Scan website for vulnerabilities with Uniscan Kali Linux Tutorial

1
18898
linux-tutorials

Welcome back, in this tutorial you will learn how to scan and fingerprint a web server or device to find vulnerabilities.  To achieve this we will be using a tool called Uniscan.

This tutorial will require a Linux Operating system we recommend installing Kali Linux if you have not already done so.

Requirements:
Kali Linux
Uniscan (Comes Pre-Installed in Kali Linux)

What is Uniscan ? Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner that was written in Perl by Douglas Poerschke Roch.

Installing Uniscan

root@kali:~# apt-get install uniscan

listing usage: You can use command uniscan -h to list help options and display usage.

root@kali:~# uniscan -h
####################################
# Uniscan project                  #
# http://uniscan.sourceforge.net/  #
####################################
V. 6.2


OPTIONS:
    -h  help
    -u  <url> example: https://www.example.com/
    -f  <file> list of url's
    -b  Uniscan go to background
    -q  Enable Directory checks
    -w  Enable File checks
    -e  Enable robots.txt and sitemap.xml check
    -d  Enable Dynamic checks
    -s  Enable Static checks
    -r  Enable Stress checks
    -i  <dork> Bing search
    -o  <dork> Google search
    -g  Web fingerprint
    -j  Server fingerprint

usage:
[1] perl ./uniscan.pl -u http://www.example.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
[5] perl ./uniscan.pl -o "inurl:test"
[6] perl ./uniscan.pl -u https://www.example.com/ -r


Uniscan Usage Example

Open a new terminal and enter the following command this will start finger printing and scanning the target web server for vulnerabilities.

uniscan.pl -u http://www.example.com/ -qweds

Replace URL with target URL.

In this tutorial I will be running Uniscan using options – qwedsgj

uniscan.pl -u http://www.example.com/ -qwedsgj

What these options do.

    -q  Enable Directory checks
    -w  Enable File checks
    -e  Enable robots.txt and sitemap.xml check
    -d  Enable Dynamic checks
    -s  Enable Static checks  
    -g  Web fingerprint
    -j  Server fingerprint

Uniscan GUI

Uniscan also has a GUI for those who prefer a graphical interface.
To access Uniscan-Gui we can use the following command from a new terminal.

# uniscan-gui

 

 

Comments

comments