mirror of
https://github.com/DeNNiiInc/UltyScan.git
synced 2026-04-17 18:26:00 +00:00
274 lines
6.2 KiB
Markdown
274 lines
6.2 KiB
Markdown
# 🔍 UltyScan
|
|
|
|
**Attack Surface Management Platform**
|
|
|
|
A comprehensive automated penetration testing and reconnaissance tool with a modern Web Interface for managing scans.
|
|
|
|
---
|
|
|
|
## ✨ Features
|
|
|
|
- **16 Scan Modes** - From stealth reconnaissance to full aggressive audits
|
|
- **Modern Web Interface** - Launch and manage scans from your browser
|
|
- **Automated Reporting** - HTML reports generated for each scan
|
|
- **Workspace Management** - Organize results by project
|
|
- **OSINT Integration** - Shodan, Censys, Hunter.io, and more
|
|
- **Vulnerability Scanning** - Nuclei, Nikto, and custom checks
|
|
- **Bruteforce Capabilities** - Password attacks on discovered services
|
|
|
|
---
|
|
|
|
## 🚀 Quick Start
|
|
|
|
### One-Command Installation
|
|
|
|
```bash
|
|
git clone https://github.com/DeNNiiInc/UltyScan /usr/share/sniper
|
|
cd /usr/share/sniper
|
|
bash install.sh force
|
|
```
|
|
|
|
> **Note:** The `force` flag runs the installation without prompts for fully automated deployment.
|
|
|
|
### After Installation
|
|
|
|
The installer will display your Web Interface URL:
|
|
|
|
```
|
|
============================================
|
|
ULTYSCAN WEB INTERFACE
|
|
============================================
|
|
URL: http://<YOUR_IP>/ultyscan/
|
|
Logs: /var/log/ultyscan/
|
|
Loot: /usr/share/sniper/loot/workspace/
|
|
============================================
|
|
```
|
|
|
|
---
|
|
|
|
## 🖥️ Web Interface
|
|
|
|
### Accessing the UI
|
|
|
|
Open your browser and navigate to:
|
|
```
|
|
http://<SERVER_IP>/ultyscan/
|
|
```
|
|
|
|
### Features
|
|
|
|
| Tab | Description |
|
|
|-----|-------------|
|
|
| **New Scan** | Configure and launch scans with all modes and options |
|
|
| **Workspaces** | View, export, and delete scan workspaces |
|
|
| **Console** | Live output from running scans |
|
|
| **Settings** | Update scanner and stop running scans |
|
|
|
|
### Scan Configuration Options
|
|
|
|
| Option | Description |
|
|
|--------|-------------|
|
|
| **Target** | Domain name or IP address to scan |
|
|
| **Scan Mode** | Select from 16 different scan modes |
|
|
| **Workspace** | Name to organize your results |
|
|
| **Enable OSINT** | Gather intelligence from public sources |
|
|
| **Enable Recon** | Subdomain and DNS enumeration |
|
|
| **Enable Bruteforce** | Password attacks on services |
|
|
| **Full Port Scan** | Scan all 65535 ports |
|
|
|
|
---
|
|
|
|
## 📋 Scan Modes
|
|
|
|
| Mode | Description | Use Case |
|
|
|------|-------------|----------|
|
|
| `normal` | Balanced scan with enumeration | General purpose |
|
|
| `stealth` | Low-profile, minimal traffic | Avoiding detection |
|
|
| `web` | Ports 80/443 only | Web application focus |
|
|
| `webscan` | Full web application audit | Deep web analysis |
|
|
| `webporthttp` | HTTP on custom port | Non-standard web ports |
|
|
| `webporthttps` | HTTPS on custom port | Non-standard SSL ports |
|
|
| `port` | Single specific port | Targeted service testing |
|
|
| `fullportonly` | All 65535 ports | Complete port discovery |
|
|
| `discover` | Network/CIDR scanning | Infrastructure mapping |
|
|
| `flyover` | Quick multi-target | Fast initial assessment |
|
|
| `airstrike` | Fast enumeration | Speed over depth |
|
|
| `nuke` | Full aggressive audit | Maximum coverage |
|
|
| `massportscan` | Multi-target port scan | Bulk port scanning |
|
|
| `massweb` | Multi-target web scan | Multiple web targets |
|
|
| `masswebscan` | Multi-target webapp | Bulk web app testing |
|
|
| `massvulnscan` | Multi-target vulns | Bulk vulnerability scan |
|
|
|
|
---
|
|
|
|
## ⌨️ Command Line Usage
|
|
|
|
### Basic Scan
|
|
```bash
|
|
sniper -t example.com
|
|
```
|
|
|
|
### With Options
|
|
```bash
|
|
sniper -t example.com -m normal -w myproject -o -re
|
|
```
|
|
|
|
### Full Scan with All Features
|
|
```bash
|
|
sniper -t example.com -m normal -w myproject -o -re -b -fp
|
|
```
|
|
|
|
### Command Line Options
|
|
|
|
| Flag | Description |
|
|
|------|-------------|
|
|
| `-t <target>` | Target domain or IP |
|
|
| `-f <file>` | File with list of targets |
|
|
| `-m <mode>` | Scan mode |
|
|
| `-w <name>` | Workspace name |
|
|
| `-o` | Enable OSINT |
|
|
| `-re` | Enable Recon |
|
|
| `-b` | Enable Bruteforce |
|
|
| `-fp` | Full port scan |
|
|
| `-p <port>` | Specific port number |
|
|
|
|
### Workspace Management
|
|
```bash
|
|
# List all workspaces
|
|
sniper --list
|
|
|
|
# Delete a workspace
|
|
sniper -w myproject -d
|
|
|
|
# Export workspace
|
|
sniper -w myproject --export
|
|
```
|
|
|
|
---
|
|
|
|
## 📁 Directory Structure
|
|
|
|
| Path | Description |
|
|
|------|-------------|
|
|
| `/usr/share/sniper/` | Installation directory |
|
|
| `/usr/share/sniper/loot/workspace/` | Scan results and reports |
|
|
| `/var/www/html/ultyscan/` | Web interface files |
|
|
| `/var/log/ultyscan/` | Web UI scan logs |
|
|
| `/root/.sniper.conf` | Main configuration file |
|
|
|
|
---
|
|
|
|
## ⚙️ Configuration
|
|
|
|
### API Keys
|
|
|
|
Edit `/root/.sniper.conf` to add your API keys:
|
|
|
|
```bash
|
|
# Shodan API Key
|
|
SHODAN_API_KEY="your_key_here"
|
|
|
|
# Censys API
|
|
CENSYS_APP_ID="your_id"
|
|
CENSYS_API_SECRET="your_secret"
|
|
|
|
# Hunter.io
|
|
HUNTERIO_KEY="your_key"
|
|
|
|
# GitHub (for secret scanning)
|
|
GITHUB_API_KEY="your_token"
|
|
```
|
|
|
|
### Enabling/Disabling Features
|
|
|
|
In `/root/.sniper.conf`:
|
|
|
|
```bash
|
|
# Enable/Disable scanners (1=on, 0=off)
|
|
NUCLEI="1"
|
|
NIKTO="0"
|
|
WPSCAN="1"
|
|
SHODAN="1"
|
|
```
|
|
|
|
---
|
|
|
|
## 🔒 Security Notes
|
|
|
|
> ⚠️ **Important Security Considerations**
|
|
|
|
1. **Network Access**: The Web UI should only be accessible from trusted networks
|
|
2. **Root Privileges**: The scanner requires root to perform its functions
|
|
3. **Legal Authorization**: Only scan systems you have permission to test
|
|
|
|
---
|
|
|
|
## 🐳 Docker Installation
|
|
|
|
```bash
|
|
cd /usr/share/sniper
|
|
docker-compose up -d
|
|
docker exec -it kali-linux bash
|
|
./install.sh force
|
|
```
|
|
|
|
---
|
|
|
|
## 📊 Viewing Reports
|
|
|
|
### Via Web Interface
|
|
1. Go to the **Workspaces** tab
|
|
2. Click **View** on any workspace
|
|
3. Report opens in new tab
|
|
|
|
### Direct Path
|
|
```
|
|
/usr/share/sniper/loot/workspace/<NAME>/sniper-report.html
|
|
```
|
|
|
|
### Via Web Server
|
|
```
|
|
http://<SERVER_IP>/loot/workspace/<NAME>/sniper-report.html
|
|
```
|
|
|
|
---
|
|
|
|
## 🔧 Troubleshooting
|
|
|
|
### Scan Not Starting
|
|
```bash
|
|
# Check if sniper is installed correctly
|
|
which sniper
|
|
|
|
# Test manually
|
|
sniper -t example.com
|
|
```
|
|
|
|
### Web UI Shows "Idle" When Scan Running
|
|
```bash
|
|
# Check if process is running
|
|
ps aux | grep sniper
|
|
|
|
# Check sudoers
|
|
cat /etc/sudoers.d/www-data-sniper
|
|
```
|
|
|
|
### Permission Denied
|
|
```bash
|
|
# Reinstall sudoers configuration
|
|
echo 'www-data ALL=(ALL) NOPASSWD: /usr/bin/bash /usr/share/sniper/sniper *' > /etc/sudoers.d/www-data-sniper
|
|
chmod 440 /etc/sudoers.d/www-data-sniper
|
|
```
|
|
|
|
---
|
|
|
|
## 📝 License
|
|
|
|
See [LICENSE.md](LICENSE.md) for details.
|
|
|
|
---
|
|
|
|
## 🤝 Contributing
|
|
|
|
Contributions are welcome! Please submit pull requests to improve the tool.
|