# Usage Guide This guide covers how to use **UltyScan** effectively. The tool works by running the `sniper` command followed by a target and a mode. ## Basic Syntax ```bash sudo sniper -t -m [OPTIONS] ``` - `-t `: The domain (e.g., `example.com`) or IP address (e.g., `192.168.1.1`) you want to scan. - `-m `: The scanning mode (e.g., `normal`, `stealth`, `nuke`). if omitted, defaults to normal. - `-w `: (Optional) Save results to a specific workspace name. --- ## Scanning Modes ### 1. Normal Mode **Best for:** General purpose scanning. Performs a basic scan of targets and open ports using both active and passive checks. It balances speed and depth. **Command:** ```bash sudo sniper -t example.com ``` *Note: If no mode is specified, Normal mode is used.* ### 2. Stealth Mode **Best for:** Avoiding detection. Quickly enumerates targets using mostly non-intrusive scans to avoid WAF (Web Application Firewall) or IPS (Intrusion Prevention System) blocking. **Command:** ```bash sudo sniper -t example.com -m stealth ``` ### 3. Flyover Mode **Best for:** High-level overview of multiple targets. Fast, multi-threaded scans of multiple targets. Great for collecting high-level data (like taking screenshots of web pages) on many hosts quickly. **Command:** ```bash sudo sniper -f targets.txt -m flyover -w my-flyover-scan ``` ### 4. Airstrike Mode **Best for:** Quick enumeration of a list of targets. Quickly enumerates open ports and services on multiple hosts and performs basic fingerprinting. **Command:** ```bash sudo sniper -f targets.txt -m airstrike ``` *Note: `targets.txt` should contain a list of IPs or domains, one per line.* ### 5. Nuke Mode **Best for:** COMPLETE DESTRUCTION (Deep Audit). Launches a full audit of multiple hosts. This enables Brute-force, Full Port Scan, OSINT, Recon, Workspace, and Loot collection. **This is very loud and will likely lock accounts or trigger alarms.** **Command:** ```bash sudo sniper -f targets.txt -m nuke -w my-nuke-scan ``` ### 6. Discover Mode **Best for:** Internal Networks. Parses all hosts on a subnet (CIDR) and initiates a scan against each active host. **Command:** ```bash sudo sniper -t 192.168.1.0/24 -m discover -w internal-scan ``` ### 7. Web Mode **Best for:** Web Application focus. Adds full automatic web application scans to the results. Scans ports 80 (HTTP) and 443 (HTTPS) only. **Command:** ```bash sudo sniper -t example.com -m web ``` --- ## Workspace Management UltyScan saves all data into "Workspaces" to keep your scans organized. ### Creating/Using a Workspace Simply add `-w ` to any command. ```bash sudo sniper -t example.com -w project-alpha ``` ### Listing Workspaces See all your current workspaces. ```bash sudo sniper --list ``` ### Deleting a Workspace Remove a workspace and all its data. ```bash sudo sniper -w project-alpha -d ``` ### Viewing Reports To open the HTML report for a workspace: ```bash sudo sniper --list ``` Then select the report HTML file from the output or navigate to: `/usr/share/sniper/loot/workspace//sniper-report.html` --- ## Advanced Options | Flag | Description | | :--- | :--- | | `-o` / `--osint` | Enable OSINT (Open Source Intelligence) gathering. | | `-re` / `--recon` | Enable Reconnaissance gathering. | | `-b` | Enable Brute-force attacks (automatically tries passwords). | | `-fp` | Full Port Only scan (scans all 65535 ports). | | `--status` | Check the status of running scans. | | `-u` / `--update` | Update **UltyScan** to the latest version. | --- [Return to README](../README.md)