scilla
Scilla is a Go-based command-line tool for security reconnaissance that automates DNS enumeration, subdomain discovery, port scanning, and directory fuzzing. It supports multiple output formats and integrates with external data sources like VirusTotal and BuiltWith for enhanced reconnaissance.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | edoardottt/scilla |
| Owner | edoardottt |
| Primary language | Go |
| License | GPL-3.0 — OSI-approved |
| Stars | 1.2k |
| Forks | 146 |
| Open issues | 7 |
| Latest release | v1.3.3 (2026-03-22) |
| Last updated | 2026-07-03 |
| Source | https://github.com/edoardottt/scilla |
What scilla is
A multi-module reconnaissance framework written in Go that performs parallel DNS resolution, HTTP-based subdomain/directory enumeration with customizable wordlists, TCP port scanning across configurable ranges, and consolidated reporting. Supports API key integration, custom User-Agents, and output in JSON, HTML, and TXT formats.
Get the scilla source
Clone the repository and explore it locally.
git clone https://github.com/edoardottt/scilla.gitcd scilla# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Go 1.23+ required for building from source; binary distribution available via Homebrew, Snap, and Docker for easier deployment on non-development systems.
- API key integration (VirusTotal, BuiltWith, etc.) configured via ~/.config/scilla/keys.yaml; requires upfront credential management and key rotation strategy.
- Rate limiting and timeout tuning essential; default behavior may be too aggressive on resource-constrained or heavily-monitored targets; requires test runs in staging first.
- Output handling: tool generates JSON/HTML/TXT reports; post-processing pipelines needed for integration with ticketing, SOAR, or vulnerability management platforms.
- No built-in credential or privilege management; all scans run in context of invoking user; suitable for individual operators but not multi-tenant scenarios.
When to avoid it — and what to weigh
- Unauthorized or Unscoped Scanning — Scilla is a reconnaissance tool that generates significant network traffic. Use only on systems you own or have explicit written permission to test. Unauthorized scanning may violate computer fraud and abuse laws.
- Production Environments Without Careful Planning — Port scanning and aggressive enumeration (especially full port ranges 1–65535) can stress target infrastructure. Requires careful rate limiting and coordination with ops teams.
- Need for Evasion or Stealth — Scilla performs straightforward, detectable reconnaissance. Does not include obfuscation, proxy rotation, or anti-detection features; unsuitable for adversarial scenarios where detection avoidance is critical.
- Enterprise Integration Without Customization — No built-in RBAC, audit logging, multi-user coordination, or enterprise workflow support. Suitable for solo operators; requires wrapper/middleware for enterprise compliance and governance.
License & commercial use
Licensed under GPL-3.0 (GNU General Public License v3.0). This is a copyleft license requiring derivative works and modified versions to be distributed under the same GPL-3.0 terms, with source code made available to recipients.
Commercial use of Scilla is permitted under GPL-3.0, but any modifications or derivative tools must also be released under GPL-3.0 with source code. If you integrate Scilla into a commercial product without modification, you may distribute it as-is provided you include GPL-3.0 notice and offer source. However, if you modify Scilla or create proprietary tools that incorporate it, your modifications must be open-sourced under GPL-3.0. Consult legal counsel before commercial deployment to ensure compliance with copyleft obligations.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Scilla is a reconnaissance tool, not a vulnerability scanner. Security relevance: (1) Tool generates high-volume, detectable network traffic; noisy reconnaissance may trigger IDS/WAF alerts. (2) Requires access to external APIs (VirusTotal, BuiltWith) which means API keys stored locally (keys.yaml); keys must be protected and rotated. (3) No input validation or output sanitization documented; potential for injection if output is fed unsanitized into downstream systems. (4) No cryptographic or TLS pinning features described; assumes standard OS certificate validation. (5) Intended for authorized testing only; misuse outside scope may violate laws. Recommend: restrict network access to target scope, use dedicated runner environment, store credentials securely, rotate API keys regularly, log all scan activities for audit trail.
Alternatives to consider
Nmap
Mature, widely-used port scanner with advanced service detection and OS fingerprinting. Better for deep network reconnaissance but heavier and steeper learning curve than Scilla's CLI.
Amass (OWASP)
Specialized subdomain enumeration tool with powerful integration of multiple data sources, more sophisticated than Scilla's subdomain module, but does not include port scanning or directory fuzzing.
Shodan
Cloud-based search engine for internet-connected devices and services. Complements Scilla for passive reconnaissance but requires paid API and is not a command-line tool for active scanning.
Build on scilla with DEV.co software developers
Scilla automates multi-vector information gathering for penetration tests and bug bounty work. Deploy as a CLI tool, Docker container, or integrate into your CI/CD pipeline. Evaluate in your own environment and contact us for guidance on safe, authorized deployment.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
scilla FAQ
Can I use Scilla on systems I do not own?
Does Scilla support HTTPS/TLS scanning?
Can I integrate Scilla into a CI/CD pipeline?
Is Scilla suitable for scanning large networks?
Software development & web development with DEV.co
DEV.co helps companies turn open-source tools like scilla into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.
Ready to Streamline Your Security Reconnaissance?
Scilla automates multi-vector information gathering for penetration tests and bug bounty work. Deploy as a CLI tool, Docker container, or integrate into your CI/CD pipeline. Evaluate in your own environment and contact us for guidance on safe, authorized deployment.