Uniscan is a unproblematic Remote File Include, Local File Include together with Remote Command Execution vulnerability scanner. It’s a rattling unproblematic nonetheless quite powerful tool to scan website for vulnerabilities inwards Kali Linux (or whatever Linux every bit a affair of fact). It does the task fast together with without hassle. You don’t demand likewise much sense to run it, merely y'all powerfulness demand a practiced Internet connectedness together with a rattling long time.
Uniscan got a text or CLI based scanner together with a Graphical interface. You tin role either merely I industrial plant life CLI to move somewhat faster. But I could move wrong.
Uniscan Help Menu - Click to expand
Uniscan Help Menu - Click to expand
root@kali: # uniscan -h
####################################
# Uniscan projection #
# http://uniscan.sourceforge.net/ #
####################################
V. 6.3
OPTIONS:
-h help
-u <url> example: https://www.example.com/
-f <file> listing of url's
-b Uniscan larn to background
-q Enable Directory checks
-w Enable File checks
-e Enable robots.txt together with sitemap.xml check
-d Enable Dynamic checks
-s Enable Static checks
-r Enable Stress checks
-i <dork> Bing search
-o <dork> Google search
-g Web fingerprint
-j Server fingerprint
usage:
[1] perl ./uniscan.pl -u http://www.example.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
[5] perl ./uniscan.pl -o "inurl:test"
[6] perl ./uniscan.pl -u https://www.example.com/ -r
root@kali: #
Scanning websites using Uniscan
Scan the given URL (-u http://192.168.1.202/) for vulnerabilities, enabling directory together with dynamic checks (-qd):
root@kali: # uniscan -u http://somesite.com/ -qd
####################################
# Uniscan projection #
# http://uniscan.sourceforge.net/ #
####################################
Scanning website using Uniscan-GUI
First run uniscan-gui using the next ascendency from your terminal:
In the GUI y'all type inwards the URL of the target site together with choose the checks y'all desire to perform. Press Start Scan together with off y'all go.
If y'all desire to depository fiscal establishment represent everything, it’s amend off using uniscan from ascendency business amongst a -b flag to accept uniscan running inwards background. For example:
root@kali: # uniscan -u test-a.technoused.blogspot.com -bqdw
There’s many other tools together with I volition utter over them inwards time. In the meantime y'all tin role few tools similar hping3, slowloris, GoldenEye etc. to create stress testing
Source: http://sourceforge.net/projects/uniscan/
