FIRST YOU NEED BACKTRACK 5 , ANY BACKTRACK VERSION BUT I RECCOMMEND USE VERSION 5 :D
DOWNLOAD HERE : http://www.backtrack-linux.org/downloads/
Download Uniscan HERE
http://uniscan.sourceforge.net/?page_id=7
F.A.Q : HOW ABOUT IF IM NOT A LINUX USER ?
ANSWER : JUST USE VMWARE WORKSTATION , YOU CAN DOWNLOAD IT HERE
DOWNLOAD : http://expert2program.blogspot.com/2013/01/download-vmware-workstation-9-full-with.html OR http://www.saisoftwarecracks.com/2013/02/vmware-workstation-901-full-version.html#axzz2USM2CG11
OK LETS START :)
INTRODUCTION :
Hello guys, today I'm going to show you how to scan for vulnerabilities in a website, or all the websites in the server. In this tutorial I will use a program in BackTrack called UniScan. it's very easy to use, but very good in scanning.
1.First of all, open your terminal and type this command:
cd /pentest/web/uniscan && ./uniscan.pl
without Spaces and open and close parenthesis.
---------------
Something like this will be printed on your terminal. Now all we have to do is follow the instructions. First of all we need a target to scan, I've chose one already and I will use it in my pictures. To start the scan, first you have to check the options which you want to use in your scan.
2. HOW TO USE OPTIONS: Check the letter beside your option, and include it after the URL like this:
./uniscan.pl -u http://www.website.com/ -b -q -d -w
or put them all together
./uniscan.pl -u http://www.website.com/ -bqdw
3. This will start your scan with all the different options you included. NOTE:- NEVER FORGET THE FORWARD SLASH AT THE END OF THE LINK IN THE COMMEND!! Now the scan will start, and the terminal will look something like this :
-----------------------------------------------------------------------------
This scan will scan for vulnerabilities like SQL-i / LFI / RFI and so on. It also searches for Webshells, backdoors, PHP info disclosure, Emails, and much more. Here are some examples:
PHP.info() disclosure:
External Links/Hosts:
Source Code disclosure:
Dynamic Scan, Vulnerability Identification:
=================================================================
4.This program can also get all the sites in a server, and then you will be able to scan all of them. To do that, run this command:
./uniscan.pl -i "ip:127.0.0.1"
5.Change 127.0.0.1 to your target server. All the websites will be stored in "sites.txt" in the same directory. Now to scan those sites in the list, run this command:
./uniscan.pl -f sites.txt -bqwd
6. You can change the options to whatever you want.
Thats it guys, thank you for reading :)
ENJOY GUYS ! HAPPY EXPLOITING :D
Other information about this tutorial added by xW3s13y
No comments: