Update Uniscan V-6.0 – Web vulnerability scanner

Our Post Before :

  • http://www.seclist.us/2012/04/update-uniscan-v54-web-vulnerability.html
  • http://www.seclist.us/2012/03/uniscan-v53.html

changelog Uniscan V6.0 :

  •     Crawler improved (a lot bug fix).
  •     Google search back to Uniscan.
  •     Added Web server information module.
  •     Added Server information module.
  •     Added simple Web client [waiting for new look] .
  •     Added New Plugin “FCKeditor” for crawler.
  •     Added New Plugin “FCKeditor” for dynamic tests.
  •     Added New Plugin “PHP CGI Argument Injection” for dynamic tests.
  •     Added Auto-update [under tests].
  •     Added simple HTML report [waiting for new look].
  •     Added detection of redirection.
  •     Improved plug-in Webshell finder (less false-positive)
  •     Improved uniscan.pl, now uniscan.pl try detect if a host is responding before doing the scanning.
  •     Find for Drupal, Joomla and WordPress plugins when banner-grabbing detect on of this CMS.

The Uniscan is a Web vulnerability scanner, aimed at information security, which aims at finding vulnerabilities in Web systems and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 (GPL 3).

Uniscan characteristics:

  •     Identification of system pages through a Web Crawler.
  •     Use of threads in the crawler.
  •     Control the maximum number of requests the crawler.
  •     Control of variation of system pages identified by Web Crawler.
  •     Control of file extensions that are ignored.
  •     Test of pages found via the GET method.
  •     Test the forms found via the POST method.
  •     Support for SSL requests (HTTPS).
  •     Proxy support.
  •     Generate site list using Google.
  •     Generate site list using Bing.
  •     Plug-in support for Crawler.
  •     Plug-in support for dynamic tests.
  •     Plug-in support for static tests.
  •     Plug-in support for stress tests.
The uniscan must be run from the command line. Example: perl uniscan.pl -u http://www.example.com/ -d
Other options:


-h      help
-u       example: https://www.example.com/
-f       list of url’s
-b      Uniscan go to background
-q      Enable Directory checks
-w      Enable File checks
-e      Enable robots.txt check
-d      Enable Dynamic checks
-s      Enable Static checks
-r      Enable Stress checks
-i       Bing search
-o      Google search

Example Demonstration Uniscan Beta – Web vulnerability scanner for RFI, LFI and RCE bugs, SQL injection, xss, etc.

Platform : Unix/Linux

Download latest version : uniscan6.0.tar.gz (358.3 kB)
Find other version |
Read more in here : http://uniscan.sourceforge.net/