How to find website vulnerabilities in Kali Linux 2017 - Uniscan


Welcome back, in this tutorial you will learn how to scan and fingerprint a web server or device to find vulnerabilities. To achieve this we will be using a tool called Uniscan.Uniscan is a vulnerability scanner that can scan websites and web applications for various security issues like LFI, RFI, sql injection, xss etc.

This tutorial will require a Linux Operating system we recommend installing Kali Linux if you have not ,just visit the link how to install kali linux in vmware workstation.


Let Start to find website vulnerabilities in Kali Linux - Uniscan


Step 1. Firstly, you have to start your Terminal(Kali Linux Command Prompt)


After that just type Uniscan and hit enter.


How to find website vulnerabilities in Kali Linux - Uniscan

Step 2.Type Uniscan -u WebsiteUrl


with this tutorial i have used this webisite url ,you can use any webisite url which you want to find vulnerabilities of that website.



How to find website vulnerabilities in Kali Linux - Uniscan

Step 3.To open the file.just following the saved path url


cd /usr/share/report

ls

firefox savefilename (ex. :- firefox www.techtrick.in.html).


How to find website vulnerabilities in Kali Linux - Uniscan

Lets start with find all webisite vulnerabilities


Step 1.Type Uniscan -u WebsiteUrl -qweds


with this tutorial i have used this webisite url ,you can use any webisite url which you want to find vulnerabilities of that website.


OPTIONS:
  • -h help
  • -u example: https://www.example.com/
  • -f list of urls
  • -b Uniscan go to background
  • -q Enable Directory checks
  • -w Enable File checks
  • -e Enable robots.txt and sitemap.xml check
  • -d Enable Dynamic checks
  • -s Enable Static checks
  • -r Enable Stress checks
  • -i Bing search
  • -o Google search
  • -g Web fingerprint
  • -j Server fingerprint

How to find website vulnerabilities in Kali Linux - Uniscan


How to find website vulnerabilities in Kali Linux - Uniscan


How to find website vulnerabilities in Kali Linux - Uniscan


How to find website vulnerabilities in Kali Linux - Uniscan

| Crawler Started :
  • | Plugin name: Code Disclosure v.1.1 Loaded.
  • | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
  • | Plugin name: External Host Detect v.1.2 Loaded.
  • | Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
  • | Plugin name: Upload Form Detect v.1.1 Loaded.
  • | Plugin name: FCKeditor upload test v.1 Loaded.
  • | Plugin name: E-mail Detection v.1.1 Loaded.
  • | Plugin name: phpinfo() Disclosure v.1 Loaded.
  • | [+] Crawling finished, 91 URLs found!

How to find website vulnerabilities in Kali Linux - Uniscan

| Dynamic tests:
  • | Plugin name: Learning New Directories v.1.2 Loaded.
  • | Plugin name: FCKedior tests v.1.1 Loaded.
  • | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
  • | Plugin name: Find Backup Files v.1.2 Loaded.
  • | Plugin name: Blind SQL-injection tests v.1.3 Loaded.
  • | Plugin name: Local File Include tests v.1.1 Loaded.
  • | Plugin name: PHP CGI Argument Injection v.1.1 Loaded.
  • | Plugin name: Remote Command Execution tests v.1.1 Loaded.
  • | Plugin name: Remote File Include tests v.1.2 Loaded.
  • | Plugin name: SQL-injection tests v.1.2 Loaded.
  • | Plugin name: Cross-Site Scripting tests v.1.2 Loaded.
  • | Plugin name: Web Shell Finder v.1.3 Loaded.
  • | [+] 0 New directories added

Step 2.To open the file.just following the saved path url


cd /usr/share/report

ls

firefox savefilename (ex. :- firefox www.techtrick.in.html).


How to find website vulnerabilities in Kali Linux - Uniscan


Lets start with find all website urls vulnerabilities in your hosted server


Step 1.uniscan -i "ip: serverip"


How to find website vulnerabilities in Kali Linux - Uniscan

Step 2.To open if leafpad

leafpad sites.txt



How to find website vulnerabilities in Kali Linux - Uniscan

Here you can used lots of commands like :-



OPTIONS:
  • -h help
  • -u example: https://www.example.com/
  • -f list of urls
  • -b Uniscan go to background
  • -q Enable Directory checks
  • -w Enable File checks
  • -e Enable robots.txt and sitemap.xml check
  • -d Enable Dynamic checks
  • -s Enable Static checks
  • -r Enable Stress checks
  • -i Bing search
  • -o Google search
  • -g Web fingerprint
  • -j Server fingerprint

usage:
  • [1] perl ./uniscan.pl -u http://www.example.com/ -qweds
  • [2] perl ./uniscan.pl -f sites.txt -bqweds
  • [3] perl ./uniscan.pl -i uniscan
  • [4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
  • [5] perl ./uniscan.pl -o "inurl:test"
  • [6] perl ./uniscan.pl -u https://www.example.com/ -r


For References :-




I hope you enjoyed this article.



Sharing is caring

google
linkedin

About Author

Akash is a co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email (akashchugh1994@gmail.com).


You may also like :-




Leave a Comment

Your email address will not be published. Required fields are marked *




Stay Connected

Popular Posts

Get Latest Stuff Through Email


Who Should Read TechTrick?

All the tricks and tips that TechTrick provides only for educational purpose. If you choose to use the information in TechTrick to break into computer systems maliciously and without authorization, you are on your own. Neither I (TechTrick Admin) nor anyone else associated with TechTrick shall be liable. We are not responsibe for any issues that caused due to informations provided here. So, Try yourself and see the results. You are not losing anything by trying... We are humans, Mistakes are quite natural. Here on TechTrick also have many mistakes..