# 🔍 UltyScan **Attack Surface Management Platform** A comprehensive automated penetration testing and reconnaissance tool with a modern Web Interface for managing scans. --- ## ✨ Features - **16 Scan Modes** - From stealth reconnaissance to full aggressive audits - **Modern Web Interface** - Launch and manage scans from your browser - **Automated Reporting** - HTML reports generated for each scan - **Workspace Management** - Organize results by project - **OSINT Integration** - Shodan, Censys, Hunter.io, and more - **Vulnerability Scanning** - Nuclei, Nikto, and custom checks - **Bruteforce Capabilities** - Password attacks on discovered services --- ## 🚀 Quick Start ### One-Command Installation ```bash git clone https://github.com/DeNNiiInc/UltyScan /usr/share/sniper cd /usr/share/sniper bash install.sh force ``` > **Note:** The `force` flag runs the installation without prompts for fully automated deployment. ### After Installation The installer will display your Web Interface URL: ``` ============================================ ULTYSCAN WEB INTERFACE ============================================ URL: http:///ultyscan/ Logs: /var/log/ultyscan/ Loot: /usr/share/sniper/loot/workspace/ ============================================ ``` --- ## 🖥️ Web Interface ### Accessing the UI Open your browser and navigate to: ``` http:///ultyscan/ ``` ### Features | Tab | Description | |-----|-------------| | **New Scan** | Configure and launch scans with all modes and options | | **Workspaces** | View, export, and delete scan workspaces | | **Console** | Live output from running scans | | **Settings** | Update scanner and stop running scans | ### Scan Configuration Options | Option | Description | |--------|-------------| | **Target** | Domain name or IP address to scan | | **Scan Mode** | Select from 16 different scan modes | | **Workspace** | Name to organize your results | | **Enable OSINT** | Gather intelligence from public sources | | **Enable Recon** | Subdomain and DNS enumeration | | **Enable Bruteforce** | Password attacks on services | | **Full Port Scan** | Scan all 65535 ports | --- ## 📋 Scan Modes | Mode | Description | Use Case | |------|-------------|----------| | `normal` | Balanced scan with enumeration | General purpose | | `stealth` | Low-profile, minimal traffic | Avoiding detection | | `web` | Ports 80/443 only | Web application focus | | `webscan` | Full web application audit | Deep web analysis | | `webporthttp` | HTTP on custom port | Non-standard web ports | | `webporthttps` | HTTPS on custom port | Non-standard SSL ports | | `port` | Single specific port | Targeted service testing | | `fullportonly` | All 65535 ports | Complete port discovery | | `discover` | Network/CIDR scanning | Infrastructure mapping | | `flyover` | Quick multi-target | Fast initial assessment | | `airstrike` | Fast enumeration | Speed over depth | | `nuke` | Full aggressive audit | Maximum coverage | | `massportscan` | Multi-target port scan | Bulk port scanning | | `massweb` | Multi-target web scan | Multiple web targets | | `masswebscan` | Multi-target webapp | Bulk web app testing | | `massvulnscan` | Multi-target vulns | Bulk vulnerability scan | --- ## ⌨️ Command Line Usage ### Basic Scan ```bash sniper -t example.com ``` ### With Options ```bash sniper -t example.com -m normal -w myproject -o -re ``` ### Full Scan with All Features ```bash sniper -t example.com -m normal -w myproject -o -re -b -fp ``` ### Command Line Options | Flag | Description | |------|-------------| | `-t ` | Target domain or IP | | `-f ` | File with list of targets | | `-m ` | Scan mode | | `-w ` | Workspace name | | `-o` | Enable OSINT | | `-re` | Enable Recon | | `-b` | Enable Bruteforce | | `-fp` | Full port scan | | `-p ` | Specific port number | ### Workspace Management ```bash # List all workspaces sniper --list # Delete a workspace sniper -w myproject -d # Export workspace sniper -w myproject --export ``` --- ## 📁 Directory Structure | Path | Description | |------|-------------| | `/usr/share/sniper/` | Installation directory | | `/usr/share/sniper/loot/workspace/` | Scan results and reports | | `/var/www/html/ultyscan/` | Web interface files | | `/var/log/ultyscan/` | Web UI scan logs | | `/root/.sniper.conf` | Main configuration file | --- ## ⚙️ Configuration ### API Keys Edit `/root/.sniper.conf` to add your API keys: ```bash # Shodan API Key SHODAN_API_KEY="your_key_here" # Censys API CENSYS_APP_ID="your_id" CENSYS_API_SECRET="your_secret" # Hunter.io HUNTERIO_KEY="your_key" # GitHub (for secret scanning) GITHUB_API_KEY="your_token" ``` ### Enabling/Disabling Features In `/root/.sniper.conf`: ```bash # Enable/Disable scanners (1=on, 0=off) NUCLEI="1" NIKTO="0" WPSCAN="1" SHODAN="1" ``` --- ## 🔒 Security Notes > ⚠️ **Important Security Considerations** 1. **Network Access**: The Web UI should only be accessible from trusted networks 2. **Root Privileges**: The scanner requires root to perform its functions 3. **Legal Authorization**: Only scan systems you have permission to test --- ## 🐳 Docker Installation ```bash cd /usr/share/sniper docker-compose up -d docker exec -it kali-linux bash ./install.sh force ``` --- ## 📊 Viewing Reports ### Via Web Interface 1. Go to the **Workspaces** tab 2. Click **View** on any workspace 3. Report opens in new tab ### Direct Path ``` /usr/share/sniper/loot/workspace//sniper-report.html ``` ### Via Web Server ``` http:///loot/workspace//sniper-report.html ``` --- ## 🔧 Troubleshooting ### Scan Not Starting ```bash # Check if sniper is installed correctly which sniper # Test manually sniper -t example.com ``` ### Web UI Shows "Idle" When Scan Running ```bash # Check if process is running ps aux | grep sniper # Check sudoers cat /etc/sudoers.d/www-data-sniper ``` ### Permission Denied ```bash # Reinstall sudoers configuration echo 'www-data ALL=(ALL) NOPASSWD: /usr/bin/bash /usr/share/sniper/sniper *' > /etc/sudoers.d/www-data-sniper chmod 440 /etc/sudoers.d/www-data-sniper ``` --- ## 📝 License See [LICENSE.md](LICENSE.md) for details. --- ## 🤝 Contributing Contributions are welcome! Please submit pull requests to improve the tool.