Uniscan is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.
1. How to open
A. GUI Method
Application→ kali Linux → Web Application → Web Vulnerability Scanners → uniscan-gui
B. Open Terminal type uniscan-gui this will open uniscan-gui as shown image ( I will show you GUI scan at last)
C. Open terminal type uniscan and hit enter ( Non –GUI)
2. This command is used to scan the vulnerabilities on the target.
Syntax – Uniscan –u target host/IP –qweds
Ex – uniscan –u www.hubbardbrook.org –qweds
Here, -q – Enable Directory checks
-w – Enable File Checks
-e – Enable robots.txt and sitemap.xml check
-d – Enable Dynamic checks
-s – Enable Static checks
2a. Here you can see the Domain, Server and IP of the target url as well as Directory check result.
3. You can see File check, Check robots.txt , check sitemap.xml and Crawler plugin.
4. You can see FCKeditor File upload and Emails information.
5. Source Code Disclosure
6. Timthumb and External hosts
7. PHPinfo () Disclosure and Web backdoors
8. Dynamic test plugin names and FCKeditor tests
9. Timthumb << 1.33 vulnerability, Backup files and Blind SQL Injection Vulnerability information
10. Local File Include, PHP CGI Argument Injection, Remote Command Execution, Remote File Include, SQL Injection.
11. Web Shell Finder, Static test plugin names, Local file Include, Remote Command Execution
12. Remote File Include.
13. Here we are starting uniscan-gui first of all write your target url in URL field than select the box from Uniscan options, it depends on your type of scan which type of scan and which plugin do you want to scan. Then click on start scan and wait for completing the scan after completing you have to click on Open log file so there you can see your scan result (next image).
14. ‘Log file Open’ here you can the your scanning details.
(Click image for large view)