Hacking Tutorials

Scilla – Information Gathering tool

Presentation

Scilla is an old city in the southern part of Costa Viola. || Scilla – Information Gathering tool
It is also the name of a sea-dwelling monster that appears in Greek mythology and Odysseus.

Skila is the Greek word for “skilla”.
This skyla is commonly spoken in pairs with a demon named “Charibdis”.
Charybdis is Italian for charybdis.

It is a well-known legend that Stela and Charibdis live on both sides of the Strait of Messina. Charibdis was the daughter of Posidon and Gaia and was an extraordinary eater. At one point, he ate a whole herd of livestock and was transformed into a demon by Zeus and went into the sea.

Since then, Chabbdis has been rotating three times a day, inhaling and exhaling large amounts of seawater. If a ship passes by, it is a ship. Talking of Odysseus and the demons of the sea, the story of sirens is famous. The siren is a demon who listens to the sound of singing and is confused and eventually wrecks the ship. After encountering this siren, Odysseus encounters Chardabis and Skyla.

A monster that swallows a piece or anything, and a monster that eats people with one piece or six animal heads. Sheribis manages to get through, but Skyla attacks and kills six crew members.

Scilla - Information Gathering tool

So Scilla is actually only a town or a monster? NO.
Scilla is an information gathering tool.
This tool allows you easily to search for DNS records, Directories, Subdomains and open ports. If you are familiar with nmap, gobuster, dirsearch, sublist3r.. etc, you know what I’m talking about.

Information Gathering tool

Scilla is a Command Line tool written entirely on Golang (basically due to the power of goroutines).
Before installing Scilla you need to install Go. Follow This to install Golang on your machine.
Then, I’m talking about Installation on Kali Linux but it’s the same for all the Linux-based OS.
You need to use git, just execute this line of code inside a shell:

git clone https://github.com/edoardottt/scilla.git;cd scilla;go get;sudo make linux

Then just type scilla to see if the installation process ended successfully
For any doubt please visit the official repository or my website edoardoottavianelli.it to reach Edoardo Ottavianelli.

Basic functionalities

If you type scilla help you will see all the commands and the options (required and not) in scilla.
Also scilla examples is useful because you can see all the commands you can execute.
There are 5 main subcommands in Scilla:
DNS Enumeration
scilla dns -target example.com

Directories Enumeration
scilla dir -target example.com

Port Enumeration
scilla port -target example.com

Subdomain Enumeration
scilla subdomain -target example.com

Full Report (All 4 commands above)
scilla report -target example.com

Advanced functionalities

We will do some exaples. Please be aware that you can mix all the options belonging to a subcommand (e.g. you can use in the same time the output as html and a well defined port range..)

DNS Enumeration
In DNS enumeration we can output the results as a txt document or html document.

scilla dns -o txt -target example.com
scilla dns -o html -target example.com

Directories Enumeration
In Directories enumeration we can output the results as a txt document or html document.

scilla dir -o txt -target example.com
scilla dir -o html -target example.com

We can use also a custom wordlist.

scilla dir -w rockyou.txt -target example.com

Maybe in some cases it’s useful to ignore some type of responses by the response code.
We can ignore array of response codes in this way:

scilla dir -i 500,503 -target example.com

Or by an entire class of response codes (1,2,3,4,5). scilla dir -i 5,4** -target example.com

Port Enumeration
In Port Enumeration we can select a single port to scan or a range of ports:

To scan a single port:

scilla port -p 80 -target example.com

To scan a range of ports from the first to a defined ending port:

scilla port -p -1000 -target example.com

To scan a range of ports from the defined first port to the last (65635):

scilla port -p 3493- -target example.com

To scan a range of ports from the defined first port to the defined ending port:

scilla port -p 22-80 -target example.com

In Port enumeration we can output the results as a txt document or html document.

scilla port -o txt -target example.com
scilla port -o html -target example.com

Subdomain Enumeration
The explanation is exactly the same as Directories enumeration:

scilla subdomain -target example.com
scilla subdomain -w wordlist.txt -target example.com
scilla subdomain -o txt -target example.com
scilla subdomain -o html -target example.com
scilla subdomain -i 400 -target example.com
scilla subdomain -i 4** -target example.com

Full Report (All 4 commands above)
Default (all ports, so 1-65635)

scilla report -target target.domain

Specifying ports range

scilla report -p 20-90 -target target.domain

Specifying starting port (until the last one)

scilla report -p 20- -target target.domain

Specifying ending port (from the first one)

scilla report -p -90 -target target.domain

Specifying single port

scilla report -p 80 -target target.domain

Specifying output format (txt)

scilla report -o txt -target target.domain

Specifying output format (html)

scilla report -o html -target target.domain

Specifying directories wordlist

scilla report -wd dirs.txt -target target.domain

Specifying subdomains wordlist

scilla report -ws subdomains.txt -target target.domain

Specifying status codes to be ignored in directories scanning

scilla report -id 500,501,502 -target target.domain

Specifying status codes to be ignored in subdomains scanning

scilla report -is 500,501,502 -target target.domain

Specifying status codes classes to be ignored in directories scanning

scilla report -id 5,4 -target target.domain

Specifying status codes classes to be ignored in subdomains scanning

scilla report -is 5,4 -target target.domain

Conclusion

This project is maintained ony by me (Edoardo Ottavianelli).
Contributions are welcome, if you want to contribute just go on GitHub repo, read the issues open, or just open another issue. I suggest you text me before submitting a pull request.

Happy Hacking!

References

6 Comments

  1. Lindsay Johnson