mirror of
https://github.com/DeNNiiInc/UltyScan.git
synced 2026-04-17 16:16:00 +00:00
Add security warnings
This commit is contained in:
12
README.md
12
README.md
@@ -55,7 +55,17 @@ Open your browser and navigate to:
|
||||
http://<SERVER_IP>/ultyscan/
|
||||
```
|
||||
|
||||
### Features
|
||||
### Security Warning ⚠️
|
||||
|
||||
> [!CAUTION]
|
||||
> **THIS UTILITY RUNS WITH ROOT PRIVILEGES.**
|
||||
>
|
||||
> 1. **DO NOT** expose the Web Interface directly to the public internet.
|
||||
> 2. **DO NOT** run this on a server running other critical services.
|
||||
> 3. **ALWAYS** use a VPN or SSH Tunnel (e.g. `ssh -L 8888:localhost:8888 user@server`) to access the interface.
|
||||
> 4. The default install creates a `www-data` sudoer entry allowing execution of critical commands.
|
||||
|
||||
## Features
|
||||
|
||||
| Tab | Description |
|
||||
|-----|-------------|
|
||||
|
||||
@@ -548,6 +548,10 @@ echo ""
|
||||
echo -e "$OKRED[>]$RESET Done! $RESET"
|
||||
echo -e "$OKRED[>]$RESET To run from command line, type 'sniper'! $RESET"
|
||||
echo ""
|
||||
echo -e "$OKRED[!] SECURITY WARNING: THIS UTILITY RUNS WITH ROOT PRIVILEGES$RESET"
|
||||
echo -e "$OKRED[!] DO NOT EXPOSE THIS WEB INTERFACE DIRECTLY TO THE INTERNET$RESET"
|
||||
echo -e "$OKRED[!] USE A VPN OR SSH TUNNEL FOR ACCESS$RESET"
|
||||
echo ""
|
||||
echo -e "$OKBLUE============================================$RESET"
|
||||
echo -e "$OKGREEN ULTYSCAN WEB INTERFACE$RESET"
|
||||
echo -e "$OKBLUE============================================$RESET"
|
||||
|
||||
105
webui/index.php
105
webui/index.php
@@ -390,61 +390,64 @@
|
||||
Loot Directory: <code style="color: var(--accent-primary);">/usr/share/sniper/loot/workspace</code>
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script src="assets/script.js"></script>
|
||||
<script>
|
||||
// Additional inline functions
|
||||
async function updateScanner() {
|
||||
if (!confirm('Update UltyScan to latest version from GitHub?')) return;
|
||||
<!-- Security Warning -->
|
||||
<div style="text-align: center; margin-top: 2rem; padding: 1rem; border-top: 1px solid var(--border-color); color: var(--accent-danger);">
|
||||
<p style="margin-bottom: 0.5rem; font-weight: 500;">⚠️ SECURITY WARNING</p>
|
||||
<p style="font-size: 0.9rem; opacity: 0.8;">This utility runs with ROOT privileges. Do NOT expose this interface directly to the internet.<br>Use a VPN or SSH tunnel (e.g. localhost:8888) for access.</p>
|
||||
</div>
|
||||
|
||||
const btn = event.target;
|
||||
btn.disabled = true;
|
||||
btn.textContent = 'Updating...';
|
||||
<script src="assets/script.js"></script>
|
||||
<script>
|
||||
// Additional inline functions
|
||||
async function updateScanner() {
|
||||
if (!confirm('Update UltyScan to latest version from GitHub?')) return;
|
||||
|
||||
showNotification('Pulling latest changes from GitHub...', 'info');
|
||||
try {
|
||||
const response = await fetch('execute.php', {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/x-www-form-urlencoded'
|
||||
},
|
||||
body: 'action=update'
|
||||
});
|
||||
const result = await response.json();
|
||||
if (result.success) {
|
||||
showNotification('Updated to commit #' + result.commit + '. Refreshing page...', 'success');
|
||||
setTimeout(() => window.location.reload(), 2000);
|
||||
} else {
|
||||
showNotification('Update failed: ' + (result.error || 'Unknown error'), 'error');
|
||||
btn.disabled = false;
|
||||
btn.textContent = 'Update UltyScan';
|
||||
}
|
||||
} catch (e) {
|
||||
showNotification('Update failed: ' + e.message, 'error');
|
||||
btn.disabled = false;
|
||||
btn.textContent = 'Update UltyScan';
|
||||
}
|
||||
}
|
||||
const btn = event.target;
|
||||
btn.disabled = true;
|
||||
btn.textContent = 'Updating...';
|
||||
|
||||
async function stopAllScans() {
|
||||
try {
|
||||
await fetch('execute.php', {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/x-www-form-urlencoded'
|
||||
},
|
||||
body: 'action=stop'
|
||||
});
|
||||
showNotification('Stop signal sent.', 'warning');
|
||||
checkScanStatus();
|
||||
} catch (e) {
|
||||
showNotification('Failed to stop scans.', 'error');
|
||||
}
|
||||
}
|
||||
</script>
|
||||
showNotification('Pulling latest changes from GitHub...', 'info');
|
||||
try {
|
||||
const response = await fetch('execute.php', {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/x-www-form-urlencoded'
|
||||
},
|
||||
body: 'action=update'
|
||||
});
|
||||
const result = await response.json();
|
||||
if (result.success) {
|
||||
showNotification('Updated to commit #' + result.commit + '. Refreshing page...', 'success');
|
||||
setTimeout(() => window.location.reload(), 2000);
|
||||
} else {
|
||||
showNotification('Update failed: ' + (result.error || 'Unknown error'), 'error');
|
||||
btn.disabled = false;
|
||||
btn.textContent = 'Update UltyScan';
|
||||
}
|
||||
} catch (e) {
|
||||
showNotification('Update failed: ' + e.message, 'error');
|
||||
btn.disabled = false;
|
||||
btn.textContent = 'Update UltyScan';
|
||||
}
|
||||
}
|
||||
|
||||
async function stopAllScans() {
|
||||
try {
|
||||
await fetch('execute.php', {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/x-www-form-urlencoded'
|
||||
},
|
||||
body: 'action=stop'
|
||||
});
|
||||
showNotification('Stop signal sent.', 'warning');
|
||||
checkScanStatus();
|
||||
} catch (e) {
|
||||
showNotification('Failed to stop scans.', 'error');
|
||||
}
|
||||
}
|
||||
</script>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
Reference in New Issue
Block a user