Info BackTrack

Linux & Security Tutorial

Pentest Web Dengan Uniscan Manuver GUI


Uniscan ini adalah tools untuk membongkar seluruh direktory dari web target meskipun direktory itu di hidden =)) .
keunggulan aplikasi ini adalah mendeteksi seluruh jenis serangan.

Dukungan mode :

OPTIONS:
-h help
-u example: https://www.example.com/
-f list of url's
-b Uniscan go to background
-q Enable Directory checks
-w Enable File checks
-e Enable robots.txt check
-d Enable Dynamic checks
-s Enable Static checks
-r Enable Stress checks
-i Bing search

usage:
[1] perl ./uniscan.pl -u http://www.target.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
[5] perl ./uniscan.pl -u https://www.example.com/ -r

Tampilan awal uniscan.pl V. 5.3 :

Target Ex. : http://www.fk.ui.ac.id/

lindo@laptop:/pentest/web/uniscan# perl ./uniscan.pl -u http://www.fk.ui.ac.id/ -qweds
###############################
# Uniscan project #
# http://www.uniscan.com.br/ #
###############################
V. 5.3

Argument "500 Can't connect to www.uniscan.com.br:80 (Bad hostname..." isn't numeric in numeric ne (!=) at Uniscan/Functions.pm line 402.
New version 500 Can't connect to www.uniscan.com.br:80 (Bad hostname 'www.uniscan.com.br') is avaliable
More details in http://www.uniscan.com.br/

Scan date: 8-7-2012 9:9:30
===================================================================================================
| Domain: http://www.fk.ui.ac.id/
| Server: Apache/2.2.9 (Debian) DAV/2 SVN/1.5.1 proxy_html/3.0.0 mod_ruby/1.2.6 Ruby/1.8.7(2010-08-16) mod_ssl/2.2.9 OpenSSL/0.9.8o mod_perl/2.0.4 Perl/v5.10.1
| IP: 152.118.24.142
===================================================================================================
|
| Directory check:
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/classes/
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/config/
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/download/
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/helpers/
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/icons/
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/images/
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/stats/
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/usage/
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/css/
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/js/
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/language/
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/manual/
===================================================================================================
|
| File check:
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/config.php
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/index.php
| [+] CODE: 200e URL: http://www.fk.ui.ac.id/login.php
===================================================================================================
|
| Check robots.txt:
===================================================================================================
|
| Crawler Started:
| Plugin name: Code Disclosure v.1 Loaded.
| Plugin name: phpinfo() Disclosure v.1 Loaded.
| Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
| Plugin name: E-mail Detection v.1 Loaded.
| Plugin name: Upload Form Detect v.1 Loaded.
| Plugin name: External Host Detect v.1.1 Loaded.
| [*] Crawling: [605 - 1401]
===================================================================================================

kasihan web nya, sy stop load Crawler-nya tuh.. ^_^

Oke kita lanjut ke Uniscan dalam monuver GUI =))

bahannya -->  http://sourceforge.net/projects/uniscan/files/6.1/uniscan6.1.tar.gz/download

oke deh perhatiin aja Screen-shot-nya, soalnya hati lagi galau jadi nggak mo0d buat kata² -__- .

Saya anggap Uniscan yang kita download tadi uda di ektrak ya,kalo belum ngerti nge ektrak silahkan di googling aja ^_^.

Dibawah ini sample isi folder dari uniscan :

lindo@laptop:~/Senjata/uniscan6.0# ls
CHANGELOG.txt
c.txt
Directory
index.php
Plugins
report
Uniscan
uniscan_gui.pl
uniscan.pl
cookies.lwp
DB
Files
LFI
RCE
RFI
uniscan.conf
uniscan.log

Jadi cara excutenya begini nih :

lindo@laptop:~/Senjata/uniscan6.0# ./uniscan_gui.pl

–done , semoga bermanfaat.

Artikel Terkait:

3 responses to “Pentest Web Dengan Uniscan Manuver GUI

  1. renzrawk August 11, 2012 at 6:45 am

    wah ini bermanfaat banget om
    mkasih om😀

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: