dennii/UltyScan
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/UltyScan.git synced 2026-04-17 16:16:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add security warnings

Browse Source
This commit is contained in:
DeNNiiInc
2026-01-01 22:28:32 +11:00
parent ebfac8de92
commit 7ae9491feb
3 changed files with 69 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@@ -55,7 +55,17 @@ Open your browser and navigate to:
http://<SERVER_IP>/ultyscan/ http://<SERVER_IP>/ultyscan/
``` ```
### Features ### Security Warning ⚠️
> [!CAUTION]
> **THIS UTILITY RUNS WITH ROOT PRIVILEGES.**
>
> 1. **DO NOT** expose the Web Interface directly to the public internet.
> 2. **DO NOT** run this on a server running other critical services.
> 3. **ALWAYS** use a VPN or SSH Tunnel (e.g. `ssh -L 8888:localhost:8888 user@server`) to access the interface.
> 4. The default install creates a `www-data` sudoer entry allowing execution of critical commands.
## Features
| Tab | Description | | Tab | Description |
|-----|-------------| |-----|-------------|

4
install.sh
View File

@@ -548,6 +548,10 @@ echo ""
echo -e "$OKRED[>]$RESET Done! $RESET" echo -e "$OKRED[>]$RESET Done! $RESET"
echo -e "$OKRED[>]$RESET To run from command line, type 'sniper'! $RESET" echo -e "$OKRED[>]$RESET To run from command line, type 'sniper'! $RESET"
echo "" echo ""
echo -e "$OKRED[!] SECURITY WARNING: THIS UTILITY RUNS WITH ROOT PRIVILEGES$RESET"
echo -e "$OKRED[!] DO NOT EXPOSE THIS WEB INTERFACE DIRECTLY TO THE INTERNET$RESET"
echo -e "$OKRED[!] USE A VPN OR SSH TUNNEL FOR ACCESS$RESET"
echo ""
echo -e "$OKBLUE============================================$RESET" echo -e "$OKBLUE============================================$RESET"
echo -e "$OKGREEN ULTYSCAN WEB INTERFACE$RESET" echo -e "$OKGREEN ULTYSCAN WEB INTERFACE$RESET"
echo -e "$OKBLUE============================================$RESET" echo -e "$OKBLUE============================================$RESET"

105
webui/index.php
View File

@@ -390,61 +390,64 @@
Loot Directory: <code style="color: var(--accent-primary);">/usr/share/sniper/loot/workspace</code> Loot Directory: <code style="color: var(--accent-primary);">/usr/share/sniper/loot/workspace</code>
</p> </p>
</div> </div>
</div>
</div>
</div>
<script src="assets/script.js"></script> <!-- Security Warning -->
<script> <div style="text-align: center; margin-top: 2rem; padding: 1rem; border-top: 1px solid var(--border-color); color: var(--accent-danger);">
// Additional inline functions <p style="margin-bottom: 0.5rem; font-weight: 500;">⚠️ SECURITY WARNING</p>
async function updateScanner() { <p style="font-size: 0.9rem; opacity: 0.8;">This utility runs with ROOT privileges. Do NOT expose this interface directly to the internet.<br>Use a VPN or SSH tunnel (e.g. localhost:8888) for access.</p>
if (!confirm('Update UltyScan to latest version from GitHub?')) return; </div>
const btn = event.target; <script src="assets/script.js"></script>
btn.disabled = true; <script>
btn.textContent = 'Updating...'; // Additional inline functions
async function updateScanner() {
if (!confirm('Update UltyScan to latest version from GitHub?')) return;
showNotification('Pulling latest changes from GitHub...', 'info'); const btn = event.target;
try { btn.disabled = true;
const response = await fetch('execute.php', { btn.textContent = 'Updating...';
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: 'action=update'
});
const result = await response.json();
if (result.success) {
showNotification('Updated to commit #' + result.commit + '. Refreshing page...', 'success');
setTimeout(() => window.location.reload(), 2000);
} else {
showNotification('Update failed: ' + (result.error || 'Unknown error'), 'error');
btn.disabled = false;
btn.textContent = 'Update UltyScan';
}
} catch (e) {
showNotification('Update failed: ' + e.message, 'error');
btn.disabled = false;
btn.textContent = 'Update UltyScan';
}
}
async function stopAllScans() { showNotification('Pulling latest changes from GitHub...', 'info');
try { try {
await fetch('execute.php', { const response = await fetch('execute.php', {
method: 'POST', method: 'POST',
headers: { headers: {
'Content-Type': 'application/x-www-form-urlencoded' 'Content-Type': 'application/x-www-form-urlencoded'
}, },
body: 'action=stop' body: 'action=update'
}); });
showNotification('Stop signal sent.', 'warning'); const result = await response.json();
checkScanStatus(); if (result.success) {
} catch (e) { showNotification('Updated to commit #' + result.commit + '. Refreshing page...', 'success');
showNotification('Failed to stop scans.', 'error'); setTimeout(() => window.location.reload(), 2000);
} } else {
} showNotification('Update failed: ' + (result.error || 'Unknown error'), 'error');
</script> btn.disabled = false;
btn.textContent = 'Update UltyScan';
}
} catch (e) {
showNotification('Update failed: ' + e.message, 'error');
btn.disabled = false;
btn.textContent = 'Update UltyScan';
}
}
async function stopAllScans() {
try {
await fetch('execute.php', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: 'action=stop'
});
showNotification('Stop signal sent.', 'warning');
checkScanStatus();
} catch (e) {
showNotification('Failed to stop scans.', 'error');
}
}
</script>
</body> </body>
</html> </html>