Hello World,

Want To Know How to Scan Website Vulnerabilities and Weakness? if yes read this entire post.

You will learn how to scan and fingerprint a web server or device to find vulnerabilities and its weakness. To achieve the targeted objectives for vulnerabilities we will be using a tool called “Uniscan”.

To Complete this entire task note that you have Linux Operating System Install on your PC. 

Required Tools:

 

Kali Linux Uniscan is a tool that is builtin in Linux operating system it comes up with Pre-Installed in Kali Linux.

What is Uniscan?

Uniscan is a Unique Remote File tool that includes, Local Files and Remote Command Execution vulnerability scanner that was written in Perl by Douglas Poerschke Roch.

How to install Unican?

Type Following Commands in your Linux Terminal 

apt-get install uniscan
 
 

Note: If these results appear it means you have already installed an updated version of Uniscan

Now Starting scanning Vulnerabilities of Specific Website, in this Tutorial, we are taking an example of any random website through google search results.

Type Following Single Command to View Options How you can operate Uniscan tool, and its usage.

root@kali:~# uniscan
####################################
# Uniscan project #
# http://uniscan.sourceforge.net/ #
####################################
V. 6.3

OPTIONS:
-h help
-u example: https://www.example.com/
-f list of url’s
-b Uniscan go to background
-q Enable Directory checks
-w Enable File checks
-e Enable robots.txt and sitemap.xml check
-d Enable Dynamic checks
-s Enable Static checks
-r Enable Stress checks
-i Bing search
-o Google search
-g Web fingerprint
-j Server fingerprint

usage:
[1] perl ./uniscan.pl -u http://www.example.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i “ip:xxx.xxx.xxx.xxx”
[5] perl ./uniscan.pl -o “inurl:test”
[6] perl ./uniscan.pl -u https://www.example.com/ -r

 

How to Scan Website

Open a new terminal and enter the following command this will start fingerprinting and scanning the target web server for vulnerabilities.

uniscan -u https://thenextweb.com// 

 

Note: A file will be saved as Report in uniscan directory in HTML.

You can type this command to see your report file.

cd /usr/share/uniscan

 

To located File Type

ls

 

How we can Scan Dynamic Check and Static Information about website?

To check dynamic and Static check type following commands, this will take several minutes to accumulate information about a specific website.

uniscan -u http://ww.thenextweb.com -qweds
 
 

usr/share/uniscan/report# uniscan -u http://ww.thenextweb.com -qweds
####################################
# Uniscan project #
# http://uniscan.sourceforge.net/ #
####################################
V. 6.3

Scan date: 22-11-2019 16:30:20
===================================================================================================
| Domain: http://ww.thenextweb.com/
Use of uninitialized value in unpack at /usr/share/uniscan/Uniscan/Functions.pm line 62.
| IP:
Use of uninitialized value in unpack at /usr/share/uniscan/Uniscan/Functions.pm line 62.
===================================================================================================
|
| Directory check:
| Skipped because http://ww.thenextweb.com/uniscan503/ did not return the code 404
===================================================================================================
|
| File check:
| Skipped because http://ww.thenextweb.com/uniscan427/ did not return the code 404
===================================================================================================
|
| Check robots.txt:
|
| Check sitemap.xml:
===================================================================================================
|
| Crawler Started:
| Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
| Plugin name: Code Disclosure v.1.1 Loaded.
| Plugin name: E-mail Detection v.1.1 Loaded.
| Plugin name: Upload Form Detect v.1.1 Loaded.
| Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
| Plugin name: External Host Detect v.1.2 Loaded.
| Plugin name: FCKeditor upload test v.1 Loaded.
| Plugin name: phpinfo() Disclosure v.1 Loaded.
| [+] Crawling finished, 1 URL’s found!
|
| Web Backdoors:
|
| Source Code Disclosure:
|
| E-mails:
|
| File Upload Forms:
|
| Timthumb:
|
| External hosts:
|
| FCKeditor File Upload:
|
| PHPinfo() Disclosure:
|
| Ignored Files:
===================================================================================================
| Dynamic tests:
| Plugin name: Learning New Directories v.1.2 Loaded.
| Plugin name: FCKedior tests v.1.1 Loaded.
| Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
| Plugin name: Find Backup Files v.1.2 Loaded.
| Plugin name: Blind SQL-injection tests v.1.3 Loaded.
| Plugin name: Local File Include tests v.1.1 Loaded.
| Plugin name: PHP CGI Argument Injection v.1.1 Loaded.
| Plugin name: Remote Command Execution tests v.1.1 Loaded.
| Plugin name: Remote File Include tests v.1.2 Loaded.
| Plugin name: SQL-injection tests v.1.2 Loaded.
| Plugin name: Cross-Site Scripting tests v.1.2 Loaded.
| Plugin name: Web Shell Finder v.1.3 Loaded.
| [+] 0 New directories added
|
|
| FCKeditor tests:
| Skipped because http://ww.thenextweb.com/testing123 did not return the code 404
|
|
| Timthumb < 1.33 vulnerability:
|
|
| Backup Files:
| Skipped because http://ww.thenextweb.com/testing123 did not return the code 404
|
|
| Blind SQL Injection:
|
|
| Local File Include:
|
|
| PHP CGI Argument Injection:
|
|
| Remote Command Execution:
|
|
| Remote File Include:
|
|
| SQL Injection:
|
|
| Cross-Site Scripting (XSS):
|
|
| Web Shell Finder:
===================================================================================================
| Static tests:
| Plugin name: Local File Include tests v.1.1 Loaded.
| Plugin name: Remote Command Execution tests v.1.1 Loaded.
| Plugin name: Remote File Include tests v.1.1 Loaded.
|
|
| Local File Include:
|
|
| Remote Command Execution:
|
|
| Remote File Include:
[*] Remaining tests: 1967

 

Thank You if you like this Post, Please Do Share With Your Social Media Friends.

Author Profile

Muhammad Faraz Jamil
I am a passionate Web Developer and WordPress Expert who has completed a Masters in Accounting & Finance. I have exceptional technical and analytical skills, with expertise in WordPress, PHP, MySQL, HTML, CSS, JavaScript, JQuery, Google Cloud Computing and profound knowledge of SEO, Keywords Research, Competitor Analysis, and Content Writing. Additionally, I have worked extensively in developing websites and comprehend the capabilities of different browsers. Furthermore, I am competent in building strategies regarding Cloud Server Working Virtually on VM or VMBOX too.
1 Share
Share via
Copy link
Powered by Social Snap