diff --git a/README.md b/README.md index d7b4b4d..9d01374 100644 --- a/README.md +++ b/README.md @@ -1,51 +1,273 @@ -# UltyScan -## Professional Attack Surface Management Platform +# 🔍 UltyScan -**UltyScan** is a next-generation automated information gathering and vulnerability scanning tool. It is designed to be the ultimate "button-pushing" solution for penetration testers and security professionals, automating the execution of dozens of powerful open-source tools to discover hidden assets and vulnerabilities. +**Attack Surface Management Platform** -### 🚀 Key Features - -* **Automated Recon**: Automatically gathers subdomains, IPs, and open ports. -* **Vulnerability Scanning**: Integrates with tools like Nikto, Zap, and OpenVAS to find weaknesses. -* **Multiple Modes**: From "Stealth" (low profile) to "Nuke" (full aggressive audit). -* **Visual Reports**: Generates HTML reports with all findings, including screenshots. -* **Workspace Management**: Keeps different client data separate and organized. +A comprehensive automated penetration testing and reconnaissance tool with a modern Web Interface for managing scans. --- -### 📚 Documentation +## ✨ Features -For detailed instructions, please refer to our comprehensive guides: - -* **[Installation Guide](docs/installation.md)** - * Step-by-step setup for Kali Linux, Ubuntu, and Docker. -* **[Usage Guide](docs/usage.md)** - * How to run scans, understand modes, and manage workspaces. -* **[Configuration Guide](docs/configuration.md)** - * Customizing the scanner and setting up API keys (Shodan, Censys, etc.). +- **16 Scan Modes** - From stealth reconnaissance to full aggressive audits +- **Modern Web Interface** - Launch and manage scans from your browser +- **Automated Reporting** - HTML reports generated for each scan +- **Workspace Management** - Organize results by project +- **OSINT Integration** - Shodan, Censys, Hunter.io, and more +- **Vulnerability Scanning** - Nuclei, Nikto, and custom checks +- **Bruteforce Capabilities** - Password attacks on discovered services --- -### ⚡ Quick Start +## 🚀 Quick Start -1. **Install**: - ```bash - git clone https://github.com/1N3/Sn1per - cd Sn1per - sudo bash install.sh - ``` +### One-Command Installation -2. **Run a Basic Scan**: - ```bash - sudo sniper -t example.com - ``` +```bash +git clone https://github.com/DeNNiiInc/UltyScan /usr/share/sniper +cd /usr/share/sniper +bash install.sh force +``` -3. **View Results**: - Open the generated HTML report inside the `loot/workspace/` directory. +> **Note:** The `force` flag runs the installation without prompts for fully automated deployment. + +### After Installation + +The installer will display your Web Interface URL: + +``` +============================================ + ULTYSCAN WEB INTERFACE +============================================ + URL: http:///ultyscan/ + Logs: /var/log/ultyscan/ + Loot: /usr/share/sniper/loot/workspace/ +============================================ +``` --- -### NOTE -This tool is for legal security auditing purposes only. Ensure you have permission to scan the target. +## 🖥️ Web Interface -*Based on the open-source Sn1per project.* +### Accessing the UI + +Open your browser and navigate to: +``` +http:///ultyscan/ +``` + +### Features + +| Tab | Description | +|-----|-------------| +| **New Scan** | Configure and launch scans with all modes and options | +| **Workspaces** | View, export, and delete scan workspaces | +| **Console** | Live output from running scans | +| **Settings** | Update scanner and stop running scans | + +### Scan Configuration Options + +| Option | Description | +|--------|-------------| +| **Target** | Domain name or IP address to scan | +| **Scan Mode** | Select from 16 different scan modes | +| **Workspace** | Name to organize your results | +| **Enable OSINT** | Gather intelligence from public sources | +| **Enable Recon** | Subdomain and DNS enumeration | +| **Enable Bruteforce** | Password attacks on services | +| **Full Port Scan** | Scan all 65535 ports | + +--- + +## 📋 Scan Modes + +| Mode | Description | Use Case | +|------|-------------|----------| +| `normal` | Balanced scan with enumeration | General purpose | +| `stealth` | Low-profile, minimal traffic | Avoiding detection | +| `web` | Ports 80/443 only | Web application focus | +| `webscan` | Full web application audit | Deep web analysis | +| `webporthttp` | HTTP on custom port | Non-standard web ports | +| `webporthttps` | HTTPS on custom port | Non-standard SSL ports | +| `port` | Single specific port | Targeted service testing | +| `fullportonly` | All 65535 ports | Complete port discovery | +| `discover` | Network/CIDR scanning | Infrastructure mapping | +| `flyover` | Quick multi-target | Fast initial assessment | +| `airstrike` | Fast enumeration | Speed over depth | +| `nuke` | Full aggressive audit | Maximum coverage | +| `massportscan` | Multi-target port scan | Bulk port scanning | +| `massweb` | Multi-target web scan | Multiple web targets | +| `masswebscan` | Multi-target webapp | Bulk web app testing | +| `massvulnscan` | Multi-target vulns | Bulk vulnerability scan | + +--- + +## ⌨️ Command Line Usage + +### Basic Scan +```bash +sniper -t example.com +``` + +### With Options +```bash +sniper -t example.com -m normal -w myproject -o -re +``` + +### Full Scan with All Features +```bash +sniper -t example.com -m normal -w myproject -o -re -b -fp +``` + +### Command Line Options + +| Flag | Description | +|------|-------------| +| `-t ` | Target domain or IP | +| `-f ` | File with list of targets | +| `-m ` | Scan mode | +| `-w ` | Workspace name | +| `-o` | Enable OSINT | +| `-re` | Enable Recon | +| `-b` | Enable Bruteforce | +| `-fp` | Full port scan | +| `-p ` | Specific port number | + +### Workspace Management +```bash +# List all workspaces +sniper --list + +# Delete a workspace +sniper -w myproject -d + +# Export workspace +sniper -w myproject --export +``` + +--- + +## 📁 Directory Structure + +| Path | Description | +|------|-------------| +| `/usr/share/sniper/` | Installation directory | +| `/usr/share/sniper/loot/workspace/` | Scan results and reports | +| `/var/www/html/ultyscan/` | Web interface files | +| `/var/log/ultyscan/` | Web UI scan logs | +| `/root/.sniper.conf` | Main configuration file | + +--- + +## ⚙️ Configuration + +### API Keys + +Edit `/root/.sniper.conf` to add your API keys: + +```bash +# Shodan API Key +SHODAN_API_KEY="your_key_here" + +# Censys API +CENSYS_APP_ID="your_id" +CENSYS_API_SECRET="your_secret" + +# Hunter.io +HUNTERIO_KEY="your_key" + +# GitHub (for secret scanning) +GITHUB_API_KEY="your_token" +``` + +### Enabling/Disabling Features + +In `/root/.sniper.conf`: + +```bash +# Enable/Disable scanners (1=on, 0=off) +NUCLEI="1" +NIKTO="0" +WPSCAN="1" +SHODAN="1" +``` + +--- + +## 🔒 Security Notes + +> ⚠️ **Important Security Considerations** + +1. **Network Access**: The Web UI should only be accessible from trusted networks +2. **Root Privileges**: The scanner requires root to perform its functions +3. **Legal Authorization**: Only scan systems you have permission to test + +--- + +## 🐳 Docker Installation + +```bash +cd /usr/share/sniper +docker-compose up -d +docker exec -it kali-linux bash +./install.sh force +``` + +--- + +## 📊 Viewing Reports + +### Via Web Interface +1. Go to the **Workspaces** tab +2. Click **View** on any workspace +3. Report opens in new tab + +### Direct Path +``` +/usr/share/sniper/loot/workspace//sniper-report.html +``` + +### Via Web Server +``` +http:///loot/workspace//sniper-report.html +``` + +--- + +## 🔧 Troubleshooting + +### Scan Not Starting +```bash +# Check if sniper is installed correctly +which sniper + +# Test manually +sniper -t example.com +``` + +### Web UI Shows "Idle" When Scan Running +```bash +# Check if process is running +ps aux | grep sniper + +# Check sudoers +cat /etc/sudoers.d/www-data-sniper +``` + +### Permission Denied +```bash +# Reinstall sudoers configuration +echo 'www-data ALL=(ALL) NOPASSWD: /usr/bin/bash /usr/share/sniper/sniper *' > /etc/sudoers.d/www-data-sniper +chmod 440 /etc/sudoers.d/www-data-sniper +``` + +--- + +## 📝 License + +See [LICENSE.md](LICENSE.md) for details. + +--- + +## 🤝 Contributing + +Contributions are welcome! Please submit pull requests to improve the tool. diff --git a/docs/installation.md b/docs/installation.md index 6ed48fb..2c2ede0 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -1,127 +1,203 @@ # Installation Guide -Welcome to the **UltyScan** installation guide. This document provides step-by-step instructions to get **UltyScan** up and running on your system. - -## Table of Contents -1. [Prerequisites](#prerequisites) -2. [Native Installation (Kali Linux / Ubuntu / Debian)](#native-installation) -3. [Docker Installation (Recommended for others)](#docker-installation) -4. [Troubleshooting](#troubleshooting) - ---- - ## Prerequisites -Before installing, ensure you have: -- **Operating System**: Kali Linux (preferred), Ubuntu, Debian, or Parrot OS. -- **Permissions**: Root (administrator) access is required. Use `sudo` if you are not logged in as root. -- **Internet Connection**: Required to download dependencies. +- **Operating System**: Ubuntu 22.04/24.04, Debian 11/12, or Kali Linux +- **RAM**: Minimum 4GB (8GB recommended) +- **Disk Space**: At least 10GB free +- **Network**: Internet access for package downloads +- **Permissions**: Root access required --- -## Native Installation +## Quick Installation -This is the standard installation method for Kali Linux, Ubuntu, and Debian systems. - -### Step 1: Clone the Repository -Open your terminal (command prompt) and run the following command to download the **UltyScan** code to your computer. +### One-Command Install ```bash -git clone https://github.com/1N3/Sn1per +git clone https://github.com/DeNNiiInc/UltyScan /usr/share/sniper +cd /usr/share/sniper +bash install.sh force ``` -*Note: This creates a folder named `Sn1per`. You can rename it to `UltyScan` if you wish, but the internal scripts expect standard paths.* -### Step 2: Navigate to the Directory -Move into the downloaded folder: +The `force` flag runs the entire installation without prompts. + +### What Gets Installed + +The installer automatically sets up: + +| Component | Description | +|-----------|-------------| +| **Core Scanner** | Main sniper script and modes | +| **Dependencies** | Nmap, Metasploit, Python tools | +| **Web Interface** | Apache + PHP dashboard | +| **Sudoers Config** | Web UI permissions | +| **Symlinks** | Easy command access | + +--- + +## Step-by-Step Installation + +### 1. Update System ```bash -cd Sn1per +apt update && apt upgrade -y ``` -### Step 3: Run the Installer -Run the installation script. This script will automatically download and install all necessary tools and dependencies. - -**Warning**: This process can take a while (10-30 minutes) depending on your internet speed, as it installs many security tools. +### 2. Install Git ```bash -sudo bash install.sh +apt install -y git ``` -### Step 4: Verification -Once the script finishes, verify the installation by running the scanner's help command: +### 3. Clone Repository ```bash -sudo sniper --help +git clone https://github.com/DeNNiiInc/UltyScan /usr/share/sniper ``` -If you see the help menu with the logo, the installation was successful! + +### 4. Run Installer + +```bash +cd /usr/share/sniper +bash install.sh force +``` + +### 5. Verify Installation + +```bash +sniper --help +``` + +You should see the help menu with all available options. --- ## Docker Installation -If you are not using Kali/Debian, or prefer a containerized environment, use Docker. This keeps your host system clean. - ### Prerequisites -- Ensure **Docker** and **Docker Compose** are installed on your system. - - [Install Docker Engine](https://docs.docker.com/engine/install/) - - [Install Docker Compose](https://docs.docker.com/compose/install/) -### Option A: Kali Linux Container (Recommended) +- Docker installed +- Docker Compose installed -1. **Start the container**: - From within the `Sn1per` directory, run: - ```bash - sudo docker compose up -d - ``` - *The `-d` flag runs it in the background.* +### Steps -2. **Access the container**: - To start using the scanner, enter the interactive shell: - ```bash - sudo docker run --privileged -it sn1per-kali-linux /bin/bash - ``` +```bash +# Clone the repository +git clone https://github.com/DeNNiiInc/UltyScan /opt/ultyscan +cd /opt/ultyscan -3. **Run the tool**: - Inside the container, you can run: - ```bash - sniper --help - ``` +# Build and start container +docker-compose up -d -### Option B: BlackArch Container +# Enter the container +docker exec -it kali-linux bash -If you prefer BlackArch Linux: +# Run installer inside container +./install.sh force +``` -1. **Start the container**: - ```bash - sudo docker compose -f docker-compose-blackarch.yml up -d - ``` +--- -2. **Access the container**: - ```bash - sudo docker run --privileged -it sn1per-blackarch /bin/bash - ``` +## Post-Installation + +### Access the Web Interface + +After installation, you'll see: + +``` +============================================ + ULTYSCAN WEB INTERFACE +============================================ + URL: http://YOUR_IP/ultyscan/ + Logs: /var/log/ultyscan/ + Loot: /usr/share/sniper/loot/workspace/ +============================================ +``` + +Open the URL in your browser to access the dashboard. + +### Configure API Keys + +Edit the configuration file to add your API keys: + +```bash +nano /root/.sniper.conf +``` + +Add your keys: + +```bash +SHODAN_API_KEY="your_shodan_key" +CENSYS_APP_ID="your_censys_id" +CENSYS_API_SECRET="your_censys_secret" +HUNTERIO_KEY="your_hunter_key" +GITHUB_API_KEY="your_github_token" +``` --- ## Troubleshooting -### "Command not found" -If running `sniper` says command not found: -- Ensure you ran the install script as root (`sudo bash install.sh`). -- Try running it directly from the installation directory: - ```bash - cd /usr/share/sniper - ./sniper --help - ``` +### Issue: Command Not Found -### Dependency Errors -If the installer fails on a specific package: -1. Run `sudo apt update --fix-missing` -2. Run `sudo apt upgrade` -3. Re-run `./install.sh` +```bash +# Check if symlink exists +ls -la /usr/bin/sniper -### Docker "Permission Denied" -If you get permission errors with Docker, ensure your user is in the `docker` group or use `sudo` before docker commands. +# Recreate if missing +ln -s /usr/share/sniper/sniper /usr/bin/sniper +``` + +### Issue: Web UI Not Loading + +```bash +# Check Apache status +systemctl status apache2 + +# Restart Apache +systemctl restart apache2 + +# Check if files exist +ls -la /var/www/html/ultyscan/ +``` + +### Issue: Scans Not Starting from Web UI + +```bash +# Check sudoers configuration +cat /etc/sudoers.d/www-data-sniper + +# Should contain: +# www-data ALL=(ALL) NOPASSWD: /usr/bin/bash /usr/share/sniper/sniper * + +# Fix if missing: +echo 'www-data ALL=(ALL) NOPASSWD: /usr/bin/bash /usr/share/sniper/sniper *' > /etc/sudoers.d/www-data-sniper +chmod 440 /etc/sudoers.d/www-data-sniper +``` + +### Issue: Permission Denied Errors + +```bash +# Fix ownership +chown -R root:root /usr/share/sniper +chmod +x /usr/share/sniper/sniper + +# Fix web UI permissions +chown -R www-data:www-data /var/www/html/ultyscan +chown www-data:www-data /var/log/ultyscan +``` --- -[Return to README](../README.md) + +## Updating + +To update to the latest version: + +```bash +cd /usr/share/sniper +git pull origin main +bash install.sh force +``` + +Or from the Web UI: Go to **Settings** → **Update UltyScan** diff --git a/docs/usage.md b/docs/usage.md index 41f9153..57fa1c2 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -1,130 +1,259 @@ # Usage Guide -This guide covers how to use **UltyScan** effectively. The tool works by running the `sniper` command followed by a target and a mode. +## Overview -## Basic Syntax - -```bash -sudo sniper -t -m [OPTIONS] -``` - -- `-t `: The domain (e.g., `example.com`) or IP address (e.g., `192.168.1.1`) you want to scan. -- `-m `: The scanning mode (e.g., `normal`, `stealth`, `nuke`). if omitted, defaults to normal. -- `-w `: (Optional) Save results to a specific workspace name. +UltyScan can be used via the **Web Interface** or **Command Line**. Both methods provide access to all scan modes and options. --- -## Scanning Modes +## Web Interface -### 1. Normal Mode -**Best for:** General purpose scanning. -Performs a basic scan of targets and open ports using both active and passive checks. It balances speed and depth. +### Accessing the Dashboard -**Command:** -```bash -sudo sniper -t example.com +Open your browser and navigate to: ``` -*Note: If no mode is specified, Normal mode is used.* - -### 2. Stealth Mode -**Best for:** Avoiding detection. -Quickly enumerates targets using mostly non-intrusive scans to avoid WAF (Web Application Firewall) or IPS (Intrusion Prevention System) blocking. - -**Command:** -```bash -sudo sniper -t example.com -m stealth +http:///ultyscan/ ``` -### 3. Flyover Mode -**Best for:** High-level overview of multiple targets. -Fast, multi-threaded scans of multiple targets. Great for collecting high-level data (like taking screenshots of web pages) on many hosts quickly. +### Starting a Scan + +1. Go to the **New Scan** tab +2. Enter your **Target** (domain or IP) +3. Select a **Scan Mode** from the dropdown +4. Enter a **Workspace Name** to organize results +5. Enable any **Additional Options** as needed +6. Click **Start Scan** + +### Monitoring Progress + +- The status badge in the header shows: **Idle** or **Scan Running** +- When running, a **Stop Scan** button appears +- Go to the **Console** tab to see live output + +### Viewing Results + +1. Go to the **Workspaces** tab +2. Click **View** on any workspace +3. The HTML report opens in a new tab + +### Managing Workspaces + +| Action | Description | +|--------|-------------| +| **Refresh** | Reload the workspace list | +| **View** | Open the scan report | +| **Export** | Create a tar archive | +| **Delete** | Remove the workspace | + +--- + +## Command Line + +### Basic Syntax -**Command:** ```bash -sudo sniper -f targets.txt -m flyover -w my-flyover-scan +sniper -t [options] ``` -### 4. Airstrike Mode -**Best for:** Quick enumeration of a list of targets. -Quickly enumerates open ports and services on multiple hosts and performs basic fingerprinting. +### Examples -**Command:** +#### Simple Scan ```bash -sudo sniper -f targets.txt -m airstrike -``` -*Note: `targets.txt` should contain a list of IPs or domains, one per line.* - -### 5. Nuke Mode -**Best for:** COMPLETE DESTRUCTION (Deep Audit). -Launches a full audit of multiple hosts. This enables Brute-force, Full Port Scan, OSINT, Recon, Workspace, and Loot collection. **This is very loud and will likely lock accounts or trigger alarms.** - -**Command:** -```bash -sudo sniper -f targets.txt -m nuke -w my-nuke-scan +sniper -t example.com ``` -### 6. Discover Mode -**Best for:** Internal Networks. -Parses all hosts on a subnet (CIDR) and initiates a scan against each active host. - -**Command:** +#### Scan with Workspace ```bash -sudo sniper -t 192.168.1.0/24 -m discover -w internal-scan +sniper -t example.com -w myproject ``` -### 7. Web Mode -**Best for:** Web Application focus. -Adds full automatic web application scans to the results. Scans ports 80 (HTTP) and 443 (HTTPS) only. - -**Command:** +#### Stealth Mode with OSINT ```bash -sudo sniper -t example.com -m web +sniper -t example.com -m stealth -o ``` +#### Full Aggressive Scan +```bash +sniper -t example.com -m nuke -w fullaudit -o -re -b -fp +``` + +#### Scan Multiple Targets +```bash +# Create target file +echo "target1.com" > targets.txt +echo "target2.com" >> targets.txt +echo "192.168.1.0/24" >> targets.txt + +# Run mass scan +sniper -f targets.txt -m airstrike -w multiscan +``` + +--- + +## Scan Modes Explained + +### Single Target Modes + +| Mode | Best For | Speed | Depth | +|------|----------|-------|-------| +| `normal` | General testing | Medium | Medium | +| `stealth` | Avoiding detection | Slow | Low | +| `web` | Web applications | Fast | Medium | +| `webscan` | Deep web analysis | Slow | High | +| `fullportonly` | Port discovery | Slow | Complete | +| `port` | Single service | Fast | Targeted | + +### Multi-Target Modes + +| Mode | Description | +|------|-------------| +| `flyover` | Quick reconnaissance of many targets | +| `airstrike` | Fast enumeration across targets | +| `nuke` | Comprehensive audit of all targets | +| `massportscan` | Port scan multiple targets | +| `massweb` | Web scan multiple targets | +| `masswebscan` | Deep web scan multiple targets | +| `massvulnscan` | Vulnerability scan multiple targets | + +### Network Modes + +| Mode | Description | +|------|-------------| +| `discover` | Network/CIDR range scanning | + +--- + +## Options Reference + +### Target Options + +| Flag | Description | Example | +|------|-------------|---------| +| `-t` | Single target | `-t example.com` | +| `-f` | Target file | `-f targets.txt` | + +### Mode Options + +| Flag | Description | Example | +|------|-------------|---------| +| `-m` | Scan mode | `-m stealth` | +| `-p` | Specific port | `-p 8080` | + +### Feature Flags + +| Flag | Description | +|------|-------------| +| `-o` | Enable OSINT gathering | +| `-re` | Enable subdomain recon | +| `-b` | Enable bruteforce attacks | +| `-fp` | Full port scan (1-65535) | + +### Workspace Options + +| Flag | Description | Example | +|------|-------------|---------| +| `-w` | Workspace name | `-w project-alpha` | +| `-d` | Delete workspace | `-w project-alpha -d` | +| `--list` | List workspaces | `sniper --list` | +| `--export` | Export workspace | `-w project-alpha --export` | + --- ## Workspace Management -UltyScan saves all data into "Workspaces" to keep your scans organized. - -### Creating/Using a Workspace -Simply add `-w ` to any command. +### List All Workspaces ```bash -sudo sniper -t example.com -w project-alpha +sniper --list ``` -### Listing Workspaces -See all your current workspaces. +### Delete a Workspace ```bash -sudo sniper --list +sniper -w myproject -d ``` -### Deleting a Workspace -Remove a workspace and all its data. +### Export a Workspace ```bash -sudo sniper -w project-alpha -d +sniper -w myproject --export +# Creates: /usr/share/sniper/loot/myproject.tar ``` +### Reimport Results +```bash +sniper -w myproject --reimport +``` + +--- + +## Output and Reports + +### Report Locations + +| Type | Path | +|------|------| +| HTML Report | `/usr/share/sniper/loot/workspace//sniper-report.html` | +| Nmap Results | `/usr/share/sniper/loot/workspace//nmap/` | +| Screenshots | `/usr/share/sniper/loot/workspace//screenshots/` | +| Raw Output | `/usr/share/sniper/loot/workspace//output/` | + ### Viewing Reports -To open the HTML report for a workspace: -```bash -sudo sniper --list + +#### Via Web Browser +``` +http:///loot/workspace//sniper-report.html +``` + +#### Via Command Line +```bash +firefox /usr/share/sniper/loot/workspace//sniper-report.html ``` -Then select the report HTML file from the output or navigate to: -`/usr/share/sniper/loot/workspace//sniper-report.html` --- -## Advanced Options +## Scheduled Scans -| Flag | Description | -| :--- | :--- | -| `-o` / `--osint` | Enable OSINT (Open Source Intelligence) gathering. | -| `-re` / `--recon` | Enable Reconnaissance gathering. | -| `-b` | Enable Brute-force attacks (automatically tries passwords). | -| `-fp` | Full Port Only scan (scans all 65535 ports). | -| `--status` | Check the status of running scans. | -| `-u` / `--update` | Update **UltyScan** to the latest version. | +Set up recurring scans: + +```bash +# Daily scan +sniper -w myproject -s daily + +# Weekly scan +sniper -w myproject -s weekly + +# Monthly scan +sniper -w myproject -s monthly +``` --- -[Return to README](../README.md) + +## Tips and Best Practices + +### 1. Always Use Workspaces +Organize your results by project or engagement: +```bash +sniper -t client.com -w client-pentest-2024 +``` + +### 2. Start with Stealth +For initial reconnaissance, use stealth mode: +```bash +sniper -t target.com -m stealth -o +``` + +### 3. Enable OSINT for External Targets +Get maximum intelligence on internet-facing targets: +```bash +sniper -t target.com -o -re +``` + +### 4. Use Web Mode for Web Apps +Focus on web vulnerabilities: +```bash +sniper -t webapp.com -m webscan +``` + +### 5. Check Console Output +Monitor the Console tab or log files for detailed progress: +```bash +tail -f /var/log/ultyscan/scan_*.log +``` diff --git a/install.sh b/install.sh index df99b3e..dfdeaa0 100644 --- a/install.sh +++ b/install.sh @@ -463,5 +463,57 @@ ln -fs /usr/share/sniper/loot/workspaces/ /root/Desktop/workspaces 2> /dev/null echo -e "$OKBLUE[*]$RESET Cleaning up installation files... $RESET" rm -Rf /tmp/arachni* /tmp/gobuster* /tmp/msfinstall /tmp/openssl.cnf 2> /dev/null +# ============================================================================ +# ULTYSCAN WEB UI INSTALLATION +# ============================================================================ +echo -e "$OKBLUE[*]$RESET Installing UltyScan Web Interface... $RESET" + +# Install Apache and PHP +echo -e "$OKBLUE[*]$RESET Installing Apache and PHP... $RESET" +export DEBIAN_FRONTEND=noninteractive +apt install -y apache2 libapache2-mod-php php 2> /dev/null + +# Enable PHP module +a2enmod php8.3 2>/dev/null || a2enmod php8.2 2>/dev/null || a2enmod php 2>/dev/null + +# Create web UI directory +echo -e "$OKBLUE[*]$RESET Deploying Web UI files... $RESET" +mkdir -p /var/www/html/ultyscan +cp -r $INSTALL_DIR/webui/* /var/www/html/ultyscan/ 2>/dev/null + +# Set permissions +chown -R www-data:www-data /var/www/html/ultyscan +chmod 755 /var/www/html/ultyscan/*.php + +# Create log directory for web UI +mkdir -p /var/log/ultyscan +chown www-data:www-data /var/log/ultyscan + +# Create symlink for loot access from web +ln -sf $LOOT_DIR /var/www/html/loot 2>/dev/null + +# Configure sudoers for www-data to run sniper +echo -e "$OKBLUE[*]$RESET Configuring permissions for Web UI... $RESET" +echo 'www-data ALL=(ALL) NOPASSWD: /usr/bin/bash /usr/share/sniper/sniper *' > /etc/sudoers.d/www-data-sniper +echo 'www-data ALL=(ALL) NOPASSWD: /usr/bin/pkill *' >> /etc/sudoers.d/www-data-sniper +chmod 440 /etc/sudoers.d/www-data-sniper + +# Restart Apache +systemctl restart apache2 2>/dev/null || service apache2 restart 2>/dev/null + +# Get server IP for display +SERVER_IP=$(hostname -I 2>/dev/null | awk '{print $1}') + +echo -e "$OKGREEN[OK]$RESET Web UI installed successfully! $RESET" +echo "" echo -e "$OKRED[>]$RESET Done! $RESET" -echo -e "$OKRED[>]$RESET To run, type 'sniper'! $RESET" +echo -e "$OKRED[>]$RESET To run from command line, type 'sniper'! $RESET" +echo "" +echo -e "$OKBLUE============================================$RESET" +echo -e "$OKGREEN ULTYSCAN WEB INTERFACE$RESET" +echo -e "$OKBLUE============================================$RESET" +echo -e "$OKBLUE URL:$RESET http://$SERVER_IP/ultyscan/" +echo -e "$OKBLUE Logs:$RESET /var/log/ultyscan/" +echo -e "$OKBLUE Loot:$RESET /usr/share/sniper/loot/workspace/" +echo -e "$OKBLUE============================================$RESET" +echo ""