Skip to content
/ s1c0n Public

simple recon tool to help you for searching vulnerability on web server

License

MIT license
72 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

x0rr-dan/s1c0n

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

115 Commits
.idea
.idea
 
 
animation
animation
 
 
core
core
 
 
guiscan
guiscan
 
 
scan
scan
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
elang.png
elang.png
 
 
requirements.txt
requirements.txt
 
 
sicon-gui.py
sicon-gui.py
 
 
sicon.png
sicon.png
 
 
sicon.py
sicon.py
 
 

Repository files navigation

s1c0n

Python License

Terkey

    	             ┏━┓╺┓ ┏━╸┏━┓┏┓╻
    	             ┗━┓ ┃ ┃  ┃┃┃┃┗┫
    	             ┗━┛╺┻╸┗━╸┗━┛╹ ╹ v1.8

	      https://github.com/x0rr-dan/s1c0n
	          Dinus Open Source Community
usage: 
sicon -u site.com -o waf subdo     only do waf scanning and subdomain scanning
sicon -u site.com -o scan_dir      only do waf scanning and subdomain scanning
sicon -u site.com -o port subdo    only do port scanning and subdomain scanning
sicon -u site.com                  scan with all options

example usage:
sicon -u site.com --proxy='socks5://127.0.0.1:1080' --user-agent='Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X)'      scan with all option and using proxy and custom user-agent

options:
  -h, --help            show this help message and exit
  -o, --option {waf,port,subdo,scan_dir} [{waf,port,subdo,scan_dir} ...]
                        Choose one scan option, eg:
  -u, --url URL         url target
  -a, --user-agent USER_AGENT
                        custom user-agent in scan dir, cms detection, technology detection
  -t, --tor             scanning with tor network to hide ur ass
  -p, --proxy PROXY     set a custom proxy, e.g., http://proxyserver:port or socks5://proxyserver:port

last update:

so far no errors, testing on arch linux 6.12.9-arch1-1

About:

simple recon tool to help you searching vulnerability on web server. maybe xD

Features:

  1. Auto scan WAF
  2. Auto scan port
  3. Auto scan subdomain
  4. Auto scan dir on web server
  5. wordpress plugin enumeration
  6. Auto detect cms (wordpress, joomla. drupal, moodle)
  7. Auto detect technology (like the server are use, framework, javascript framework, etc. thanks to builtwith librarry :) )

Tested on:

  • Othros linux
  • Kali Linux
  • Debian Linux
  • Parrot Linux
  • Arch Linux

tools that must be installed:

well this tool have function to auto install if some tools is not installed, so just run it with sudo if u using debian based

nmap
wafw00f
sublist3r
subfinder
assetfinder
dirsearch
httprobe

How to install:

pip3 install -r requirements.txt

How to use:

python3 sicon.py -u <target>

screenshoot

image 250119_14h23m02s_screenshot 250119_14h58m32s_screenshot 250119_14h59m52s_screenshot 250119_14h59m19s_screenshot 250119_14h59m04s_screenshot

next features

general

  • make installer for all distro, so every distro can run

GUI

  • subdomain scanner
  • direcrory scanner
  • wafscan
  • portscan
  • save output scan
  • cms scanner

CLI

  • wordpress user enumeration
  • report scan in html or json output
  • option to use proxy
  • user agent customization (random & user can choose)
  • custom scan option

need improvemenr

  • detection wordpress (its suck)

About

simple recon tool to help you for searching vulnerability on web server

Topics

python hacking python3 recon hacking-tool bugbounty-tool recontool

Resources

Readme

License

MIT license
Activity

Stars

72 stars

Watchers

3 watching

Forks

17 forks
Report repository

Releases 3

1.8.5 Latest
Jan 19, 2025
+ 2 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages