Scan website for vulnerabilities in Kali Linux using Uniscan

October 27, 2015 How to, Kali Linux, Scanning, Security Leave a comment

Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner. It’s a very simple yet quite powerful tool to scan website for vulnerabilities in Kali Linux (or any Linux as a matter of fact). It does the job fast and without hassle. You don’t need too much experience to run it, but you might need a good Internet connection and a very long time.

Uniscan got a text or CLI based scanner and a Graphical interface. You can use either but I found CLI to be somewhat faster. But I could be wrong.

Uniscan Help Menu - Click to expand 

root@kali:~# uniscan -h
####################################
# Uniscan project                  #
# http://uniscan.sourceforge.net/  #
####################################
V. 6.3


OPTIONS:
    -h     help
    -u     <url> example: https://www.example.com/
    -f     <file> list of url's
    -b     Uniscan go to background
    -q     Enable Directory checks
    -w     Enable File checks
    -e     Enable robots.txt and sitemap.xml check
    -d     Enable Dynamic checks
    -s     Enable Static checks
    -r     Enable Stress checks
    -i     <dork> Bing search
    -o     <dork> Google search
    -g     Web fingerprint
    -j     Server fingerprint

usage: 
[1] perl ./uniscan.pl -u http://www.example.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
[5] perl ./uniscan.pl -o "inurl:test"
[6] perl ./uniscan.pl -u https://www.example.com/ -r
root@kali:~#

Scanning websites using Uniscan

Scan the given URL (-u http://192.168.1.202/) for vulnerabilities, enabling directory and dynamic checks (-qd):

root@kali:~# uniscan -u http://somesite.com/ -qd
 ####################################
 # Uniscan project                  #
 # http://uniscan.sourceforge.net/  #
 ####################################

Scan website for vulnerabilities in Kali Linux using Uniscan - blackMORE Ops 3

Scanning website using Uniscan-GUI

First run uniscan-gui using the following command from your terminal:

root@kali:~# uniscan-gui

In the GUI you type in the URL of the target site and select the checks you want to perform. Press Start Scan and off you go.

Scan website for vulnerabilities in Kali Linux using Uniscan - blackMORE Ops 4

If you want to check everything, it’s better off using uniscan from command line with a -b flag to have uniscan running in background. For example:

root@kali:~# uniscan -u test-a.blackmoreops.com -bqdw

There’s many other tools and I will discuss them in time. In the meantime you can use few tools like hping3, slowloris, GoldenEye etc. to do stress testing

Source: http://sourceforge.net/projects/uniscan/

Check Also

Whispers: A Powerful Static Code Analysis Tool for Credential Detection

“My little birds are everywhere, even in the North, they whisper to me the strangest …

Enabling AMD GPU for Hashcat on Kali Linux: A Quick Guide

Enabling AMD GPU for Hashcat on Kali Linux: A Quick Guide

If you’ve encountered an issue where Hashcat initially only recognizes your CPU and not the …

Leave your solution or comment to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Designed by blackMORE Ops
© Copyright 2024, All Rights Reserved

Discover more from blackMORE Ops

Subscribe now to keep reading and get access to the full archive.

Continue reading

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.

Facebook