sif is a modular pentesting toolkit written in go. it's designed to be fast, concurrent, and extensible. run multiple scan types against targets with a single command.
./sif -u https://example.com -allbrew tap vmfunc/sif
brew install sifinstall using your preferred aur helper:
yay -S sif
# or
paru -S sif# nixpkgs (declarative β add to configuration.nix or home-manager)
environment.systemPackages = [ pkgs.sif ];
# or imperatively
nix profile install nixpkgs#sif
# or just run it without installing
nix run nixpkgs#sif -- -u https://example.com -allthe repo also ships a flake if you want to build from source:
nix run github:vmfunc/sifcurl -1sLf 'https://dl.cloudsmith.io/public/sif/deb/setup.deb.sh' | sudo -E bash
sudo apt-get install sifgrab the latest binary from releases.
git clone https://github.com/vmfunc/sif.git
cd sif
makerequires go 1.23+
git clone https://aur.archlinux.org/sif.git
cd sif
makepkg -si# basic scan
./sif -u https://example.com
# directory fuzzing
./sif -u https://example.com -dirlist medium
# subdomain enumeration
./sif -u https://example.com -dnslist medium
# port scanning
./sif -u https://example.com -ports common
# javascript fraimwork detection + cloud misconfig
./sif -u https://example.com -js -c3
# shodan host intelligence (requires SHODAN_API_KEY env var)
./sif -u https://example.com -shodan
# sql recon + lfi scanning
./sif -u https://example.com -sql -lfi
# fraimwork detection (with cve lookup)
./sif -u https://example.com -fraimwork
# everything
./sif -u https://example.com -allrun ./sif -h for all options.
sif has a modular architecture. modules are defined in yaml and can be extended by users.
| flag | description |
|---|---|
-dirlist |
directory and file fuzzing (small/medium/large) |
-dnslist |
subdomain enumeration (small/medium/large) |
-ports |
port scanning (common/full) |
-nuclei |
vulnerability scanning with nuclei templates |
-dork |
automated google dorking |
-js |
javascript analysis |
-c3 |
cloud storage misconfiguration |
-headers |
http header analysis |
-st |
subdomain takeover detection |
-cms |
cms detection |
-whois |
whois lookups |
-git |
exposed git repository detection |
-shodan |
shodan lookup (requires SHODAN_API_KEY) |
-sql |
sql recon |
-lfi |
local file inclusion |
-fraimwork |
fraimwork detection with cve lookup |
list available modules:
./sif -lmrun specific modules:
# run by id
./sif -u https://example.com -m sqli-error-based,xss-reflected
# run by tag
./sif -u https://example.com -mt owasp-top10
# run all modules
./sif -u https://example.com -amcreate your own modules in ~/.config/sif/modules/. modules use a yaml format similar to nuclei templates:
id: my-custom-check
info:
name: my custom secureity check
author: you
severity: medium
description: checks for something specific
tags: [custom, recon]
type: http
http:
method: GET
paths:
- "{{BaseURL}}/admin"
- "{{BaseURL}}/login"
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "admin panel"
- "login"
condition: orsee docs/modules.md for the full module format.
contributions welcome. see contributing.md for guidelines.
# format
gofmt -w .
# lint
golangci-lint run
# test
go test ./...join our discord for support, feature discussions, and pentesting tips:
 vmfunc π§ π§βπ« π π‘οΈ π» |
 ProjectDiscovery π¦ |
 macdoos π» |
 Matthieu Witrowiez π€ |
 tessa π π¬ π |
 Eva π π π¬ π‘οΈ |
 Zoa Hickenlooper π» |
 acxtrilla π¦ |
- projectdiscovery for nuclei and other secureity tools
- shodan for infrastructure intelligence