Skip to main content

Scan website for vulnerabilities with Uniscan Kali Linux Tutorial


Scan website for vulnerabilities with Uniscan Kali Linux tut


Welcome back, in this tutorial you will learn how to scan and fingerprint a web server or device to find vulnerabilities.  To achieve this we will be using a tool called Uniscan.
This tutorial will require a Linux Operating system we recommend installing Kali Linux if you have not already done so.
Requirements:
Kali Linux
Uniscan (Comes Pre-Installed in Kali Linux)
What is Uniscan ? Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner that was written in Perl by Douglas Poerschke Roch.
Installing Uniscan

root@kali:~# apt-get install uniscan
listing usage: You can use command uniscan -h to list help options and display usage.
root@kali:~# uniscan -h
####################################
# Uniscan project                  #
# http://uniscan.sourceforge.net/  #
####################################
V. 6.2


OPTIONS:
    -h  help
    -u  <url> example: https://www.example.com/
    -f  <file> list of url's
    -b  Uniscan go to background
    -q  Enable Directory checks
    -w  Enable File checks
    -e  Enable robots.txt and sitemap.xml check
    -d  Enable Dynamic checks
    -s  Enable Static checks
    -r  Enable Stress checks
    -i  <dork> Bing search
    -o  <dork> Google search
    -g  Web fingerprint
    -j  Server fingerprint

usage:
[1] perl ./uniscan.pl -u http://www.example.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
[5] perl ./uniscan.pl -o "inurl:test"
[6] perl ./uniscan.pl -u https://www.example.com/ -r

Uniscan Usage Example

Open a new terminal and enter the following command this will start finger printing and scanning the target web server for vulnerabilities.
uniscan.pl -u http://www.example.com/ -qweds
Replace URL with target URL.
In this tutorial I will be running Uniscan using options – qwedsgj
uniscan.pl -u http://www.example.com/ -qwedsgj
What these options do.
    -q  Enable Directory checks
    -w  Enable File checks
    -e  Enable robots.txt and sitemap.xml check
    -d  Enable Dynamic checks
    -s  Enable Static checks  
    -g  Web fingerprint
    -j  Server fingerprint

Uniscan GUI
Uniscan also has a GUI for those who prefer a graphical interface.
To access Uniscan-Gui we can use the following command from a new terminal.
uniscan-gui