Zum Inhalt springen
1337skills 1337skills - Referenzen

Scylla

Scylla is a command-line OSINT tool for searching breached databases and public sources for compromised credentials. It queries multiple breach databases, data leak indices, and public sources to find leaked emails, usernames, and associated passwords.

Installation

Linux/Ubuntu

# Install Python3 and pip
sudo apt update
sudo apt install python3 python3-pip git

# Clone Scylla repository
git clone https://github.com/NScripter/Scylla.git
cd Scylla

# Install dependencies
pip3 install -r requirements.txt

# Install as command
sudo pip3 install -e .

# Verify installation
scylla --version

macOS

# Install with Homebrew
brew install python3

# Clone and setup
git clone https://github.com/NScripter/Scylla.git
cd Scylla

# Install requirements
pip3 install -r requirements.txt
pip3 install -e .

Docker

# Build image
docker build -t scylla:latest .

# Run container
docker run -it scylla:latest scylla --help

# Interactive shell
docker run -it scylla:latest bash

Basic Usage

# Show help
scylla --help

# Display version
scylla --version

# Search by email
scylla search john@example.com

# Search by username
scylla search admin_user

# List available databases
scylla databases

Email/Username Searches

Single Email Lookup

# Basic email search
scylla search user@example.com

# Search with verbose output
scylla search user@example.com -v

# Save results to file
scylla search user@example.com > email_results.txt

# JSON formatted output
scylla search user@example.com --json > results.json

Multiple Email Searches

# From file (one email per line)
cat > emails.txt << EOF
user1@example.com
user2@example.com
admin@example.com
test@company.org
EOF

# Search all emails
while read email; do
    scylla search "$email"
done < emails.txt

# Batch with output
for email in $(cat emails.txt); do
    scylla search "$email" >> batch_results.txt
done

Username Searches

# Search specific username
scylla search admin

# Search with variations
scylla search john_doe
scylla search johndoe
scylla search j.doe

# Username with domain context
scylla search admin --domain example.com

Database Queries

Available Databases

# List all connected databases
scylla databases

# Get database statistics
scylla databases --stats

# Database details
scylla databases --info

Breach Verification

# Check if email appears in known breaches
scylla check user@example.com

# Detailed breach report
scylla check user@example.com --detailed

# Search across all historical breaches
scylla history user@example.com

Domain Enumeration

# Find all accounts on a domain
scylla search --domain example.com

# Domain enumeration with limits
scylla search --domain example.com --limit 100

# Count leaked accounts per domain
scylla stats --domain example.com

Output Formats

Text Output

# Default format
scylla search user@example.com

# Verbose text
scylla search user@example.com -v

# Quiet mode (errors only)
scylla search user@example.com -q

Structured Output

# JSON format
scylla search user@example.com --json

# CSV export
scylla search user@example.com --csv > results.csv

# Save to database
scylla search user@example.com --save-db scylla_results.db

Parsing Results

# Extract unique emails from results
scylla search domain.com | grep -oE '[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' | sort -u

# Count breaches per email
scylla search user@example.com --json | jq '.results | length'

# Extract only passwords (if available)
scylla search user@example.com --json | jq '.results[] | .password'

Complete Enumeration Workflow

#!/bin/bash
# Comprehensive OSINT enumeration with Scylla

DOMAIN="example.com"
OUTPUT_DIR="osint_results_$(date +%Y%m%d_%H%M%S)"

mkdir -p "$OUTPUT_DIR"

echo "[*] Starting Scylla OSINT reconnaissance for $DOMAIN"

# 1. Extract emails from public sources
echo "[*] Collecting email addresses from domain..."
cat > "$OUTPUT_DIR/emails.txt" << EOF
admin@$DOMAIN
info@$DOMAIN
support@$DOMAIN
sales@$DOMAIN
test@$DOMAIN
user@$DOMAIN
EOF

# 2. Search each email in Scylla
echo "[*] Searching Scylla database..."
while read email; do
    echo "[*] Searching $email..."
    scylla search "$email" --json >> "$OUTPUT_DIR/scylla_results.json"
done < "$OUTPUT_DIR/emails.txt"

# 3. Parse and analyze results
echo "[*] Analyzing results..."
if [ -s "$OUTPUT_DIR/scylla_results.json" ]; then
    echo "[+] Found compromised accounts!"
    jq '.results[] | {email, breach: .breach_name, date: .breach_date}' "$OUTPUT_DIR/scylla_results.json" > "$OUTPUT_DIR/compromised.json"
fi

# 4. Extract unique breaches
echo "[*] Extracting breach information..."
jq -r '.results[] | .breach_name' "$OUTPUT_DIR/scylla_results.json" 2>/dev/null | sort -u > "$OUTPUT_DIR/breaches.txt"

# 5. Generate summary report
echo "[*] Generating report..."
cat > "$OUTPUT_DIR/report.txt" << EOF
SCYLLA OSINT Report
Domain: $DOMAIN
Date: $(date)

Compromised Accounts: $(grep -c '"email"' "$OUTPUT_DIR/scylla_results.json" 2>/dev/null || echo 0)
Unique Breaches: $(wc -l < "$OUTPUT_DIR/breaches.txt")
Breaches Involved:
$(cat "$OUTPUT_DIR/breaches.txt")
EOF

echo "[+] Reconnaissance complete!"
echo "[*] Results saved to: $OUTPUT_DIR"

Advanced Techniques

Bulk Email Validation

# Create wordlist of potential emails
cat > potential_users.txt << EOF
admin
root
test
user
support
sales
info
contact
EOF

# Generate emails with domain
for user in $(cat potential_users.txt); do
    echo "${user}@example.com"
done > all_emails.txt

# Check all against Scylla
for email in $(cat all_emails.txt); do
    result=$(scylla search "$email" 2>/dev/null)
    if [ ! -z "$result" ]; then
        echo "[+] FOUND: $email"
        echo "$result" >> found_accounts.txt
    fi
done

Integration with Other OSINT Tools

# Export emails for TheHarvester
scylla search --domain example.com --json | jq -r '.results[] | .email' > harvester_emails.txt

# Use with credcrack or hashcat
scylla search user@example.com --json | jq '.results[] | .password' > hashes.txt

# Integration with password spraying
scylla search admin@example.com --json | jq -r '.results[] | .password' | head -1 > password.txt

Monitoring Breaches

# Continuous monitoring
watch -n 300 'scylla search domain@example.com'

# Daily report
0 9 * * * /usr/local/bin/scylla search admin@example.com >> /var/log/scylla_monitor.log

# Alert on new breaches
scylla check user@example.com > /tmp/scylla_last.txt
if grep -q "NEW" /tmp/scylla_last.txt; then
    echo "New breach detected!" | mail -s "Scylla Alert" admin@example.com
fi

Troubleshooting

Issue: Connection timeout

# Use proxy
scylla search user@example.com --proxy http://proxy.example.com:8080

# Increase timeout
scylla search user@example.com --timeout 30

Issue: No results found

# Verify database connectivity
scylla databases --test

# Check if email format is correct
scylla search admin@example.com

# Try different variations
scylla search john.doe@example.com
scylla search johndoe@example.com

Issue: Rate limiting

# Add delays between requests
for email in $(cat emails.txt); do
    scylla search "$email"
    sleep 2
done

# Use batch mode with rate limit
scylla search --batch emails.txt --delay 3

Best Practices

  • Verify results against multiple sources before acting
  • Document all searches for audit trails
  • Respect rate limits of breach databases
  • Use for authorized security assessments only
  • Confirm findings before notifying users
  • Keep local cache of results for reference
  • Monitor for new breaches regularly
  • Validate email format before searching
  • TheHarvester - Email and subdomain collection
  • Breach-Parse - Parse breach databases
  • Hashcat - Hash cracking with leaked passwords
  • Dehashed - Breach database API
  • Shodan - Internet device search

Last updated: 2026-03-30 | Scylla v2.1