DEV.co
Open-Source Security · edoardottt

scilla

Scilla is a Go-based command-line tool for security reconnaissance that automates DNS enumeration, subdomain discovery, port scanning, and directory fuzzing. It supports multiple output formats and integrates with external data sources like VirusTotal and BuiltWith for enhanced reconnaissance.

Source: GitHub — github.com/edoardottt/scilla
1.2k
GitHub stars
146
Forks
Go
Primary language
GPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryedoardottt/scilla
Owneredoardottt
Primary languageGo
LicenseGPL-3.0 — OSI-approved
Stars1.2k
Forks146
Open issues7
Latest releasev1.3.3 (2026-03-22)
Last updated2026-07-03
Sourcehttps://github.com/edoardottt/scilla

What scilla is

A multi-module reconnaissance framework written in Go that performs parallel DNS resolution, HTTP-based subdomain/directory enumeration with customizable wordlists, TCP port scanning across configurable ranges, and consolidated reporting. Supports API key integration, custom User-Agents, and output in JSON, HTML, and TXT formats.

Quickstart

Get the scilla source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/edoardottt/scilla.gitcd scilla# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Authorized Security Assessments and Bug Bounty Reconnaissance

Scilla is purpose-built for information gathering during penetration tests and bug bounty engagements, providing rapid enumeration of attack surface (subdomains, open ports, web directories) in a single tool.

Automated Asset Discovery and Inventory

Organizations can run Scilla against owned domains to maintain an up-to-date inventory of accessible services, subdomains, and exposed directories without manual scanning.

Red Team Operations and Internal Network Reconnaissance

Lightweight Go binary deployable on minimal systems; useful for authorized internal network assessments where a single tool can perform multi-vector reconnaissance quickly.

Implementation considerations

  • Go 1.23+ required for building from source; binary distribution available via Homebrew, Snap, and Docker for easier deployment on non-development systems.
  • API key integration (VirusTotal, BuiltWith, etc.) configured via ~/.config/scilla/keys.yaml; requires upfront credential management and key rotation strategy.
  • Rate limiting and timeout tuning essential; default behavior may be too aggressive on resource-constrained or heavily-monitored targets; requires test runs in staging first.
  • Output handling: tool generates JSON/HTML/TXT reports; post-processing pipelines needed for integration with ticketing, SOAR, or vulnerability management platforms.
  • No built-in credential or privilege management; all scans run in context of invoking user; suitable for individual operators but not multi-tenant scenarios.

When to avoid it — and what to weigh

  • Unauthorized or Unscoped Scanning — Scilla is a reconnaissance tool that generates significant network traffic. Use only on systems you own or have explicit written permission to test. Unauthorized scanning may violate computer fraud and abuse laws.
  • Production Environments Without Careful Planning — Port scanning and aggressive enumeration (especially full port ranges 1–65535) can stress target infrastructure. Requires careful rate limiting and coordination with ops teams.
  • Need for Evasion or Stealth — Scilla performs straightforward, detectable reconnaissance. Does not include obfuscation, proxy rotation, or anti-detection features; unsuitable for adversarial scenarios where detection avoidance is critical.
  • Enterprise Integration Without Customization — No built-in RBAC, audit logging, multi-user coordination, or enterprise workflow support. Suitable for solo operators; requires wrapper/middleware for enterprise compliance and governance.

License & commercial use

Licensed under GPL-3.0 (GNU General Public License v3.0). This is a copyleft license requiring derivative works and modified versions to be distributed under the same GPL-3.0 terms, with source code made available to recipients.

Commercial use of Scilla is permitted under GPL-3.0, but any modifications or derivative tools must also be released under GPL-3.0 with source code. If you integrate Scilla into a commercial product without modification, you may distribute it as-is provided you include GPL-3.0 notice and offer source. However, if you modify Scilla or create proprietary tools that incorporate it, your modifications must be open-sourced under GPL-3.0. Consult legal counsel before commercial deployment to ensure compliance with copyleft obligations.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Scilla is a reconnaissance tool, not a vulnerability scanner. Security relevance: (1) Tool generates high-volume, detectable network traffic; noisy reconnaissance may trigger IDS/WAF alerts. (2) Requires access to external APIs (VirusTotal, BuiltWith) which means API keys stored locally (keys.yaml); keys must be protected and rotated. (3) No input validation or output sanitization documented; potential for injection if output is fed unsanitized into downstream systems. (4) No cryptographic or TLS pinning features described; assumes standard OS certificate validation. (5) Intended for authorized testing only; misuse outside scope may violate laws. Recommend: restrict network access to target scope, use dedicated runner environment, store credentials securely, rotate API keys regularly, log all scan activities for audit trail.

Alternatives to consider

Nmap

Mature, widely-used port scanner with advanced service detection and OS fingerprinting. Better for deep network reconnaissance but heavier and steeper learning curve than Scilla's CLI.

Amass (OWASP)

Specialized subdomain enumeration tool with powerful integration of multiple data sources, more sophisticated than Scilla's subdomain module, but does not include port scanning or directory fuzzing.

Shodan

Cloud-based search engine for internet-connected devices and services. Complements Scilla for passive reconnaissance but requires paid API and is not a command-line tool for active scanning.

Software development agency

Build on scilla with DEV.co software developers

Scilla automates multi-vector information gathering for penetration tests and bug bounty work. Deploy as a CLI tool, Docker container, or integrate into your CI/CD pipeline. Evaluate in your own environment and contact us for guidance on safe, authorized deployment.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

scilla FAQ

Can I use Scilla on systems I do not own?
No. Scilla performs active network scanning and enumeration. Use only on systems you own or have explicit written authorization. Unauthorized scanning may violate laws (e.g., CFAA in the US).
Does Scilla support HTTPS/TLS scanning?
Not clearly stated. Scilla performs DNS, subdomain, port, and directory enumeration; no explicit documentation of TLS certificate inspection or HTTPS service detection beyond HTTP status codes.
Can I integrate Scilla into a CI/CD pipeline?
Yes. Docker and CLI support enable CI/CD integration. However, no native webhook or API-driven output; requires JSON parsing and downstream pipeline logic. No rate-limiting or infrastructure-aware tuning documented.
Is Scilla suitable for scanning large networks?
Scilla is designed for targeted reconnaissance of specific hosts/domains. Scanning large IP ranges or multiple domains may be slow or require significant tuning. No horizontal scaling or distributed scanning mode documented.

Software development & web development with DEV.co

DEV.co helps companies turn open-source tools like scilla into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.

Ready to Streamline Your Security Reconnaissance?

Scilla automates multi-vector information gathering for penetration tests and bug bounty work. Deploy as a CLI tool, Docker container, or integrate into your CI/CD pipeline. Evaluate in your own environment and contact us for guidance on safe, authorized deployment.