Some of you might know about the ways of finding website vulnerabilities and some of you have not but its okay because this tutorial gonna teach you a way of finding website vulnerability using Kali Linux.
A Little About Uniscan
The uniscan tool comes with both terminal and GUI version. You can use any of them with which you’re comfortable. Uniscan offers many parameters to users. stress check, directory check, google dork search, and more. It is a very powerful tool and easier to use. This quality-made this tool popular among hackers and wannabes. The tool is written in Perl language. If you don’t have the tool on your Kali Linux machine, download it from here. So let’s move to the tutorial.
Setup And Using Tutorial:
For the terminal version:
First, open up the terminal and type uniscan, and hit enter. It will show up all the available parameters you can use.
How to select the options? Just simply type uniscan –‘the letter against the option‘ ‘the url’ without the commas. (ex: uniscan -q https://www.example.com)
Let’s have an example of one of these parameters. Here we’re gonna check the files of hackthissite.com. The image below shows how the uniscan works.
So the scanning has been finished and the report automatically saved in the report folder. Giving the path of the report below the scan. So let’s follow the path.
Open Folders> Other Location> Computer> usr> share> Uniscan> report.
Inside the report folder, you will see an HTML file named with the name of the website you have scanned. The image above shows how it saves.
For the GUI version:
To open the GUI version give the command uniscan-gui and hit enter. It will open up the GUI version.
The use of the GUI version is the same as the terminal version. Just specify the target in the URL box and check the parameters you want to perform on the target and click on the start scan button.
After finishing scanning click on the open log file button to get access to the log. To get the reports, follow the same path that you have followed in the terminal version.
If you don’t want to use your site to do the test, use HackThisSite to do a test on it. You can perform any practical on this site freely and legally. But they have also some conditions. Read them before using the site. The site is built by Infosec.
The tool sends many queries to scan different sections of targets. If the authority/owner of the target detects that unusual traffic is coming to their site from your system then they can trace you back. Anonymize yourself before using any kind of tool. We do not prefer you to do anything on other’s property. Do practical on your property. Be safe and don’t get caught. Hack the world to protect the world. Be with us to make friends with us. You’re valuable to us. If you’re facing any issue using the tool feel free to comment us below describing your problem. Our team is always here for you.