Tuesday, 16 April 2013
How To Scan A Website For Vulnerabilities Using Uniscan BackTrack .
Hello guys, today I'm going to show you how to scan for vulnerabilities in a website, or all the websites in the server. In this tutorial I will use a program in BackTrack called UniScan. it's very easy to use and very good in scanning.
First of all, open your terminal by typing this command:
CTRL+ALT+T
Now type this in Terminal to open UniScan :
cd /pentest/web/uniscan && ./uniscan.pl
Something like this will be printed on your terminal.
Pic : http://bit.ly/10XvZ2j
Now all we have to do is follow the instructions.
First of all we need a target to scan,
To start the scan, first you have to check
the options which you want to use in your scan.
# HOW TO USE OPTIONS:
Command :
./uniscan.pl -u http://www.website.com/ -b -q -d -w
or put them all together.
./uniscan.pl -u http://www.website.com/ -bqdw
This will start your scan with all the different options you included.
NOTE:- NEVER FORGET THE FORWARD SLASH / AT THE END OF THE LINK IN THE COMMAND!!
Now the scan will start, and the terminal will look something like this:
Pic : http://bit.ly/104Efm4
This scan will scan for vulnerabilities like SQL-i / LFI / RFI and so on.
It also searches for Webshells, backdoors, PHP info disclosure, Emails, and much more.
Here are some examples:
PHP.info() disclosure:
Pic : http://bit.ly/15arrLA
External Links/Hosts:
Pic : http://bit.ly/12ejdiK
Source Code disclosure:
Pic : http://bit.ly/ZleZos
Dynamic Scan, Vulnerability Identification:
Pic : http://bit.ly/11an2Da
This program can also get all the sites in a server,
and then you will be able to scan all of them.
To do that, run this command:
./uniscan.pl -i "ip:127.0.0.1"
You can change the options to whatever you want.
Thats it guys, thank you for reading :)
Hello guys, today I'm going to show you how to scan for vulnerabilities in a website, or all the websites in the server. In this tutorial I will use a program in BackTrack called UniScan. it's very easy to use and very good in scanning.
First of all, open your terminal by typing this command:
CTRL+ALT+T
Now type this in Terminal to open UniScan :
cd /pentest/web/uniscan && ./uniscan.pl
Something like this will be printed on your terminal.
Pic : http://bit.ly/10XvZ2j
Now all we have to do is follow the instructions.
First of all we need a target to scan,
To start the scan, first you have to check
the options which you want to use in your scan.
# HOW TO USE OPTIONS:
Command :
./uniscan.pl -u http://www.website.com/ -b -q -d -w
or put them all together.
./uniscan.pl -u http://www.website.com/ -bqdw
This will start your scan with all the different options you included.
NOTE:- NEVER FORGET THE FORWARD SLASH / AT THE END OF THE LINK IN THE COMMAND!!
Now the scan will start, and the terminal will look something like this:
Pic : http://bit.ly/104Efm4
This scan will scan for vulnerabilities like SQL-i / LFI / RFI and so on.
It also searches for Webshells, backdoors, PHP info disclosure, Emails, and much more.
Here are some examples:
PHP.info() disclosure:
Pic : http://bit.ly/15arrLA
External Links/Hosts:
Pic : http://bit.ly/12ejdiK
Source Code disclosure:
Pic : http://bit.ly/ZleZos
Dynamic Scan, Vulnerability Identification:
Pic : http://bit.ly/11an2Da
This program can also get all the sites in a server,
and then you will be able to scan all of them.
To do that, run this command:
./uniscan.pl -i "ip:127.0.0.1"
You can change the options to whatever you want.
Thats it guys, thank you for reading :)
