In this post we’re going to discuss an automated vulnerability discovery tool for websites – Uniscan. This tool is the creation of SourceForge Project and is written in perl language.
It scan websites and web applications for various security issues like SQLi, RFI, LFI, XSS etc.For this tutorial, we are going to use Kali Linux because Uniscan is preinstalled and it saves us a lot of hassle. If you don’t have kali linux installed or cannot figure out how to install it, I would recommend taking a look at my previous post – How To Install Kali Linux.Running and using Uniscan is quite simple, just open up a Terminal Window and type ‘uniscan‘ and the list of options and examples will be listed.
It scan websites and web applications for various security issues like SQLi, RFI, LFI, XSS etc.For this tutorial, we are going to use Kali Linux because Uniscan is preinstalled and it saves us a lot of hassle. If you don’t have kali linux installed or cannot figure out how to install it, I would recommend taking a look at my previous post – How To Install Kali Linux.Running and using Uniscan is quite simple, just open up a Terminal Window and type ‘uniscan‘ and the list of options and examples will be listed.
Check Out : Easy Ways To Prevent DDOS Attacks
Scanning :-
In the image above under the Usage heading examples are given on using Uniscan, try the first option.
The above example scans a single url for basic information.
Fingerprinting :-
With the option ‘j’ uniscan would fingerprint the server of the url. Server fingerprinting simply runs commands like ping, traceroute, nslookup, nmap on the server ip address and packs the results together.
Another option is ‘g’ which does web based fingerprinting. It looks up specific urls.
Search The Search Engines :-
Uniscan can also perform bing and google searches and store the result in a text file. The i option can be used for searching bing and o operator for google. To search bing for all domains hosted on a given ip address issue the following command :
Replace the x’s with your target ip. The results are saved in a file called sites.txt which can be found at ‘/usr/share/uniscan’. They should ideally be saved in the home directory of the user or the working directory.
For searching google, use the following command :
Use this tool carefully because google may block too many automated search queries.
As the internet is endless so are the possibilities of using this tool. So go and find those vulnerabilities on them websites.
Source
Enjoy..!!
This is great stuff man. I’m trying to break into the world of internet security and your blog is very helpful. Keep up the good work.
Thanks Alex. It’s great to know that readers are finding my articles useful.