Tuesday, November 15, 2011

Uniscan vulnerablity scanner download and installing

Installing uniscan web scanner and vulnerability system
Installing uniscan web scanner and vulnerability system
BACKGROUND
The uniscan tool is a web server vulnerability scanner tool that was developed using the Perl language. More information about the uniscan tool can be found at http://www.uniscan.com.br/index.html/ . The Administrator or pen tester can use this tool the test the following vulnerabilities:
- Remote File Include (RF)
- Local File Include (LFI)
- Remote Command Execution (RCE)
- Cross-Site Scripting (XSS)
- SQL Injections
- Blind SQL Injections
The tool require the installation of some Perl modules.
The tool was created by:
Name: Douglas Poerschke Rocha
Uniscan Dev.
E-mail: team@uniscan.com.br
Name: Roberlei Martins Vieira
Webmaster
E-mail: roberlei@uniscan.com.br
OPERATING SYSTEM
The tool was installed and tested in the following Operating System (OS):
Distributor ID: Ubuntu
Description: Ubuntu 11.04
Release: 11.04
Codename: natty
INSTRUCTIONS
Before downloading and installing uniscan, i have downloadedthe following Perl modules from you command line:
root@rjcrystal$ sudo perl -MCPAN -e 'install Moose'
root@rjcrystal$ sudo perl -MCPAN -e 'install threads'
root@rjcrystal$ sudo perl -MCPAN -e 'install threads::shared'
root@rjcrystal$ sudo perl -MCPAN -e 'install thread::Queue'
root@rjcrystal$ sudo perl -MCPAN -e 'install HTTP::Response'
root@rjcrystal$ sudo perl -MCPAN -e 'install HTTP::Request'
root@rjcrystal$ sudo perl -MCPAN -e 'install LWP::UserAgent'
root@rjcrystal$ sudo perl -MCPAN -e 'install Net::SSLeay'
root@rjcrystal$ sudo perl -MCPAN -e 'install Getopt::Std'
root@rjcrystal$ sudo perl -MCPAN -e 'install YAML'
Press ENTER
OR you can use the Perlmod to download these modules all at once by typing:
root@rjcrystal$ sudo perlmod –i Moosethreads threads::shared thread::Queue HTTP::Response HTTP::Request LWP::UserAgent Net::SSLeay Getopt::Std YAML
If some modules already installed by default, you can press [n] for not installing them.

You will also need the ssleay-perl libnet module installed in your Ubuntu. If you try to download the module from CPAN it will generate anerror. For that purpose download the library using the following command:
root@rjcrystal$ sudo apt-get install libnet-ssleay-perl
Download the current version of uniscan tool:
http://sourceforge.net/projects/uniscan/files/4.3/uniscan-code.tar.gz/download/

Then extract the downloaded file:
root@rjcrystal$ sudo tar -xvzf uniscan-code.tar.gz
root@rjcrystal$ cd uniscan-code/
root@rjcrystal$ sudo./uniscan.pl
###############################
# Uniscan project #
# http://www.uniscan.com.br/#
###############################
V. 4.3
OPTIONS:
-h help
-u example: https://www.example.com/
-f list of url's
-b Uniscan go to background
-q Disable Directory checks
-w Disable File checks
-e Disable Backup file checks
-r Disable RFI checks by Crawler
-t Disable LFI checks by Crawler
-y Disable RCE checks by Crawler
-i Disable SQL checks by Crawler
-o Disable XSS checks by Crawler
-p Disable static RFI checks
-a Disable static LFI checks
-s Disable static RCE checks
-d Disable /robots.txt check
-g Disable PUT method check
-j Not show e-mails found by Crawler
Option -u or -f is required, all others no.
usage:
[1] perl ./uniscan.pl -u http://www.example.com/
[2] perl ./uniscan.pl -f /home/user/file.txt -b
[3] perl ./uniscan.pl -u https://www.example.com

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More