Home Web App Security Uniscan : Web Vulnerability Scanner on Kali Linux

Uniscan : Web Vulnerability Scanner on Kali Linux

Web App Security By · March 4, 2025 · 0 Comment
uniscan

Uniscan is a powerful tool that helps users discover potential vulnerabilities in their websites, providing them with actionable insights to strengthen their security.In this article, we will take a detailed look at Uniscan, how it works, and how you can use it on Kali Linux to safeguard your website from various threats.

Uniscan is an open-source web vulnerability scanner designed to assess and identify security weaknesses in web applications. It is a lightweight and versatile tool that helps users scan websites for common vulnerabilities, including SQL injection, cross-site scripting (XSS), Local File Inclusion (LFI), and others.

Uniscan’s functionality is tailored to web developers, penetration testers, and security researchers who need to evaluate and improve the security posture of web applications.

Key Features of Uniscan

Uniscan offers several features that make it a valuable tool for web security testing. These include:

  • Customizable Scans: You can choose specific vulnerability types to scan, making Uniscan highly customizable to your testing needs.
  • Directory and File Checks: It checks for potential vulnerabilities related to files and directories.
  • Dynamic and Static Checks: Uniscan allows you to scan dynamic and static web content for vulnerabilities.
  • Stress Testing: The tool can simulate a high number of requests to identify how the web application responds to heavy traffic.
  • Comprehensive Reporting: After performing a scan, Uniscan generates detailed reports, allowing you to understand and act on the findings.

How to Use Uniscan on Kali Linux: A Step-by-Step Guide

Uniscan is prebuilt in Kali Linux, which makes it easy to use right out of the box without requiring any installation. If you’re using Kali Linux for penetration testing or vulnerability assessments, Uniscan comes pre-installed as part of the operating system, so you don’t need to worry about installing it manually.

To start using Uniscan on Kali Linux, you simply need to open a terminal and begin running commands. Below are the different commands and options that Uniscan provides.

1. Help Command (-h)

If you are new to Uniscan, you can view a list of all available commands by using the -h option. This provides helpful information on how to use the scanner and the different flags available.

$ sudo uniscan -h

Uniscan-1

2. Basic Website Scan (-u)

To start scanning a website, you use the -u flag followed by the target URL. For example, to scan the URL http://192.168.148.139/mutillidae/, you would run the following command:

$ sudo uniscan -u http://192.168.148.139/mutillidae/

Uniscan-2

This command will initiate a basic scan on the specified URL.

3. Directory Checks (-q)

Web applications often have directories that may contain sensitive information. To check for directory vulnerabilities, use the -q option. This command will help you identify directories that are exposed or vulnerable to unauthorized access.

$ sudo uniscan -u http://192.168.148.139/mutillidae/ -q

Uniscan-3

4. File Checks (-w)

Similarly, files on the server can sometimes be exposed, leading to potential security risks. You can enable file checks by using the -w option. This will scan for file-related vulnerabilities.

$ sudo uniscan -u http://192.168.148.139/mutillidae/ -w

Uniscan-4

5. Robots.txt and Sitemap.xml Checks (-e)

Robots.txt and sitemap.xml files can sometimes expose valuable information about the structure of your site. To scan these files for vulnerabilities, use the -e flag.

$ sudo uniscan -u http://192.168.148.139/mutillidae/ -e

Uniscan-5

6. Dynamic and Static Checks (-d and -s)

Websites are often dynamic, with content generated based on user input. To detect vulnerabilities in dynamic web applications, use the -d option. For static web content, use the -s option. Both checks are essential to ensure comprehensive security.

  • Dynamic checks:
$ sudo uniscan -u http://192.168.148.139/mutillidae/ -d

Uniscan-6

  • Static checks:
$ sudo uniscan -u http://192.168.148.139/mutillidae/ -s

Uniscan-7

7. Stress Testing (-r)

Stress testing is crucial to determine how well your website performs under high traffic conditions. The -r option allows you to simulate a large volume of requests to stress-test the web application.

$ sudo uniscan -u http://192.168.148.139/mutillidae/ -r

Uniscan-8

8. Server and Web Fingerprinting (-j and -g)

Uniscan also allows you to identify the underlying server and web technologies used by the target application. Use the -j flag for server fingerprinting and the -g flag for web fingerprinting.

  • Server fingerprinting:
$ sudo uniscan -u http://192.168.148.139/mutillidae/ -j

Uniscan-9

Uniscan-10

  • Web fingerprinting:
$ sudo uniscan -u http://192.168.148.139/mutillidae/ -g

9. Scan Multiple URLs (-f)

To scan multiple URLs at once, you can provide a text file that contains a list of URLs. This is useful when performing mass scans across various websites.

$ sudo uniscan -f /home/kali/Desktop/testurls.txt

Uniscan-11

10. Combining Multiple Scan Options

Uniscan allows you to combine different scanning options to conduct more comprehensive tests. For example, you can scan for directory checks, file checks, static and dynamic checks, and stress testing simultaneously:

$ sudo uniscan -u http://192.168.148.139/mutillidae/ -qwodsrgj

Uniscan-12

This command will run a multi-faceted scan using a combination of options.

11. Graphical User Interface (GUI)

For users who prefer a graphical interface, Uniscan also provides a GUI version. You can launch the graphical version using the following command:

$ sudo uniscan-gui

Uniscan-13

Uniscan-14

Analyzing the Results

After the scan is complete, Uniscan generates an HTML report that summarizes the vulnerabilities discovered on the target website. The report is saved in the following location:

HTML report saved at : /usr/share/uniscan/report/192.168.148.139.html

This report will provide you with details on the identified vulnerabilities, allowing you to take appropriate action to fix them.

Common Vulnerabilities Detected by Uniscan

Uniscan is capable of detecting various web application vulnerabilities, including:

  • SQL Injection: Uniscan checks for potential SQL injection vulnerabilities that could allow attackers to manipulate your database.
  • Cross-Site Scripting (XSS): Uniscan detects XSS vulnerabilities that allow attackers to inject malicious scripts into web pages.
  • Local File Inclusion (LFI): This vulnerability can allow attackers to include files from the server, which may lead to remote code execution.
  • Remote File Inclusion (RFI): Uniscan also identifies RFI vulnerabilities, which allow attackers to execute files from remote servers.

Conclusion

Uniscan is a powerful, open-source web vulnerability scanner that can help you identify and mitigate security risks on your website. By leveraging its various scanning options, you can perform comprehensive vulnerability assessments to ensure that your web application is secure. Regularly using tools like Uniscan is essential to maintaining a robust security posture and protecting your website from evolving threats.

By following the instructions in this guide, you will be well on your way to securing your web applications and safeguarding your users’ data.

Related Posts

Understanding File Upload Vulnerabilities in Web Applications

Web App Security By · March 26, 2025 · 0 Comment
Understanding-File-Upload-Vulnerabilities-in-Web-Applications-h
File upload functionality in web applications is a critical feature but can pose significant security risks if not properly implemented. One common vulnerability found in web applications is the file upload vulnerability, which attackers can exploit to gain unauthorized access,... Read more

How to Configure Burp Proxy and Browser for Security Testing

Web App Security By · March 19, 2025 · 0 Comment
Burp Suite is an essential tool for security professionals and ethical hackers, allowing them to intercept and analyze web traffic between a browser and a web server. One of its key features is the Burp Proxy, which intercepts HTTP(S) traffic... Read more

Burp Suite: Web Application Security Testing Tool

Web App Security By · March 12, 2025 · 1 Comment
Burp-Suite-Web-Application-Security-Testing-Tool
In today’s digital era, ensuring the security of web applications is more critical than ever. Cybersecurity threats like SQL Injection, Cross-Site Scripting (XSS), and other vulnerabilities pose significant risks to businesses and their users. One of the most effective tools... Read more

Common Sensitive Files Exposed in Web Apps

Web App Security By · March 10, 2025 · 0 Comment
Common-Sensitive-Files-Exposed-in-Web-Apps
In the world of web development and security, it is crucial to ensure that sensitive files are properly secured. Exposing sensitive files can significantly increase the vulnerability of your web application and provide attackers with valuable insights into the infrastructure,... Read more

Best Practices for Secure File Uploads in Web Apps

Web App Security By · March 10, 2025 · 0 Comment
Best-Practices-for-Secure-File-Uploads-in-Web-Apps-home
In modern web applications, file uploads are a fundamental feature, enabling users to share data such as images, documents, and videos. However, allowing file uploads also introduces significant security risks, as attackers can exploit vulnerabilities to execute malicious code, access... Read more

Understanding HTTP Status Codes: A Comprehensive Guide

Web App Security By · February 3, 2025 · 0 Comment
Understanding-HTTP-Status-Codes-A-Comprehensive-Guide
In the world of web development, one of the most crucial components of a seamless user experience is the communication between servers and clients. This communication is facilitated by HTTP (Hypertext Transfer Protocol) status codes, which are numerical responses sent... Read more

Wapiti: Web Application Vulnerability Scanner for Kali Linux

Web App Security By · January 27, 2025 · 0 Comment
Wapit-Web-Application-Vulnerability-Scanner
In today’s digital world, security is paramount, especially when it comes to web applications. With the growing number of cyber threats, it’s essential to have reliable tools that help detect vulnerabilities and ensure your web application is secure. One such... Read more

How to Use TestSSL on Kali Linux for SSL/TLS Vulnerability Scans

Web App Security By · January 17, 2025 · 0 Comment
How-to-Use-TestSSL-on-Kali-Linux-for-SSL-TLS-Vulnerability-Scans-home
In today’s digital age, ensuring the security of web applications is paramount, especially when sensitive information such as passwords, credit card details, or personal data is being exchanged. One of the key components in safeguarding these communications is SSL/TLS (Secure... Read more

Exploiting HTTP PUT Method for Reverse Shell on Metasploitable

Web App Security By · January 16, 2025 · 0 Comment
Exploiting HTTP PUT Method for Reverse Shell on Metasploitable
In penetration testing, one of the most effective ways to gain unauthorized access to a system is by exploiting vulnerabilities in the web server configuration. One such vulnerability is an open HTTP PUT method, which allows attackers to upload files... Read more

Top SSL/TLS Testing Tools: Open Source & Online Scanners

Web App Security By · December 13, 2024 · 1 Comment
Top-SSL-TLS-Testing-Tools-Open-Source-&-Online-Scanners
Introduction to SSL/TLS Testing Tools SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols are fundamental for securing data transmitted over the internet. For website owners, network administrators, and security professionals, it is essential to test SSL/TLS configurations regularly... Read more