3.5 KiB
Usage Guide
This guide covers how to use UltyScan effectively. The tool works by running the sniper command followed by a target and a mode.
Basic Syntax
sudo sniper -t <TARGET> -m <MODE> [OPTIONS]
-t <TARGET>: The domain (e.g.,example.com) or IP address (e.g.,192.168.1.1) you want to scan.-m <MODE>: The scanning mode (e.g.,normal,stealth,nuke). if omitted, defaults to normal.-w <WORKSPACE>: (Optional) Save results to a specific workspace name.
Scanning Modes
1. Normal Mode
Best for: General purpose scanning. Performs a basic scan of targets and open ports using both active and passive checks. It balances speed and depth.
Command:
sudo sniper -t example.com
Note: If no mode is specified, Normal mode is used.
2. Stealth Mode
Best for: Avoiding detection. Quickly enumerates targets using mostly non-intrusive scans to avoid WAF (Web Application Firewall) or IPS (Intrusion Prevention System) blocking.
Command:
sudo sniper -t example.com -m stealth
3. Flyover Mode
Best for: High-level overview of multiple targets. Fast, multi-threaded scans of multiple targets. Great for collecting high-level data (like taking screenshots of web pages) on many hosts quickly.
Command:
sudo sniper -f targets.txt -m flyover -w my-flyover-scan
4. Airstrike Mode
Best for: Quick enumeration of a list of targets. Quickly enumerates open ports and services on multiple hosts and performs basic fingerprinting.
Command:
sudo sniper -f targets.txt -m airstrike
Note: targets.txt should contain a list of IPs or domains, one per line.
5. Nuke Mode
Best for: COMPLETE DESTRUCTION (Deep Audit). Launches a full audit of multiple hosts. This enables Brute-force, Full Port Scan, OSINT, Recon, Workspace, and Loot collection. This is very loud and will likely lock accounts or trigger alarms.
Command:
sudo sniper -f targets.txt -m nuke -w my-nuke-scan
6. Discover Mode
Best for: Internal Networks. Parses all hosts on a subnet (CIDR) and initiates a scan against each active host.
Command:
sudo sniper -t 192.168.1.0/24 -m discover -w internal-scan
7. Web Mode
Best for: Web Application focus. Adds full automatic web application scans to the results. Scans ports 80 (HTTP) and 443 (HTTPS) only.
Command:
sudo sniper -t example.com -m web
Workspace Management
UltyScan saves all data into "Workspaces" to keep your scans organized.
Creating/Using a Workspace
Simply add -w <NAME> to any command.
sudo sniper -t example.com -w project-alpha
Listing Workspaces
See all your current workspaces.
sudo sniper --list
Deleting a Workspace
Remove a workspace and all its data.
sudo sniper -w project-alpha -d
Viewing Reports
To open the HTML report for a workspace:
sudo sniper --list
Then select the report HTML file from the output or navigate to:
/usr/share/sniper/loot/workspace/<YOUR_WORKSPACE>/sniper-report.html
Advanced Options
| Flag | Description |
|---|---|
-o / --osint |
Enable OSINT (Open Source Intelligence) gathering. |
-re / --recon |
Enable Reconnaissance gathering. |
-b |
Enable Brute-force attacks (automatically tries passwords). |
-fp |
Full Port Only scan (scans all 65535 ports). |
--status |
Check the status of running scans. |
-u / --update |
Update UltyScan to the latest version. |