As we all know that backtrack is specially designed for the security researchers so there are many tools pre installed in the backtrack like sqlmap, uniscan and all.
Let's start. Follow the simple steps to find the vulnerability in any website.
1. Now make sure you have opened Kali operating system and now just open the terminal and write the below code in the terminal and hit enter.
cd /pentest/web/uniscan && ./uniscan.plNow you can see the bellow snapshot there are few options are given.
2. Now we have are going to use the command below and make sure you have the website link.
./uniscan.pl -u http://www.website.com/ –bqdwAnd your website’s URL should be end with the forward slash and now just hit enter and then the process will start.
Now as you can see we got the IP address and the server of the website and wait we will get many more information :)
Directory Check
Directory check will check the directories of the website and it will list the directories of the website as shown in the below snapshot.
File check
Now as the name says it will check the files which are hosted in the website.
Now you'll see crawler is started , it will grab all the email address and externals hosts and all the information.
emails :
External hosts :
Web Backdoors :
File upload forums :
Now let me tell you that using this tool you can scan the websites for many more vulnerability like sql-i, XSS, remote code execution and many more and you can make few bucks by participating in the bug bounty program.
Note :
If you want to get the list of the sites hosted on the same server then simply add this command, just replace the ip address with the server’s ip address. and the list of the websites will be stored in the same directory with the name “sites.txt”
./uniscan.pl -i "ip:127.0.0.1"
If you want to scan the list of the website then simply run this command
./uniscan.pl -f sites.txt –bqwd
Source: pv.4nti
0 comments:
Post a Comment