Revise success check and CLI usage instructions

Updated success check message and added usage instructions for CLI tool.

Author: trmxvibs

README.md

@@ -125,7 +125,33 @@ Run the setup script to create the SQLite database and the default admin user.
 python database_setup.py
 ```
 
-### **Success Check:** You should see the message: [+] Default User Created: lokesh/lokesh
+### **Success Check:** You should see the message: 
+[+] Default User Created: lokesh/lokesh
+- Default user/pass ==> lokesh/lokesh
+## Change your login data 
+```
+python cli_tool.py --config
+```
+<img width="738" height="281" alt="image" src="https://github.com/user-attachments/assets/de773bb9-dd9d-4854-a608-062101889c08" />
+
+## Show HelpMenu
+```
+python cli_tool.py -h
+```
+```html
+usage: cli_tool.py [-h] [-t TARGET] [-m {basic,medium,advance,custom}] [--flags FLAGS] [-o] [--config]
+
+Net-Sentry Professional CLI
+
+options:
+  -h, --help            show this help message and exit
+  -t, --target TARGET   Target IP or Domain
+  -m, --mode {basic,medium,advance,custom}
+                        Scan Profile
+  --flags FLAGS         Custom Nmap Flags
+  -o, --output          Save report to file
+  --config              Reset Admin Username/Password
+```
 
 ---
 
@@ -147,7 +173,7 @@ Default Username: `lokesh`
 Default Password: `lokesh`
 
 **Security Note: Change your password immediately using the ⚙️ SETTINGS button in the dashboard header.**
----
+
 ### 3. Dashboard Operations
 Live Terminal: Type commands directly into the browser console.
 
@@ -188,7 +214,336 @@ Save the scan results to a text file for documentation.
 ```
 python cli_tool.py -t example.com -m medium -o
 ```
+<img width="1255" height="658" alt="image" src="https://github.com/user-attachments/assets/21ffcd5d-7f48-4784-8087-b37fa6cae323" />
+
 **Tip: The CLI tool uses the exact same engine as the web dashboard, ensuring consistent results across interfaces.**
+
+# Results
+```python
+
+ [★] RISK SCORE: 100/100 (CRITICAL)
+
+----------------------------------------
+
+ [*] TARGET: google.com
+
+ [*] MODE: ADVANCE
+
+--- GEO-INTEL REPORT ---
+[+] Org: Google LLC
+[+] Country: India (IN)
+[+] ISP: Google LLC
+[COORDS] 28.6139,77.2088
+------------------------
+
+
+
+ [*] THE ORACLE (SHODAN DB):
+   [+] Ports: [80, 443]
+   [✓] Clean record.
+[✓] NO WAF DETECTED.
+
+
+ [*] SSL ILLUMINATOR:
+   [+] Issued: WR2
+   [SCOPE] Found 137 hidden domains:
+       > *.google.com
+       > *.appengine.google.com
+       > *.bdn.dev
+       > *.origin-test.bdn.dev
+       > *.cloud.google.com
+       > *.crowdsource.google.com
+       > *.datacompute.google.com
+       > *.google.ca
+       > *.google.cl
+       > *.google.co.in
+       ...and 127 more.
+
+
+ [*] PASSIVE SUBDOMAINS:
+   [+] Found 189 subdomains:
+       > aarjav-b480g7k2ab9@checkout.google.com
+       > accounts.flexpack.google.com
+       > accounts.freezone.google.com
+       > accounts.google.com
+       > admin@google.com
+       > ads-compare.eem.corp.google.com
+       > adwords.google.com
+       > adwords.google.com.ar
+       > adwords.google.com.au
+       > adwords.google.com.br
+       > adwords.google.com.cn
+       > adwords.google.com.gr
+       > adwords.google.com.hk
+       > adwords.google.com.ly
+       > adwords.google.com.mx
+       > adwords.google.com.my
+       > adwords.google.com.pe
+       > adwords.google.com.ph
+       > adwords.google.com.pk
+       > adwords.google.com.ru
+       ...and 169 more.
+
+
+ [*] ACTIVE SUBDOMAIN DISCOVERY:
+   [⚡] Discovered 11 HIDDEN active subdomains:
+       > www.google.com
+       > mail.google.com
+       > blog.google.com
+       > ns1.google.com
+       > ns2.google.com
+       > smtp.google.com
+       > vpn.google.com
+       > m.google.com
+       > shop.google.com
+       > admin.google.com
+       > api.google.com
+
+
+ [*] MASS TAKEOVER SCANNER:
+   [✓] No dangling subdomains found.
+
+
+ [*] DNS ZONE TRANSFER:
+   [✓] DNS Secure.
+
+ [*] DEEP VULNERABILITY SCAN (LFI/CONFIG):
+   [✓] No config backups exposed.
+   [✓] LFI check passed.
+
+
+ [*] DIRECTORY BUSTER:
+   [200] FOUND: /robots.txt
+   [200] FOUND: /dashboard
+
+
+ [*] CMS HUNTER (WORDPRESS):
+   [✓] WP API secure or not WordPress.
+
+
+ [*] GIT SOURCE HUNTER:
+   [✓] .git is secure.
+
+
+ [*] SPRING BOOT ACTUATOR SCAN:
+   [✓] Spring Boot Actuators secured.
+
+
+ [*] BROKEN LINK HIJACKING:
+   [✓] External links resolve correctly.
+
+
+ [*] FIREBASE DATABASE HUNTER:
+   [✓] No open Firebase databases found.
+
+
+ [*] MOBILE APP ASSET SCANNER:
+   [+] Found Mobile Config: /apple-app-site-association
+       [⚠️] LEAK: Internal domains found in /apple-app-site-association
+
+
+ [*] HOST HEADER INJECTION:
+   [✓] Server ignores spoofed Host headers.
+
+
+ [*] CRLF INJECTION (HEADER SPLITTING):
+   [✓] Header Splitting protected.
+
+
+ [*] CORS CONFIG CHECK:
+   [✓] CORS policy secure.
+
+
+ [*] CLICKJACKING CHECK:
+   [✓] Protected against Clickjacking.
+
+
+ [*] PROTOTYPE POLLUTION FUZZER:
+   [✓] Server appears resilient.
+
+
+ [*] DESERIALIZATION SCAN:
+   [✓] No serialized objects found in cookies.
+
+
+ [*] VERB TAMPERING:
+   [✓] Verbs restricted.
+
+
+ [*] HTTP REQUEST SMUGGLING (CL.TE/TE.CL):
+   [✓] No smuggling anomalies detected.
+
+
+ [*] WEBSOCKET SECURITY (CSWSH):
+   [✓] No open WebSocket found.
+
+
+ [*] API RATE LIMIT BYPASS:
+   [✓] Rate limiting appears robust (or not triggered).
+
+
+ [*] GRAPHQL INSPECTOR:
+
+
+ [*] WEB CACHE POISONING DETECTOR:
+   [✓] Cache headers appear secure.
+
+
+ [*] JS MINER & DOM HUNTER:
+   [i] Analyzing 2 JavaScript files...
+   [⚠️] DOM RISK: Found 'innerHTML' in m=cdos,cr,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi
+   [⚠️] DOM RISK: Found 'eval(' in m=cdos,cr,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi
+   [⚠️] DOM RISK: Found 'location.search' in m=cdos,cr,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi
+   [⚠️] DOM RISK: Found 'location.hash' in m=cdos,cr,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi
+   [⚠️] DOM RISK: Found 'innerHTML' in rs=AA2YrTtMySWmY-EDOJELbz3_ueBB7lVOZQ
+   [+] Found 36 crawlable endpoints:
+       > /IN?utm_source=hp_header&utm_medium=google_ooo&utm_campaign=GS100042&hl=en-IN
+       > /ServiceLogin?hl=en&passive=true&continue=https://www.google.com/%3Fgws_rd%3Dssl&ec=futura_exp_og_so_72776762_e
+       > /_/chrome/newtab
+       > /aclk
+       > /advanced_search?hl=en-IN&fg=1
+       > /client_streamz/lens_search/lens_tool_missing_client_adapter_controller
+       > /client_streamz/lens_search/lens_tool_missing_dependencies
+       > /client_streamz/lens_search/lens_tool_missing_insertion_point
+       > /complete/s
+       > /complete/search
+       ...and 26 more.
+
+
+
+ [*] API ZOMBIE (FUZZING):
+   [✓] APIs seem resilient.
+
+
+ [*] DOM EXPLOIT SUGGESTIONS for innerHTML:
+   [i] Manual Verification Required. Try these in Browser:
+       > http://google.com#<img src=x onerror=alert(1)>
+       > http://google.com?q=<svg/onload=alert(1)>
+       > http://google.com?q=<iframe src=javascript:alert(1)>
+
+
+ [*] CLOUD PIERCER (SSRF SCANNER):
+   [✓] No SSRF vectors.
+
+
+ [*] BLIND SQL INJECTION (TIME-BASED):
+   [✓] No time delays detected.
+
+
+ [*] XSS SNIPER (REFLECTED):
+   [✓] No Reflected XSS found.
+
+
+ [*] OS COMMAND INJECTION:
+   [✓] No OS injection.
+
+
+ [*] BACKUP FILE MINER:
+   [✓] No backup files exposed.
+
+
+ [*] XXE INJECTION SCANNER:
+   [✓] No XXE found.
+
+
+ [*] IDOR PATTERN HUNTER:
+   [⚠️] POTENTIAL IDOR ENDPOINTS FOUND (10):
+       1. /services/?subid=ww-ww-et-g-awa-a-g_hpbfoot1_1!o2&utm_source=google.com&utm_medium=referral&utm_campaign=google_hpbfooter&fg=1
+       2. /history/privacyadvisor/search/unauth?utm_source=googlemenu&fg=1&cctld=com
+       3. /intl/en_in/ads/?subid=ww-ww-et-g-awa-a-g_hpafoot1_1!o2&utm_source=google.com&utm_medium=referral&utm_campaign=google_hpafooter&fg=1
+       4. /history/optout?hl=en-IN&fg=1
+       5. /websearch/?p=ws_results_help&hl=en-IN&fg=1
+       > Tip: Try changing the ID to access other users' data.
+
+
+ [*] NOSQL INJECTION SCANNER:
+   [✓] No NoSQL vectors.
+
+
+ [*] LDAP INJECTION SCANNER:
+   [✓] No LDAP errors.
+
+
+ [*] RACE CONDITION HEURISTICS:
+   [✓] No race anomalies.
+
+
+ [*] MASS ASSIGNMENT:
+   [✓] No Mass Assignment found.
+
+
+ [*] PARAMETER TAMPERING (LOGIC):
+   [✓] No tampering vectors.
+
+
+ [*] HTTP PARAMETER POLLUTION (HPP):
+   [✓] No obvious HPP vectors.
+
+
+ [*] SSI INJECTION SCANNER:
+   [☠️] CRITICAL: SSI INJECTION FOUND!
+       > Target: http://google.com/setprefs?sig=
+
+
+ [*] XPATH INJECTION SCANNER:
+   [✓] No XPath injection errors detected.
+
+
+ [*] CVE CHECK:
+   [✓] No basic signature match.
+
+
+ [*] KUBERNETES & CLOUD HUNTER:
+   [✓] Kubernetes & Cloud endpoints appear secured.
+
+
+ [*] DARK INTEL (OSINT & LEAKS):
+   [i] Generated Intelligence Dorks (Manual Check Recommended):
+       > Google Query: site:pastebin.com google.com password
+       > Google Query: site:github.com google.com API_KEY
+       > Google Query: site:trello.com google.com
+       > Google Query: site:s3.amazonaws.com google.com config
+   [i] Breach Database Check:
+       > Monitoring 3 high-value accounts.
+       > Status: [INFO] Use 'H8mail' tool for deep password dumping.
+
+
+ [*] JWT TOKEN INSPECTOR:
+   [-] No JWT tokens found in scan data.
+
+
+ [*] JWT SECRET CRACKER (HS256):
+   [-] No tokens found.
+
+
+ [*] TECH STACK:
+
+
+ [*] WEAPONIZER:
+   [WEB] nikto -h google.com
+
+
+ [*] METASPLOIT SCRIPT (RCE):
+workspace -a google.com
+db_nmap -sV google.com
+use auxiliary/scanner/http/dir_scanner
+set RHOSTS google.com
+run
+[i] Save as 'attack.rc' and run: msfconsole -r attack.rc
+
+
+ [*] CORTEX AI STRATEGY (BLUEPRINT):
+   [i] Target is hardened. Recommended: Social Engineering or Phishing.
+
+╔══════════════════════════════════════════════════════╗
+║               MISSION DEBRIEF / SUMMARY              ║
+╠═════════════════════════════╦════════════════════════╣
+║ Target                      ║ google.com             ║
+║ Duration                    ║ 245.13s                ║
+║ Risk Score                  ║ 100/100                ║
+╚═════════════════════════════╩════════════════════════╝
+```
+
 ---
 
 ---