sif v2026.2.17

what's changed

• license: switch to bsd 3-clause, update headers and readme (d30c7f5)
• chore: delete old license (8230edf)
• fix: update readme badges and use banner image (0e3e43a)
• fix: update dependencies to address security vulnerabilities (1bf927b)
• feat: add shodan integration for host reconnaissance (d44dbb7)
• Merge pull request #47 from vmfunc/feat/shodan-integration (4a77307)
• fix: remove duplicate subdomain takeover call and add config tests (#46) (080ab10)
• feat: add sql reconnaissance module (#48) (4392e33)
• feat: add lfi reconnaissance module (#49) (db24c59)
• docs: update readme with new modules and discord link (2970910)
• fix: use static discord badge instead of server id (ecf71be)
• feat: framework detection module (a08239b)
• feat(framework-detection): weighted bayesian detection algorithm (3bc7a24)
• chore(actions): add framework to CI (494a84e)
• feat: improve framework detection with more signatures and tests (138bdf3)
• chore: add license header to detect.go (af9d05f)
• feat: expand framework detection with cvs, version confidence, concurrency (816b893)
• docs: add framework detection to readme (e02e155)
• fix: improve version detection and add documentation (5eac60f)
• fix: adjust sif logo alignment (20ea60c)
• Merge pull request #40 from vmfunc/feat/framework-detection (563f381)
• chore: fix contributorrc (7b3f4a4)
• chore: fix contributorrc (29478f0)
• docs: update contributor name and add vxfemboy (01fa285)
• chore(nix): modernize flake to use buildGoModule (f2c8cc7)
• Merge pull request #51 from andrewgazelka/chore/modernize-nix-flake (8cb4a85)
• ci: enhance golangci-lint with additional linters (295d684)
• ci: add test coverage reporting to workflow (046a5bc)
• chore: remove unused utils package (86539cd)
• refactor: logger to use buffered file handles (17d8e66)
• test: add logger tests for buffered write functionality (088a5be)
• fix: error patterns and string building in sif.go and js/scan.go (ecb0124)
• fix: data races and slice preallocation in dirlist and dnslist (582baf2)
• perf: optimize deduplication with map-based o(1) lookups in lfi and sql (aba8c41)
• feat: add generic worker pool for concurrent task processing (7ab5cfc)
• fix: response body leak in scan.go robots processing (bad1af5)
• fix: response body leaks in cms.go and sql.go (314783d)
• perf: precompile framework version regex patterns (7223a2e)
• refactor: extract cve database to separate file (2002509)
• feat: add generic types and type-safe result handling (1b27250)
• refactor: rewrite framework detection with modular detector architecture (a6abadd)
• refactor: move logger to internal (28588fe)
• refactor: move config to internal (539122a)
• feat: add module system infrastructure (9154f8e)
• feat: add yaml module parser and http executor (01a10c6)
• feat: add built-in yaml modules for security scanning (a5ea29b)
• feat: add module cli flags (dc537a0)
• feat: integrate module system into sif.go (82c8667)
• feat: implement loadYAML in module loader (2d306fc)
• fix: regex compilation performance (3e4fd67)
• fix: add io.LimitReader to prevent memory exhaustion (7ec8c6f)
• fix: add io.LimitReader and proper error handling to shodan.go (6d8319d)
• refactor: move pkg/scan to internal/scan (d2537da)
• feat: add debug logging for module execution (29b1b80)
• feat: show module loading and execution logs by default (36a0e47)
• docs: update readme and add module documentation (cd1a56b)
• docs: add comprehensive documentation and fix github actions (ab17191)
• feat(output): add styled console output with module loggers (00a66ad)
• chore: add license headers to missing files (7268374)
• ci: upgrade to go 1.24 in all workflows (60c38e2)
• chore: readme inconsistency (7438dfb)
• docs: add homebrew installation instructions (8c60e25)
• docs: add AUR installation instructions (9705d95)
• feat(frameworks): add Astro framework detection (ee1f9d7)
• chore: revise arch linux installation section in README (277f516)
• Merge pull request #53 from 0xatrilla/add-aur-install-instructions (d3216ca)
• docs: add AUR and Homebrew badges to readme (37925c6)
• docs: add 0xatrilla to contributors for AUR packaging (2e99e50)
• ci: add debian package builds to releases (5689589)
• ci: push debian packages to cloudsmith (844affa)
• docs: add apt/cloudsmith installation instructions and badge (6467a2c)
• docs: update CONTRIBUTING.md (4e0c45f)
• fix: use dynamic versioning for debian packages (8eb7e84)
• fix: discord invite (0297bf3)
• Merge pull request #55 from 0x4bs3nt/docs/contributing-update (9c5220e)
• fix: adjust generator meta weight
  (75014e2)
• Merge pull request #56 from 0x4bs3nt/feat/astro-framework-detection (689d575)
• feat(modules): infra for builtin modules (f309198)
• feat(modules): legacy framework scan (e5e8315)
• feat(modules): legacy shodan scan (0383c49)
• feat(modules): legacy nuclei scan (45f341c)
• fix: nuclei scan nil pointer dereference (66a752d)
• fix(nuclei): logdir, headless option and hosterrorscache (3c160de)
• fix: colorizer exception (abb992a)
• fix: renamed nuclei module file (9767a6b)
• fix: frameworks module file rename (e7db077)
• fix: shodan module file rename (4a6364a)
• fix: rename to snakecase (6df46b6)
• fix: rename to snakecase (579f5af)
• fix: rename to snakecase (95cebab)
• Merge pull request #61 from 0x4bs3nt/feat/builtin-nuclei (812d0b3)
• fix(conflicts): fix PR conflicts on (b298e2e)
• fix: renamed whois module file (b5398ec)
• fix: rename to snakecase (ccf093b)
• Merge branch 'main' into feat/builtin-shodan (39bd115)
• Merge branch 'main' into feat/builtin-frameworks (16ea904)
• Merge pull request #64 from 0x4bs3nt/feat/builtin-frameworks (261dbea)
• Merge pull request #63 from 0x4bs3nt/feat/builtin-whois (6f46042)
• Merge branch 'main' into feat/builtin-shodan (f50f1b9)
• Merge pull request #62 from 0x4bs3nt/feat/builtin-shodan (5a557eb)
• add nixpkgs install instructions and badge to readme (4f42c52)
• update funding.yml with proper sponsor info (548c211)
• deps: bump goflags to v0.1.74 (953ef29)
• deps: bump projectdiscovery/utils to v0.9.0 (426a301)
• ci: overhaul workflows - lint, security scanning, release hardening (83702e9)
• internal/scan: migrate nuclei integration to v3 SDK (03a9488)
• deps: bump go-git to v5.16.5 - fixes CVE-2026-25934 (e94fda0)
• ci: add explicit permissions to all workflows - fixes scorecard token-permissions (fcf9291)
• add SECURITY.md - fixes scorecard security-policy check (45a384b)
• ci: pin govulncheck to v1.1.4 - fixes scorecard pinned-dependencies (c85201b)
• test: add fuzz tests for LFI detection, SQL patterns, version parsing (bad5b59)
• ci: replace qodana with codeql - no external tokens needed (e2198e9)
• chore: strengthen golangci-lint config - add gosec, errorlint, nilnil, wastedassign, usetesting linters (f5251d0)
• fix: resolve all golangci-lint issues across codebase (75da3e3)
• ci: add pr bot for auto-labeling + rewrite release workflow for semver tags (a05d6ad)
• chore(deps): bump actions/checkout from 4 to 6 (#68) (6f4144e)
• chore(deps): bump actions/github-script from 7 to 8 (#77) (418180a)
• chore(deps): bump reviewdog/action-markdownlint from 0.24.0 to 0.26.2 (#73) (1eab614)
• chore(deps): bump reviewdog/action-shellcheck from 1.27.0 to 1.32.0 (#70) (dd9db0d)
• chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (#66) (efd089a)
• chore(deps): bump github.com/charmbracelet/log from 0.2.4 to 0.4.2 (#74) (b522aa3)
• chore(deps): bump github.com/likexian/whois from 1.15.1 to 1.15.7 (#67) (5ddfbc6)
• feat: add securitytrails integration for domain discovery + target expansion (495d2c5)

install

homebrew / linuxbrew

# coming soon

debian / ubuntu

sudo dpkg -i sif_2026.2.17_amd64.deb

go install

go install github.com/dropalldatabases/sif/cmd/sif@v2026.2.17

binary download - grab the right archive from below.

verification

sha256sum -c checksums-sha256.txt