Never Ending Security

It starts all here

Scan website for vulnerabilities with Uniscan

Uniscan is a vulnerability scanner that can scan websites and web applications for various security issues like LFI, RFI, sql injection, xss etc. Its written in perl. Its open source and can be downloaded from sourceforge project page at

It is included in backtrack and can be found at the following directory


In the Backtrack menu its located at Vulnerability Assessment > Web Application Assessment > Web Vulnerability Scanner > uniscan.

On kali linux run it directly from terminal by issuing the command ‘uniscan’.

In this post we shall learn how to use this tool to scan websites. Usage is quite simple. Run the script to see the options and examples

Basic scanning

root@kali:~# uniscan
# Uniscan project                  #
#  #
V. 6.2

	-h 	help
	-u 	<url> example:
	-f 	<file> list of url's
	-b 	Uniscan go to background
	-q 	Enable Directory checks
	-w 	Enable File checks
	-e 	Enable robots.txt and sitemap.xml check
	-d 	Enable Dynamic checks
	-s 	Enable Static checks
	-r 	Enable Stress checks
	-i 	<dork> Bing search
	-o 	<dork> Google search
	-g 	Web fingerprint
	-j 	Server fingerprint

[1] perl ./ -u -qweds
[2] perl ./ -f sites.txt -bqweds
[3] perl ./ -i uniscan
[4] perl ./ -i ""
[5] perl ./ -o "inurl:test"
[6] perl ./ -u -r

The usage section shows examples on using it. To scan a website, use the first example from the usage section.

root@kali:~# uniscan -u -qweds

The above example scans a single url. With the f option multiple sites can be put under the scanner. The list has to be provided as a txt file.


With the option ‘j’ uniscan would fingerprint the server of the url. Server fingerprinting simply runs commands like ping, traceroute, nslookup, nmap on the server ip address and packs the results together.

root@kali:~# uniscan -u -j

Another option is ‘g’ which does web based fingerprinting. It looks up specific urls.

root@kali:~# uniscan -u -g

Searching google and bing

Apart from scanning websites, uniscan has another cool feature of performing google and bing searches and collecting the results in a simple text file. The i option can be used for searching bing and o operator for google. To search bing for all domains hosted on a given ip address issue the following command

root@kali:~# uniscan -i ""

Replace the x with the ip. The results are saved in a file called sites.txt which can be found at ‘/usr/share/uniscan’. They should ideally be saved in the home directory of the user or the working directory.

To search google using a term

root@kali:~# uniscan -o 'inurl:"section.php?id="'

However google will block too many automated search queries. So use the tool carefully.


7 responses to “Scan website for vulnerabilities with Uniscan

  1. Tim 25 May 2015 at 23:02

    Have you ever thought about publishing an e-book or guest authoring on other sites?
    I have a blog based on the same information you discuss and
    would love to have you share some stories/information. I know my
    audience would appreciate your work. If you are even remotely interested, feel free to shoot me an e-mail.

    • NeverEndingSecurity 26 May 2015 at 09:43

      Thanks for your message, but sorry i don’t have the time for those kind of things right now

  2. Music Making Software 16 May 2015 at 10:54

    Undeniably believe that which you stated. Your favorite
    reason appeared to be on the web the easiest thing to be aware
    of. I say to you, I definitely get annoyed while people think about
    worries that they plainly do not know about. You managed to hit the nail upon the top and defined out the whole thing without having side
    effect , people could take a signal. Will probably be back to get more.

  3. data entry jobs in mumbai} 27 April 2015 at 15:32

    The other day, while I was at work, my cousin stole my apple ipad and tested to see if it can survive a
    40 foot drop, just so she can be a youtube sensation. My apple
    ipad is now destroyed and she has 83 views. I know this is totally off topic but I had to
    share it with someone!

  4. flats for sale in bangalore 26 April 2015 at 04:41

    Thanks on your marvelous posting! I really enjoyed reading it, you could be a great
    author.I will remember to bookmark your blog and definitely
    will come back in the future. I want to encourage you continue your great work,
    have a nice morning!

  5. properties in bangalore 25 April 2015 at 17:26

    Asking questions are really good thing if you are not understanding
    something entirely, however this piece of writing gives good understanding even.

  6. venorex 9 April 2015 at 19:43

    The vein is punctured close to the knee or ankle, relying
    on which part of the vein is being handled, and a effective laser
    probe is inserted.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s