Hello guys, today I'm going to show you how to scan for vulnerabilities in a website, or all the websites in the server. In this tutorial I will use a program in BackTrack called UniScan. it's very easy to use, but very good in scanning. First of all, open your terminal and type this command:
Something like this will be printed on your terminal. Now all we have to do is follow the instructions. First of all we need a target to scan, I've chose one already and I will use it in my pictures. To start the scan, first you have to check the options which you want to use in your scan.
# HOW TO USE OPTIONS: Check the letter beside your option, and include it after the URL like this:
or put them all together.
This will start your scan with all the different options you included.
NOTE:- NEVER FORGET THE FORWARD SLASH AT THE END OF THE LINK IN THE COMMAND!! Now the scan will start, and the terminal will look something like this:
This scan will scan for vulnerabilities like SQL-i / LFI / RFI and so on. It also searches for Webshells, backdoors, PHP info disclosure, Emails, and much more. Here are some examples: PHP.info() disclosure:
External Links/Hosts:
Source Code disclosure:
Dynamic Scan, Vulnerability Identification:
This program can also get all the sites in a server, and then you will be able to scan all of them. To do that, run this command:
Change 127.0.0.1 to your target server. All the websites will be stored in "sites.txt" in the same directory. Now to scan those sites in the list, run this command:
You can change the options to whatever you want.
I Hope You Enjoyed , thanks to Zamil for this Great Tutorial ...!!!
If You Have any Question or Problem Comment Below
cd /pentest/web/uniscan && ./uniscan.pl
Something like this will be printed on your terminal. Now all we have to do is follow the instructions. First of all we need a target to scan, I've chose one already and I will use it in my pictures. To start the scan, first you have to check the options which you want to use in your scan.
# HOW TO USE OPTIONS: Check the letter beside your option, and include it after the URL like this:
./uniscan.pl -u http://www.website.com/ -b -q -d -w
or put them all together.
./uniscan.pl -u http://www.website.com/ -bqdw
This will start your scan with all the different options you included.
NOTE:- NEVER FORGET THE FORWARD SLASH AT THE END OF THE LINK IN THE COMMAND!! Now the scan will start, and the terminal will look something like this:
This scan will scan for vulnerabilities like SQL-i / LFI / RFI and so on. It also searches for Webshells, backdoors, PHP info disclosure, Emails, and much more. Here are some examples: PHP.info() disclosure:
External Links/Hosts:
Source Code disclosure:
Dynamic Scan, Vulnerability Identification:
This program can also get all the sites in a server, and then you will be able to scan all of them. To do that, run this command:
./uniscan.pl -i "ip:127.0.0.1"
Change 127.0.0.1 to your target server. All the websites will be stored in "sites.txt" in the same directory. Now to scan those sites in the list, run this command:
./uniscan.pl -f sites.txt -bqwd
You can change the options to whatever you want.
I Hope You Enjoyed , thanks to Zamil for this Great Tutorial ...!!!
If You Have any Question or Problem Comment Below
Thank you for sharing this valuable information on the scan website for vulnerabilities online, I practically implement this and have done. Thanks a ton
ReplyDelete