 |
| uniscan |
UNISCAN a popular linux based tool for scanning vulnerabilities in website or web application running on server. Security Pentesters have found it very useful for different type of enumeration such as for collecting information about the web application and server and also to find vulnerabilities in the web application.
uniscan is a Perl based tool and is easy to use and which comes preloaded with Kali Linux but you can also run this Perl script on other linux platforms too and you can download it from here.
Get Started
Now to start this tool in Kali Linux you can simply type the command for its options in the terminal of Kali Linux.
uniscanThis command will give you its all the option,s which you can use to pentest and scan the website security.
 |
| uniscan |
You can use the listed options to penetrate the website security which are following.
OPTIONS:
-h help
-u <url> example: https://www.example.com/
-f <file> list of url's
-b Uniscan go to background
-q Enable Directory checks
-w Enable File checks
-e Enable robots.txt and sitemap.xml check
-d Enable Dynamic checks
-s Enable Static checks
-r Enable Stress checks
-i <dork> Bing search
-o <dork> Google search
-g Web fingerprint
-j Server fingerprint
To use uniscan , type " uniscan " in the terminal <space> after name of the command such as for pointing to the website domain name we will use " -u " after <space> and the domain name with <space> and other commands such as -w , -q -s -r , etc like in the below example.
uniscan.pl -u http://blog.securityfuse.com/ -q-w-e-d-s
Or to make it easy for you , you can also type in this way as stated below.
uniscan -u blog.securityfuse.com -qweds
From which we have commanded it to perform the following tasks.
- -q for brute forcing and checking the directories / folders
- -w for listing the working files or for checking the files
- -e for checking files stated in robots.txt or site.xml
- -d for dynamics checks
- -s for static checks
From this we can also find the details of a server by using the below command.
uniscan.pl -i "ip:127.0.0.1"
Before scanning you can simply change the ip address 127.0.0.1 with your targeted server.
Moreover if you have more than one website or servers you can also perform a mass security scan by providing uniscan list of the website,s in a text file and by commanding -f after <space> and file name , example :-
uniscan.pl -f sites.txt -bqweds
Also you can use Google dork with uniscan in this way you can scan the websites in mass and in series such as if a website have subdomains and you are looking forward to scan the sub-domains of the website we know that to find sub-domains using google dork we use " site:securityfuse.com " and we can combine it with uniscan by using -o command like in the below example.
uniscan.pl -o "site:test"
Hope you learned much from this tutorial , dont forget to connect to our facebook fan page and also dont forget to share , because sharing is caring.
Visitors are strictly tend to follow the terms and conditions and The content provided on this page is the authority of Security Fuse and the content provided is only for educational purpose. Security Fuse is not responsible for any of the act caused by viewers after reading the content from *.securityfuse.com. our aim is to provide a quality information on Cyber Security and exploitation and the knowledge is only for peace and educational purpose.
Great information regarding tool hope you will cover all steps of pentesting
ReplyDeletethis awesome @Ahmed Mehtab u are amazing thx for ur help
ReplyDeleteNice Article, read now Haalim Episode 15 here.
ReplyDelete