gitea-mirror/sif: the blazing-fast pentesting suite. - sif

mirror of https://github.com/lunchcat/sif.git synced 2026-01-10 12:13:22 -08:00

Go to file

Celeste Hickenlooper 816ecd1e46 fix: update dependencies to address security vulnerabilities

- golang.org/x/crypto v0.26.0 -> v0.46.0 (critical: ssh auth bypass)
- golang.org/x/net v0.28.0 -> v0.48.0 (medium: xss vulnerability)
- golang.org/x/oauth2 v0.11.0 -> v0.34.0 (high: input validation)
- quic-go v0.48.2 -> v0.58.0 (high: panic on undecryptable packets)
- golang-jwt/jwt v4.5.1 -> v4.5.2 (high: memory allocation)
- cloudflare/circl v1.3.7 -> v1.6.2 (low: validation issues)
- refraction-networking/utls v1.5.4 -> v1.8.1 (medium: tls downgrade)
- ulikunitz/xz v0.5.11 -> v0.5.15 (medium: memory leak)
- klauspost/compress v1.16.7 -> v1.17.4

also fixes go vet warnings for non-constant format strings

2026-01-02 18:03:27 -08:00

.github/workflows

fix: update readme badges and use banner image

2026-01-02 17:54:17 -08:00

assets

design: update banner

2024-11-14 06:51:54 +01:00

cmd/sif

license: switch to bsd 3-clause, update headers and readme

2026-01-02 17:41:18 -08:00

internal

license: switch to bsd 3-clause, update headers and readme

2026-01-02 17:41:18 -08:00

pkg

fix: update dependencies to address security vulnerabilities

2026-01-02 18:03:27 -08:00

.all-contributorsrc

fix<contrib>: fix contributor file

2024-10-13 00:56:23 +02:00

.gitignore

chore: upgrade to go 1.25 and ignore claude files

2026-01-02 17:13:16 -08:00

.golangci.yml

chore: add golangci-lint configuration

2026-01-02 17:21:58 -08:00

CODE_OF_CONDUCT.md

Update README.md and add CONTRIBUTING, COC

2023-09-14 20:48:26 +03:00

CONTRIBUTING.md

docs: update minimum go version to 1.23 in contributing guide

2026-01-02 17:21:38 -08:00

flake.lock

Add nix build instructions

2023-09-14 20:46:47 +03:00

flake.nix

Add nix build instructions

2023-09-14 20:46:47 +03:00

go.mod

fix: update dependencies to address security vulnerabilities

2026-01-02 18:03:27 -08:00

go.sum

fix: update dependencies to address security vulnerabilities

2026-01-02 18:03:27 -08:00

gomod2nix.toml

Use nuclei API to scan nuclei templates

2023-09-14 20:48:28 +03:00

LICENSE

license: switch to bsd 3-clause, update headers and readme

2026-01-02 17:41:18 -08:00

Makefile

chore: update to be compatible with all minor Go updates

2025-03-15 15:26:09 +05:30

README.md

fix: update readme badges and use banner image

2026-01-02 17:54:17 -08:00

sif.code-workspace

adding vscode workspace files to project

2023-09-01 18:39:00 +02:00

sif.go

fix: update readme badges and use banner image

2026-01-02 17:54:17 -08:00

template-example.toml

feat: update template properly

2024-07-10 05:00:53 -04:00

README.md

install · usage · modules · contribute

what is sif?

sif is a modular pentesting toolkit written in go. it's designed to be fast, concurrent, and extensible. run multiple scan types against targets with a single command.

./sif -u https://example.com -all

install

from releases

grab the latest binary from releases.

from source

git clone https://github.com/dropalldatabases/sif.git
cd sif
make

requires go 1.23+

usage

# basic scan
./sif -u https://example.com

# directory fuzzing
./sif -u https://example.com -dirlist medium

# subdomain enumeration
./sif -u https://example.com -dnslist medium

# port scanning
./sif -u https://example.com -ports common

# javascript framework detection + cloud misconfig
./sif -u https://example.com -js -c3

# everything
./sif -u https://example.com -all

run ./sif -h for all options.

modules

module	description
`dirlist`	directory and file fuzzing
`dnslist`	subdomain enumeration
`ports`	port and service scanning
`nuclei`	vulnerability scanning with nuclei templates
`dork`	automated google dorking
`js`	javascript framework detection (next.js, supabase)
`c3`	cloud storage misconfiguration scanning
`headers`	http header analysis
`takeover`	subdomain takeover detection
`cms`	cms detection
`whois`	whois lookups
`git`	exposed git repository detection

contribute

contributions welcome. see contributing.md for guidelines.

# format
gofmt -w .

# lint
golangci-lint run

# test
go test ./...

contributors

_mel
🚧 🧑‍🏫 📆 🛡️ ⚠️ 💼 💻 🎨 💵 🤔

_{ProjectDiscovery}
📦

_macdoos
💻

_{Matthieu Witrowiez}
🤔

_tessa
🚇 💬 📓

_Eva
📝 🖋 🔬 🛡️ ⚠️ 💻

acknowledgements

projectdiscovery for nuclei and other security tools
shodan for infrastructure intelligence

_{bsd 3-clause license · made by vmfunc, xyzeva, and contributors}