Advertisements

Scan website for vulnerabilities with Uniscan

Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.

Requirements:
Kali Linux
Uniscan (Comes Pre-Installed in Kali Linux)

Installing Uniscan

root@kali:~# apt-get install uniscan

listing usage: You can use command uniscan -h to list help options and display usage.

root@kali:~# uniscan -h
####################################
# Uniscan project                  #
# http://uniscan.sourceforge.net/  #
####################################
V. 6.2


OPTIONS:
    -h  help
    -u  <url> example: https://www.example.com/
    -f  <file> list of url's
    -b  Uniscan go to background
    -q  Enable Directory checks
    -w  Enable File checks
    -e  Enable robots.txt and sitemap.xml check
    -d  Enable Dynamic checks
    -s  Enable Static checks
    -r  Enable Stress checks
    -i  <dork> Bing search
    -o  <dork> Google search
    -g  Web fingerprint
    -j  Server fingerprint

usage:
[1] perl ./uniscan.pl -u http://www.example.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
[5] perl ./uniscan.pl -o "inurl:test"
[6] perl ./uniscan.pl -u https://www.example.com/ -r


Uniscan Usage Example

Open a new terminal and enter the following command this will start finger printing and scanning the target web server for vulnerabilities.

uniscan.pl -u http://www.example.com/ -qweds

Replace URL with target URL.

In this tutorial I will be running Uniscan using options – qwedsgj

uniscan.pl -u http://www.example.com/ -qwedsgj

What these options do.

    -q  Enable Directory checks
    -w  Enable File checks
    -e  Enable robots.txt and sitemap.xml check
    -d  Enable Dynamic checks
    -s  Enable Static checks  
    -g  Web fingerprint
    -j  Server fingerprint

Uniscan GUI

Uniscan also has a GUI for those who prefer a graphical interface.
To access Uniscan-Gui we can use the following command from a new terminal.

# uniscan-gui

 

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements
Advertisements
Advertisements
Advertisements
%d bloggers like this: