`	sql admin panel and error disclosure detection
`lfi`	local file inclusion vulnerability scanning
`framework`	web framework detection with version + cve lookup

contribute

contributions welcome. see contributing.md for guidelines.

# format
gofmt -w .

# lint
golangci-lint run

# test
go test ./...

community

join our discord for support, feature discussions, and pentesting tips:

contributors

_{Celeste Hickenlooper}
🚧 🧑‍🏫 📆 🛡️ 💻

_{ProjectDiscovery}
📦

_macdoos
💻

_{Matthieu Witrowiez}
🤔

_tessa
🚇 💬 📓

_Eva
📝 🖋 🔬 🛡️ ⚠️ 💻

_{Zoa Hickenlooper}
💻

acknowledgements

projectdiscovery for nuclei and other security tools
shodan for infrastructure intelligence

_{bsd 3-clause license · made by vmfunc, xyzeva, and contributors}