Scan website for vulnerabilities with Uniscan Kali Linux tut
Welcome back, in this tutorial you will learn how to scan and fingerprint a web server or device to find vulnerabilities. To achieve this we will be using a tool called Uniscan.
This tutorial will require a Linux Operating system we recommend installing Kali Linux if you have not already done so.
Requirements:
Kali Linux
Uniscan (Comes Pre-Installed in Kali Linux)
What is Uniscan ? Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner that was written in Perl by Douglas Poerschke Roch.
Installing Uniscan
root@kali:~# apt-get install uniscanlisting usage: You can use command uniscan -h to list help options and display usage.
root@kali:~# uniscan -h #################################### # Uniscan project # # http://uniscan.sourceforge.net/ # #################################### V. 6.2 OPTIONS: -h help -u <url> example: https://www.example.com/ -f <file> list of url's -b Uniscan go to background -q Enable Directory checks -w Enable File checks -e Enable robots.txt and sitemap.xml check -d Enable Dynamic checks -s Enable Static checks -r Enable Stress checks -i <dork> Bing search -o <dork> Google search -g Web fingerprint -j Server fingerprint usage: [1] perl ./uniscan.pl -u http://www.example.com/ -qweds [2] perl ./uniscan.pl -f sites.txt -bqweds [3] perl ./uniscan.pl -i uniscan [4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx" [5] perl ./uniscan.pl -o "inurl:test" [6] perl ./uniscan.pl -u https://www.example.com/ -r
Uniscan Usage Example
Open a new terminal and enter the following command this will start finger printing and scanning the target web server for vulnerabilities.
Replace URL with target URL.uniscan.pl -u http://www.example.com/ -qweds
In this tutorial I will be running Uniscan using options – qwedsgj
What these options do.uniscan.pl -u http://www.example.com/ -qwedsgj
-q Enable Directory checks -w Enable File checks -e Enable robots.txt and sitemap.xml check -d Enable Dynamic checks -s Enable Static checks -g Web fingerprint -j Server fingerprint
Uniscan GUI
Uniscan also has a GUI for those who prefer a graphical interface.
To access Uniscan-Gui we can use the following command from a new terminal.
uniscan-gui