Add Web Interface for UltyScan

webui/execute.php

@@ -0,0 +1,151 @@
+<?php
+
+/**
+ * UltyScan Web Interface - Execute Scan
+ * Handles form submissions and runs the sniper command
+ */
+
+header('Content-Type: application/json');
+
+// Security: Only allow POST requests
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(405);
+    echo json_encode(['success' => false, 'error' => 'Method not allowed']);
+    exit;
+}
+
+// Configuration
+define('SNIPER_PATH', '/usr/share/sniper/sniper');
+define('LOG_DIR', '/var/log/ultyscan');
+
+// Ensure log directory exists
+if (!is_dir(LOG_DIR)) {
+    mkdir(LOG_DIR, 0755, true);
+}
+
+// Handle special actions
+$action = $_POST['action'] ?? '';
+
+if ($action === 'update') {
+    $cmd = SNIPER_PATH . ' -u 2>&1';
+    $logFile = LOG_DIR . '/update_' . date('Ymd_His') . '.log';
+    exec("nohup $cmd > $logFile 2>&1 &");
+    echo json_encode(['success' => true, 'message' => 'Update started', 'log' => $logFile]);
+    exit;
+}
+
+if ($action === 'stop') {
+    exec('pkill -f "sniper"');
+    echo json_encode(['success' => true, 'message' => 'Stop signal sent']);
+    exit;
+}
+
+// Build the sniper command
+$command = SNIPER_PATH;
+$errors = [];
+
+// Target (required unless using file)
+$target = trim($_POST['target'] ?? '');
+$targetFile = trim($_POST['target_file'] ?? '');
+$mode = trim($_POST['mode'] ?? 'normal');
+
+// Validate mode against allowed list
+$allowedModes = [
+    'normal',
+    'stealth',
+    'web',
+    'webscan',
+    'webporthttp',
+    'webporthttps',
+    'port',
+    'fullportonly',
+    'discover',
+    'flyover',
+    'airstrike',
+    'nuke',
+    'massportscan',
+    'massweb',
+    'masswebscan',
+    'massvulnscan'
+];
+
+if (!in_array($mode, $allowedModes)) {
+    echo json_encode(['success' => false, 'error' => 'Invalid scan mode']);
+    exit;
+}
+
+// Modes that require a file instead of single target
+$fileModes = ['airstrike', 'nuke', 'massportscan', 'massweb', 'masswebscan', 'massvulnscan', 'flyover'];
+
+if (in_array($mode, $fileModes)) {
+    if (empty($targetFile)) {
+        echo json_encode(['success' => false, 'error' => 'This mode requires a target file']);
+        exit;
+    }
+    // Write targets to temp file
+    $tmpFile = '/tmp/ultyscan_targets_' . uniqid() . '.txt';
+    file_put_contents($tmpFile, $targetFile);
+    $command .= ' -f ' . escapeshellarg($tmpFile);
+} else {
+    if (empty($target)) {
+        echo json_encode(['success' => false, 'error' => 'Target is required']);
+        exit;
+    }
+    // Sanitize target
+    $target = preg_replace('/[^a-zA-Z0-9\.\-\_\/\:]/', '', $target);
+    $command .= ' -t ' . escapeshellarg($target);
+}
+
+// Mode
+$command .= ' -m ' . escapeshellarg($mode);
+
+// Workspace
+$workspace = trim($_POST['workspace'] ?? '');
+if (!empty($workspace)) {
+    $workspace = preg_replace('/[^a-zA-Z0-9\-\_]/', '', $workspace);
+    $command .= ' -w ' . escapeshellarg($workspace);
+}
+
+// Port (for port modes)
+$port = intval($_POST['port'] ?? 0);
+if ($port > 0 && $port <= 65535) {
+    $command .= ' -p ' . $port;
+}
+
+// Options
+if (!empty($_POST['osint'])) {
+    $command .= ' -o';
+}
+
+if (!empty($_POST['recon'])) {
+    $command .= ' -re';
+}
+
+if (!empty($_POST['bruteforce'])) {
+    $command .= ' -b';
+}
+
+if (!empty($_POST['fullportscan'])) {
+    $command .= ' -fp';
+}
+
+// Create log file for this scan
+$scanId = date('Ymd_His') . '_' . substr(md5(uniqid()), 0, 6);
+$logFile = LOG_DIR . '/scan_' . $scanId . '.log';
+
+// Run the command in background
+$fullCommand = "nohup $command > $logFile 2>&1 &";
+
+// Log the command (for debugging)
+file_put_contents(LOG_DIR . '/commands.log', date('Y-m-d H:i:s') . " - $command\n", FILE_APPEND);
+
+// Execute
+exec($fullCommand);
+
+echo json_encode([
+    'success' => true,
+    'scanId' => $scanId,
+    'command' => $command,
+    'logFile' => $logFile,
+    'message' => 'Scan started'
+]);