Scan website for vulnerabilities with Uniscan

Uniscan is a vulnerability scanner that can scan websites and web applications for various security issues like LFI, RFI, sql injection, xss etc. Its written in perl. Its open source and can be downloaded from sourceforge project page at http://sourceforge.net/projects/uniscan/.

It is included in backtrack and can be found at the following directory

/pentest/web/uniscan

In the Backtrack menu its located at Vulnerability Assessment > Web Application Assessment > Web Vulnerability Scanner > uniscan.

On kali linux run it directly from terminal by issuing the command ‘uniscan’.

In this post we shall learn how to use this tool to scan websites. Usage is quite simple. Run the script uniscan.pl to see the options and examples

Basic scanning

root@kali:~# uniscan
####################################
# Uniscan project                  #
# http://uniscan.sourceforge.net/  #
####################################
V. 6.2


OPTIONS:
	-h 	help
	-u 	<url> example: https://www.example.com/
	-f 	<file> list of url's
	-b 	Uniscan go to background
	-q 	Enable Directory checks
	-w 	Enable File checks
	-e 	Enable robots.txt and sitemap.xml check
	-d 	Enable Dynamic checks
	-s 	Enable Static checks
	-r 	Enable Stress checks
	-i 	<dork> Bing search
	-o 	<dork> Google search
	-g 	Web fingerprint
	-j 	Server fingerprint

usage: 
[1] perl ./uniscan.pl -u http://www.example.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
[5] perl ./uniscan.pl -o "inurl:test"
[6] perl ./uniscan.pl -u https://www.example.com/ -r

The usage section shows examples on using it. To scan a website, use the first example from the usage section.

root@kali:~# uniscan -u http://www.example.com/ -qweds

The above example scans a single url. With the f option multiple sites can be put under the scanner. The list has to be provided as a txt file.

Fingerprinting

With the option ‘j’ uniscan would fingerprint the server of the url. Server fingerprinting simply runs commands like ping, traceroute, nslookup, nmap on the server ip address and packs the results together.

root@kali:~# uniscan -u http://www.example.com -j

Another option is ‘g’ which does web based fingerprinting. It looks up specific urls.

root@kali:~# uniscan -u http://www.example.com -g

Searching google and bing

Apart from scanning websites, uniscan has another cool feature of performing google and bing searches and collecting the results in a simple text file. The i option can be used for searching bing and o operator for google. To search bing for all domains hosted on a given ip address issue the following command

root@kali:~# uniscan -i "ip:xxx.xxx.xxx.xxx"

Replace the x with the ip. The results are saved in a file called sites.txt which can be found at ‘/usr/share/uniscan’. They should ideally be saved in the home directory of the user or the working directory.

To search google using a term

root@kali:~# uniscan -o 'inurl:"section.php?id="'

However google will block too many automated search queries. So use the tool carefully.