edoardottt / scilla Goto Github PK

When the user inputs a target, for example https://www.edoardoottavianelli.it, scilla should remember that the user inputted that protocol, and it doesn't try to use http or another protocol.
The protocol handling now is way confusionary, as we can see in the main.go file.

https://golangcode.com/generate-a-pdf/

Output the report in a well-known structure, easy to parse XML file.

#51 (comment)

Use go:embed directive to embed lists folder content

Whenever scilla produces new results (dirs or subs) and it wants to print them, it looks into all the array of Assets to search if the Printed value is set to false.
So, to speed up the performance we can do two things:
Create a new data structure with two fields:

type Result struct {
assets    []Asset,
?
}

The second field can be a boolean, and this means that it can be changed to true (or false, it depends) when you have to print somethings, or a couple of integers telling us the printed values and the total value. In this second case we don't need the Printed item in Asset....

Another thing we can do to speed up performance is to print the results in reverse order, starting from the last found and going up to the first, when we encounter a Printed == true, it means we don't have more values to print.

#51 (comment)

is there a way to instead of subdomain enumeration example "dev.example.com" what about "example.dev.dev.com"?

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Two wordlist flags are needed in report subcommand.

One for subdomain and one for directories.

Maybe it would be useful to clean the results from GET parameter.

Example:
Now :

https://www.example.com/blog/2021/03/05/images/?id=sutb4wt73ct7q38tyqycbatb78cwytt73vwv7&page=3&auth=rgvtv7at4ithbitv4b4yiy4abqat4ht4ivuykcgt4ku3gctq

Then: https://www.example.com/blog/2021/03/05/images

This batch installer doesn't work very well.

On my machine (Windows 10 Home):

set GO111MODULE=
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\edoar\AppData\Local\go-build
set GOENV=C:\Users\edoar\AppData\Roaming\go\env
set GOEXE=.exe
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOINSECURE=
set GOMODCACHE=C:\Users\edoar\go\pkg\mod
set GONOPROXY=
set GONOSUMDB=
set GOOS=windows
set GOPATH=C:\Users\edoar\go
set GOPRIVATE=
set GOPROXY=https://proxy.golang.org,direct
set GOROOT=c:\go
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOTOOLDIR=c:\go\pkg\tool\windows_amd64
set GCCGO=gccgo
set AR=ar
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=C:\Users\edoar\Desktop\github\scilla\go.mod
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-g -O2
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=C:\Users\edoar\AppData\Local\Temp\go-build007528046=/tmp/go-build -gno-record-gcc-switches

there are some unidentified problems

txt output

Like these:

• hackertarget
• certspotter
• threatcrowd
• dns.bufferover.run
• crt.sh

When -db option on subdomain command is active.

Add new option -q or -quiet to print only results and no banner and no other output to put scilla in a chain.

Example:

scilla subdomain -quiet -target target.domain | other-command

Print the progress percentage value (when CR is pressed?) (not in output doc).

• https://github.com/cheggaaa/pb

Add checks on input flags, e.g.:

• -rua in subdomain subcommand only when -alive or -c

When output file contains \ it says Can't create output file.

• Banner OK
• Footer OK
• Status code color TODO
• remove http:// in the link TODO

When typed scilla dns -target d

target: d
=============== DNS SCANNING ===============
panic: runtime error: slice bounds out of range [-4:]

goroutine 1 [running]:
main.lookupDNS(0x7ffcb04c527f, 0x1, 0x0, 0x0)
	/home/edoardottt/github/scilla/scilla.go:1016 +0x1066
main.execute(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9c51b0, 0x0, ...)
	/home/edoardottt/github/scilla/scilla.go:168 +0x723
main.main()
	/home/edoardottt/github/scilla/scilla.go:125 +0x79

• #107
• #108
• #109
• #110
• #111
• #112
• #113

I would like to choose a status code (or maybe better an array of status codes) to be ignored.
To be clear, If add:

• -ignore 404 I would like to ignore all the responses having 404 as Status code.
• -ignore 404,301 I would like to ignore all the responses having 404 or 301 as Status code.

Myabe.. it would be useful to have something like this to ignore entire classes of status codes.
-ignore 4**

Describe the bug
The crawler doesn't seem to retrieve the correct results.

Try to see cariddi project crawler core.

#51 (comment)

I don't know if this works or not or it does then writes outputs to somewhere else except the path I give if so then how to do this !!? writing output to a txt file in a specific path !!?

#51 (comment)

https://github.com/cretz/bine

When port or report add --win to specify to scan only top (100?) windows common ports.

e.g. remove found string

Summary
Scilla having a feature to enumerate the target subdomains. When you give the input target and run it returns a error like below:

target: google.com
2020/12/22 17:29:57 failed to open /usr/bin/lists/subdomains.txt

I am running scilla in WSL Ubuntu 20.04

To Reproduce
Steps to reproduce the behavior:

1. git clone the repository
2. go build
3. cp scilla build file to /usr/local/bin
4. run the following

scilla subdomain -target google.com

Expected behavior
It should return Subdomains as output.

Screenshots

-p 31,45,7645

Almost done, for now it's okay.

It would be better by differentiating the types of output (subdomains and directories with the response code)

#51 (comment)

The Spyse project seems to be shut down due to the war in Ukraine (source). Fuck Putin

The executable derived from make windows should run everywhere.
Instead it runs only in scilla folder.
Figuring out a solution...

todo: in normal mode (no plain) print searching subdomains in service... and then when it finds something delete it. (\r \r)

#51 (comment)

It would be good to have an option (for directories and subdomains enumeration), like -c to use a web crawler.
The crawler I would like to use is colly.

Sample:

package main

import (
	"fmt"
	"github.com/gocolly/colly"
)

func main() {
	c := colly.NewCollector()

	// Find and visit all links [ TO ADD: ONLY IF THE DOMAIN IS THE TARGET ]
	c.OnHTML("a[href]", func(e *colly.HTMLElement) {
		e.Request.Visit(e.Attr("href"))
	})

	c.OnRequest(func(r *colly.Request) {
		fmt.Println("Visiting", r.URL)
	})

	c.Visit("http://go-colly.org/")
}

Output as JSON file when output option is selected.

Describe the solution you'd like
We are suggesting you add Spyse as one of the data sources for: DNS, subdomain enumeration, retrieving web information, hosts, certificates, and ports.
Potential is immense. Contact us if you need any help or a free subscription to make it free for users.

Describe alternatives you've considered
Alternatives could be shodan or censys.

Additional context
I'm offering Spyse because it has different scanning and analyzing systems that provide a more clear and sometimes larger amounts of data.

Notice: I work for Spyse.

#51 (comment)

When scilla performs subdomain enumeration it takes a list of possible hostnames and then performes concurrent requests to see which hostnames are alive.
We can use also the -db option to scan subdomains open database (see #29).

The feature could be this:
When -db is active if another flag is provided (could be -no-check) scilla could just print the subdomains gathered from public databases without check if they are alive or not. (Like assetfinder, findomain and so on...)

Pay attention to the required checks:

• -no-check is okay only when -db is provided.
• If -w active there can't be the -no-check flag active.
• What about txt/html/stdout output?
• ... Think about other restrictions...

What about report subcommand?

Now scilla can only perform tcp port scanning. (scilla port -target <TARGET> + other flags).

Add a -u flag to the port subcommand to perform UDP port scanning.

system：kali linux
When I try docker build an error occurs

git clone https://github.com/edoardottt/scilla.git
cd scilla
docker build -t scilla .

##Error message

[4/5] RUN go install -v ./...:
#6 3.564 go: golang.org/x/[email protected] requires
#6 3.564 golang.org/x/[email protected]: missing go.sum entry; to add it:
#6 3.564 go mod download golang.org/x/sys

executor failed running [/bin/sh -c go install -v ./...]: exit code: 1

about Building from source

How can I do the upgrade?
Because I don't see any description of "update" 🙈

When port or report add --linux to specify to scan only top (100?) linux common ports.

Describe the bug
When I'm not in the scilla directory I'm not able to enumerates subomains.

To Reproduce
Steps to reproduce the behavior:

1. Go to a different folder != scilla
2. Run scilla subdomain -target some_domain.com
3. See error

Expected behavior
It runs everywhere.

Desktop (please complete the following information):

• OS: Linux Ubuntu Groovy Gorilla 20.10

Get https://sonar.omnisint.io/subdomains/{domain}, make the results unique and append it to the first positions of the subdomains urls.

1. Change output directory to output-scilla.
2. Change target.com.html or target.com.txt to target.com.subdomains.html or target.com.subdomains.txt