Scan website for vulnerabilities with Uniscan Kali Linux tut
Welcome back, in this tutorial you will learn how to scan and fingerprint a web server or device to find vulnerabilities. To achieve this we will be using a tool called Uniscan.
This tutorial will require a Linux Operating system we recommend installing Kali Linux if you have not already done so.
Requirements:
Kali Linux
Uniscan (Comes Pre-Installed in Kali Linux)
What is Uniscan ? Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner that was written in Perl by Douglas Poerschke Roch.
Installing Uniscan
root@kali:~# apt-get install uniscanlisting usage: You can use command uniscan -h to list help options and display usage.root@kali:~# uniscan -h
####################################
# Uniscan project #
# http://uniscan.sourceforge.net/ #
####################################
V. 6.2
OPTIONS:
-h help
-u <url> example: https://www.example.com/
-f <file> list of url's
-b Uniscan go to background
-q Enable Directory checks
-w Enable File checks
-e Enable robots.txt and sitemap.xml check
-d Enable Dynamic checks
-s Enable Static checks
-r Enable Stress checks
-i <dork> Bing search
-o <dork> Google search
-g Web fingerprint
-j Server fingerprint
usage:
[1] perl ./uniscan.pl -u http://www.example.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
[5] perl ./uniscan.pl -o "inurl:test"
[6] perl ./uniscan.pl -u https://www.example.com/ -r
Uniscan Usage Example
Open a new terminal and enter the following command this will start finger printing and scanning the target web server for vulnerabilities.
Replace URL with target URL.uniscan.pl -u http://www.example.com/ -qweds
In this tutorial I will be running Uniscan using options � qwedsgj
What these options do.uniscan.pl -u http://www.example.com/ -qwedsgj
-q Enable Directory checks
-w Enable File checks
-e Enable robots.txt and sitemap.xml check
-d Enable Dynamic checks
-s Enable Static checks
-g Web fingerprint
-j Server fingerprint
Uniscan GUI
Uniscan also has a GUI for those who prefer a graphical interface.
To access Uniscan-Gui we can use the following command from a new terminal.
uniscan-gui
No comments:
Post a Comment