mirror of
https://github.com/DeNNiiInc/UltyScan.git
synced 2026-04-17 18:26:00 +00:00
🔍 UltyScan
Attack Surface Management Platform
A comprehensive automated penetration testing and reconnaissance tool with a modern Web Interface for managing scans.
✨ Features
- 16 Scan Modes - From stealth reconnaissance to full aggressive audits
- Modern Web Interface - Launch and manage scans from your browser
- Automated Reporting - HTML reports generated for each scan
- Workspace Management - Organize results by project
- OSINT Integration - Shodan, Censys, Hunter.io, and more
- Vulnerability Scanning - Nuclei, Nikto, and custom checks
- Bruteforce Capabilities - Password attacks on discovered services
🚀 Quick Start
One-Command Installation
git clone https://github.com/DeNNiiInc/UltyScan /usr/share/sniper
cd /usr/share/sniper
bash install.sh force
Note: The
forceflag runs the installation without prompts for fully automated deployment.
After Installation
The installer will display your Web Interface URL:
============================================
ULTYSCAN WEB INTERFACE
============================================
URL: http://<YOUR_IP>/ultyscan/
Logs: /var/log/ultyscan/
Loot: /usr/share/sniper/loot/workspace/
============================================
🖥️ Web Interface
Accessing the UI
Open your browser and navigate to:
http://<SERVER_IP>/ultyscan/
Features
| Tab | Description |
|---|---|
| New Scan | Configure and launch scans with all modes and options |
| Workspaces | View, export, and delete scan workspaces |
| Console | Live output from running scans |
| Settings | Update scanner and stop running scans |
Scan Configuration Options
| Option | Description |
|---|---|
| Target | Domain name or IP address to scan |
| Scan Mode | Select from 16 different scan modes |
| Workspace | Name to organize your results |
| Enable OSINT | Gather intelligence from public sources |
| Enable Recon | Subdomain and DNS enumeration |
| Enable Bruteforce | Password attacks on services |
| Full Port Scan | Scan all 65535 ports |
📋 Scan Modes
| Mode | Description | Use Case |
|---|---|---|
normal |
Balanced scan with enumeration | General purpose |
stealth |
Low-profile, minimal traffic | Avoiding detection |
web |
Ports 80/443 only | Web application focus |
webscan |
Full web application audit | Deep web analysis |
webporthttp |
HTTP on custom port | Non-standard web ports |
webporthttps |
HTTPS on custom port | Non-standard SSL ports |
port |
Single specific port | Targeted service testing |
fullportonly |
All 65535 ports | Complete port discovery |
discover |
Network/CIDR scanning | Infrastructure mapping |
flyover |
Quick multi-target | Fast initial assessment |
airstrike |
Fast enumeration | Speed over depth |
nuke |
Full aggressive audit | Maximum coverage |
massportscan |
Multi-target port scan | Bulk port scanning |
massweb |
Multi-target web scan | Multiple web targets |
masswebscan |
Multi-target webapp | Bulk web app testing |
massvulnscan |
Multi-target vulns | Bulk vulnerability scan |
⌨️ Command Line Usage
Basic Scan
sniper -t example.com
With Options
sniper -t example.com -m normal -w myproject -o -re
Full Scan with All Features
sniper -t example.com -m normal -w myproject -o -re -b -fp
Command Line Options
| Flag | Description |
|---|---|
-t <target> |
Target domain or IP |
-f <file> |
File with list of targets |
-m <mode> |
Scan mode |
-w <name> |
Workspace name |
-o |
Enable OSINT |
-re |
Enable Recon |
-b |
Enable Bruteforce |
-fp |
Full port scan |
-p <port> |
Specific port number |
Workspace Management
# List all workspaces
sniper --list
# Delete a workspace
sniper -w myproject -d
# Export workspace
sniper -w myproject --export
📁 Directory Structure
| Path | Description |
|---|---|
/usr/share/sniper/ |
Installation directory |
/usr/share/sniper/loot/workspace/ |
Scan results and reports |
/var/www/html/ultyscan/ |
Web interface files |
/var/log/ultyscan/ |
Web UI scan logs |
/root/.sniper.conf |
Main configuration file |
⚙️ Configuration
API Keys
Edit /root/.sniper.conf to add your API keys:
# Shodan API Key
SHODAN_API_KEY="your_key_here"
# Censys API
CENSYS_APP_ID="your_id"
CENSYS_API_SECRET="your_secret"
# Hunter.io
HUNTERIO_KEY="your_key"
# GitHub (for secret scanning)
GITHUB_API_KEY="your_token"
Enabling/Disabling Features
In /root/.sniper.conf:
# Enable/Disable scanners (1=on, 0=off)
NUCLEI="1"
NIKTO="0"
WPSCAN="1"
SHODAN="1"
🔒 Security Notes
⚠️ Important Security Considerations
- Network Access: The Web UI should only be accessible from trusted networks
- Root Privileges: The scanner requires root to perform its functions
- Legal Authorization: Only scan systems you have permission to test
🐳 Docker Installation
cd /usr/share/sniper
docker-compose up -d
docker exec -it kali-linux bash
./install.sh force
📊 Viewing Reports
Via Web Interface
- Go to the Workspaces tab
- Click View on any workspace
- Report opens in new tab
Direct Path
/usr/share/sniper/loot/workspace/<NAME>/sniper-report.html
Via Web Server
http://<SERVER_IP>/loot/workspace/<NAME>/sniper-report.html
🔧 Troubleshooting
Scan Not Starting
# Check if sniper is installed correctly
which sniper
# Test manually
sniper -t example.com
Web UI Shows "Idle" When Scan Running
# Check if process is running
ps aux | grep sniper
# Check sudoers
cat /etc/sudoers.d/www-data-sniper
Permission Denied
# Reinstall sudoers configuration
echo 'www-data ALL=(ALL) NOPASSWD: /usr/bin/bash /usr/share/sniper/sniper *' > /etc/sudoers.d/www-data-sniper
chmod 440 /etc/sudoers.d/www-data-sniper
📝 License
See LICENSE.md for details.
🤝 Contributing
Contributions are welcome! Please submit pull requests to improve the tool.