mirror of
https://github.com/lunchcat/sif.git
synced 2026-01-11 04:33:40 -08:00
42d16bd68c
- update badges to point to vmfunc/sif - replace ascii art with banner image - fix header check action to check first 5 lines - remove obsolete LICENSE.md
5.4 KiB
5.4 KiB
what is sif?
sif is a modular pentesting toolkit written in go. it's designed to be fast, concurrent, and extensible. run multiple scan types against targets with a single command.
./sif -u https://example.com -all
install
from releases
grab the latest binary from releases.
from source
git clone https://github.com/dropalldatabases/sif.git
cd sif
make
requires go 1.23+
usage
# basic scan
./sif -u https://example.com
# directory fuzzing
./sif -u https://example.com -dirlist medium
# subdomain enumeration
./sif -u https://example.com -dnslist medium
# port scanning
./sif -u https://example.com -ports common
# javascript framework detection + cloud misconfig
./sif -u https://example.com -js -c3
# everything
./sif -u https://example.com -all
run ./sif -h for all options.
modules
| module | description |
|---|---|
dirlist |
directory and file fuzzing |
dnslist |
subdomain enumeration |
ports |
port and service scanning |
nuclei |
vulnerability scanning with nuclei templates |
dork |
automated google dorking |
js |
javascript framework detection (next.js, supabase) |
c3 |
cloud storage misconfiguration scanning |
headers |
http header analysis |
takeover |
subdomain takeover detection |
cms |
cms detection |
whois |
whois lookups |
git |
exposed git repository detection |
contribute
contributions welcome. see contributing.md for guidelines.
# format
gofmt -w .
# lint
golangci-lint run
# test
go test ./...
contributors
 mel 🚧 🧑🏫 📆 🛡️ ⚠️ 💼 💻 🎨 💵 🤔 |
 ProjectDiscovery 📦 |
 macdoos 💻 |
 Matthieu Witrowiez 🤔 |
 tessa 🚇 💬 📓 |
 Eva 📝 🖋 🔬 🛡️ ⚠️ 💻 |
acknowledgements
- projectdiscovery for nuclei and other security tools
- shodan for infrastructure intelligence
bsd 3-clause license · made by vmfunc, xyzeva, and contributors