UltyScan

Configure Scan

Target (Domain or IP)

Target File (one per line)

Scan Mode

Workspace Name

Port Number

Additional Options

Enable OSINT Enable Recon Enable Bruteforce Full Port Scan

Scan Mode Guide

Choose the right scan mode based on what you're trying to discover. Each mode is designed for different situations.

🎯 Quick Recommendations

First time scanning a target? → Use Normal
Testing a website/web app? → Use WebScan
Need to stay undetected? → Use Stealth
Quick scan of many targets? → Use Flyover
Full security audit? → Use Nuke

👤 Single Target Modes

Normal

Best for: General-purpose scanning when you don't know what to expect

Performs port scanning, service detection, basic web checks, and vulnerability scanning. Good balance of speed and coverage.

Stealth

Best for: When you need to avoid detection or minimize network noise

Uses slower, quieter techniques. Avoids aggressive scanning that could trigger alerts. Takes longer but less likely to be noticed.

Web 📸 Screenshots

Best for: Targets you know are websites (ports 80 and 443 only)

Focuses only on web services. Fast because it skips non-web ports. Captures screenshots, checks technologies, and finds common web issues.

WebScan 📸 Screenshots

Best for: Deep web application security testing

Thorough web app analysis including directory brute-forcing, vulnerability scanning with Nikto/Nuclei, CMS detection, and more. Takes longer but finds more issues.

Port / WebPortHTTP / WebPortHTTPS 📸 WebPort modes

Best for: Services running on non-standard ports (e.g., web server on port 8080)

Enter the specific port number when using these modes. Use WebPortHTTP for HTTP services or WebPortHTTPS for HTTPS services on custom ports.

FullPortOnly

Best for: Finding services hidden on unusual ports

Scans all 65,535 ports. Very thorough but takes significantly longer. Use when you suspect services are running on non-standard ports.

👥 Multi-Target Modes (require target file)

Flyover

Best for: Quick reconnaissance of many targets

Fast overview of multiple targets. Perfect for initial scoping to identify which targets need deeper investigation.

Airstrike

Best for: Fast enumeration across many targets

More thorough than Flyover but still optimized for speed. Good for medium-depth scanning of a target list.

Nuke 📸 Screenshots

Best for: Complete security audit of multiple targets

⚠️ Aggressive mode. Runs everything - all scans, all checks, maximum coverage. Very thorough but time-consuming and noisy.

MassWeb / MassWebScan / MassVulnScan / MassPortScan 📸 MassWeb* modes

Best for: Running specific scan types across many targets

Specialized bulk scanning. MassWeb for web detection, MassWebScan for deep web analysis, MassVulnScan for vulnerability scanning, MassPortScan for port discovery.

Discover

Best for: Network/CIDR range scanning (e.g., 192.168.1.0/24)

Use to find live hosts on a network. Enter a network range instead of a single target to discover all active devices.

⚙️ Additional Options Explained

✓ Enable OSINT

Searches public sources (Shodan, Censys, etc.) for information about your target. Finds exposed services, historical data, and leaked information.

✓ Enable Recon

Discovers subdomains and DNS information. Essential for finding all assets associated with a domain (e.g., mail.example.com, dev.example.com).

✓ Enable Bruteforce

Attempts to find hidden directories and login pages. Also tries common password attacks on discovered services. ⚠️ Can be noisy.

✓ Full Port Scan

Scans all 65,535 ports instead of just common ones. Takes much longer but finds services running on unusual ports.