dennii/UltyScan
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/UltyScan.git synced 2026-04-17 20:35:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Complete documentation overhaul with Web UI installation

Browse Source
This commit is contained in:
DeNNiiInc
2026-01-01 18:04:03 +11:00
parent 84ac59485c
commit 04465f8d29
4 changed files with 680 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

297
docs/usage.md
View File

@@ -1,130 +1,259 @@
# Usage Guide
This guide covers how to use **UltyScan** effectively. The tool works by running the `sniper` command followed by a target and a mode.
## Overview
## Basic Syntax
```bash
sudo sniper -t <TARGET> -m <MODE> [OPTIONS]
```
- `-t <TARGET>`: The domain (e.g., `example.com`) or IP address (e.g., `192.168.1.1`) you want to scan.
- `-m <MODE>`: The scanning mode (e.g., `normal`, `stealth`, `nuke`). if omitted, defaults to normal.
- `-w <WORKSPACE>`: (Optional) Save results to a specific workspace name.
UltyScan can be used via the **Web Interface** or **Command Line**. Both methods provide access to all scan modes and options.
---
## Scanning Modes
## Web Interface
### 1. Normal Mode
**Best for:** General purpose scanning.
Performs a basic scan of targets and open ports using both active and passive checks. It balances speed and depth.
### Accessing the Dashboard
**Command:**
```bash
sudo sniper -t example.com
Open your browser and navigate to:
```
*Note: If no mode is specified, Normal mode is used.*
### 2. Stealth Mode
**Best for:** Avoiding detection.
Quickly enumerates targets using mostly non-intrusive scans to avoid WAF (Web Application Firewall) or IPS (Intrusion Prevention System) blocking.
**Command:**
```bash
sudo sniper -t example.com -m stealth
http://<SERVER_IP>/ultyscan/
```
### 3. Flyover Mode
**Best for:** High-level overview of multiple targets.
Fast, multi-threaded scans of multiple targets. Great for collecting high-level data (like taking screenshots of web pages) on many hosts quickly.
### Starting a Scan
1. Go to the **New Scan** tab
2. Enter your **Target** (domain or IP)
3. Select a **Scan Mode** from the dropdown
4. Enter a **Workspace Name** to organize results
5. Enable any **Additional Options** as needed
6. Click **Start Scan**
### Monitoring Progress
- The status badge in the header shows: **Idle** or **Scan Running**
- When running, a **Stop Scan** button appears
- Go to the **Console** tab to see live output
### Viewing Results
1. Go to the **Workspaces** tab
2. Click **View** on any workspace
3. The HTML report opens in a new tab
### Managing Workspaces
| Action | Description |
|--------|-------------|
| **Refresh** | Reload the workspace list |
| **View** | Open the scan report |
| **Export** | Create a tar archive |
| **Delete** | Remove the workspace |
---
## Command Line
### Basic Syntax
**Command:**
```bash
sudo sniper -f targets.txt -m flyover -w my-flyover-scan
sniper -t <TARGET> [options]
```
### 4. Airstrike Mode
**Best for:** Quick enumeration of a list of targets.
Quickly enumerates open ports and services on multiple hosts and performs basic fingerprinting.
### Examples
**Command:**
#### Simple Scan
```bash
sudo sniper -f targets.txt -m airstrike
```
*Note: `targets.txt` should contain a list of IPs or domains, one per line.*
### 5. Nuke Mode
**Best for:** COMPLETE DESTRUCTION (Deep Audit).
Launches a full audit of multiple hosts. This enables Brute-force, Full Port Scan, OSINT, Recon, Workspace, and Loot collection. **This is very loud and will likely lock accounts or trigger alarms.**
**Command:**
```bash
sudo sniper -f targets.txt -m nuke -w my-nuke-scan
sniper -t example.com
```
### 6. Discover Mode
**Best for:** Internal Networks.
Parses all hosts on a subnet (CIDR) and initiates a scan against each active host.
**Command:**
#### Scan with Workspace
```bash
sudo sniper -t 192.168.1.0/24 -m discover -w internal-scan
sniper -t example.com -w myproject
```
### 7. Web Mode
**Best for:** Web Application focus.
Adds full automatic web application scans to the results. Scans ports 80 (HTTP) and 443 (HTTPS) only.
**Command:**
#### Stealth Mode with OSINT
```bash
sudo sniper -t example.com -m web
sniper -t example.com -m stealth -o
```
#### Full Aggressive Scan
```bash
sniper -t example.com -m nuke -w fullaudit -o -re -b -fp
```
#### Scan Multiple Targets
```bash
# Create target file
echo "target1.com" > targets.txt
echo "target2.com" >> targets.txt
echo "192.168.1.0/24" >> targets.txt
# Run mass scan
sniper -f targets.txt -m airstrike -w multiscan
```
---
## Scan Modes Explained
### Single Target Modes
| Mode | Best For | Speed | Depth |
|------|----------|-------|-------|
| `normal` | General testing | Medium | Medium |
| `stealth` | Avoiding detection | Slow | Low |
| `web` | Web applications | Fast | Medium |
| `webscan` | Deep web analysis | Slow | High |
| `fullportonly` | Port discovery | Slow | Complete |
| `port` | Single service | Fast | Targeted |
### Multi-Target Modes
| Mode | Description |
|------|-------------|
| `flyover` | Quick reconnaissance of many targets |
| `airstrike` | Fast enumeration across targets |
| `nuke` | Comprehensive audit of all targets |
| `massportscan` | Port scan multiple targets |
| `massweb` | Web scan multiple targets |
| `masswebscan` | Deep web scan multiple targets |
| `massvulnscan` | Vulnerability scan multiple targets |
### Network Modes
| Mode | Description |
|------|-------------|
| `discover` | Network/CIDR range scanning |
---
## Options Reference
### Target Options
| Flag | Description | Example |
|------|-------------|---------|
| `-t` | Single target | `-t example.com` |
| `-f` | Target file | `-f targets.txt` |
### Mode Options
| Flag | Description | Example |
|------|-------------|---------|
| `-m` | Scan mode | `-m stealth` |
| `-p` | Specific port | `-p 8080` |
### Feature Flags
| Flag | Description |
|------|-------------|
| `-o` | Enable OSINT gathering |
| `-re` | Enable subdomain recon |
| `-b` | Enable bruteforce attacks |
| `-fp` | Full port scan (1-65535) |
### Workspace Options
| Flag | Description | Example |
|------|-------------|---------|
| `-w` | Workspace name | `-w project-alpha` |
| `-d` | Delete workspace | `-w project-alpha -d` |
| `--list` | List workspaces | `sniper --list` |
| `--export` | Export workspace | `-w project-alpha --export` |
---
## Workspace Management
UltyScan saves all data into "Workspaces" to keep your scans organized.
### Creating/Using a Workspace
Simply add `-w <NAME>` to any command.
### List All Workspaces
```bash
sudo sniper -t example.com -w project-alpha
sniper --list
```
### Listing Workspaces
See all your current workspaces.
### Delete a Workspace
```bash
sudo sniper --list
sniper -w myproject -d
```
### Deleting a Workspace
Remove a workspace and all its data.
### Export a Workspace
```bash
sudo sniper -w project-alpha -d
sniper -w myproject --export
# Creates: /usr/share/sniper/loot/myproject.tar
```
### Reimport Results
```bash
sniper -w myproject --reimport
```
---
## Output and Reports
### Report Locations
| Type | Path |
|------|------|
| HTML Report | `/usr/share/sniper/loot/workspace/<NAME>/sniper-report.html` |
| Nmap Results | `/usr/share/sniper/loot/workspace/<NAME>/nmap/` |
| Screenshots | `/usr/share/sniper/loot/workspace/<NAME>/screenshots/` |
| Raw Output | `/usr/share/sniper/loot/workspace/<NAME>/output/` |
### Viewing Reports
To open the HTML report for a workspace:
```bash
sudo sniper --list
#### Via Web Browser
```
http://<SERVER_IP>/loot/workspace/<NAME>/sniper-report.html
```
#### Via Command Line
```bash
firefox /usr/share/sniper/loot/workspace/<NAME>/sniper-report.html
```
Then select the report HTML file from the output or navigate to:
`/usr/share/sniper/loot/workspace/<YOUR_WORKSPACE>/sniper-report.html`
---
## Advanced Options
## Scheduled Scans
| Flag | Description |
| :--- | :--- |
| `-o` / `--osint` | Enable OSINT (Open Source Intelligence) gathering. |
| `-re` / `--recon` | Enable Reconnaissance gathering. |
| `-b` | Enable Brute-force attacks (automatically tries passwords). |
| `-fp` | Full Port Only scan (scans all 65535 ports). |
| `--status` | Check the status of running scans. |
| `-u` / `--update` | Update **UltyScan** to the latest version. |
Set up recurring scans:
```bash
# Daily scan
sniper -w myproject -s daily
# Weekly scan
sniper -w myproject -s weekly
# Monthly scan
sniper -w myproject -s monthly
```
---
[Return to README](../README.md)
## Tips and Best Practices
### 1. Always Use Workspaces
Organize your results by project or engagement:
```bash
sniper -t client.com -w client-pentest-2024
```
### 2. Start with Stealth
For initial reconnaissance, use stealth mode:
```bash
sniper -t target.com -m stealth -o
```
### 3. Enable OSINT for External Targets
Get maximum intelligence on internet-facing targets:
```bash
sniper -t target.com -o -re
```
### 4. Use Web Mode for Web Apps
Focus on web vulnerabilities:
```bash
sniper -t webapp.com -m webscan
```
### 5. Check Console Output
Monitor the Console tab or log files for detailed progress:
```bash
tail -f /var/log/ultyscan/scan_*.log
```