Uniscan
Overview
Sección titulada «Overview»Uniscan is a remote web application vulnerability scanner that performs comprehensive security assessments on web applications. It identifies common vulnerabilities including Remote File Inclusion (RFI), Local File Inclusion (LFI), Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), WordPress misconfigurations, and other web-based security issues. Uniscan is useful for security professionals conducting authorized penetration tests and vulnerability assessments.
Note: Use Uniscan only on systems you own or have explicit permission to test.
Installation
Sección titulada «Installation»Linux Installation
Sección titulada «Linux Installation»# Install dependencies
sudo apt-get update
sudo apt-get install perl libwww-perl libjson-perl libnet-ssleay-perl
# Clone from repository
git clone https://github.com/ithmilwa/uniscan.git
cd uniscan
# Make executable
chmod +x uniscan.pl
# Run directly
./uniscan.pl -hAlternative: From Source
Sección titulada «Alternative: From Source»# Install via package manager (if available)
sudo apt-get install uniscan
# Or download precompiled binary
wget https://github.com/themilwaug/uniscan/releases/download/latest/uniscan
chmod +x uniscanBasic Usage
Sección titulada «Basic Usage»| Command | Description |
|---|---|
uniscan.pl -u http://target.com -w | Scan website in wild mode (aggressive) |
uniscan.pl -u http://target.com -s | Static mode - scan without network requests |
uniscan.pl -u http://target.com -d | Dynamic mode - active vulnerability testing |
uniscan.pl -u http://target.com -r | Report generation |
uniscan.pl -u http://target.com -h | Display help information |
Common Scanning Modes
Sección titulada «Common Scanning Modes»Basic Website Scan
Sección titulada «Basic Website Scan»# Simple wild mode scan (most common)
./uniscan.pl -u http://target.com -w
# Scan with custom port
./uniscan.pl -u http://target.com:8080 -w
# HTTPS scan
./uniscan.pl -u https://target.com -wSpecific Vulnerability Checks
Sección titulada «Specific Vulnerability Checks»# RFI (Remote File Inclusion) scan
./uniscan.pl -u http://target.com -w -r
# LFI (Local File Inclusion) detection
./uniscan.pl -u http://target.com -d
# XSS (Cross-Site Scripting) testing
./uniscan.pl -u http://target.com -w
# SQL Injection assessment
./uniscan.pl -u http://target.com -dAdvanced Scanning Options
Sección titulada «Advanced Scanning Options»# Scan with custom user agent
./uniscan.pl -u http://target.com -w -a "Mozilla/5.0 (Custom)"
# Static analysis without active testing
./uniscan.pl -u http://target.com -s
# Report generation in HTML format
./uniscan.pl -u http://target.com -w -r > report.html
# Verbose output for detailed information
./uniscan.pl -u http://target.com -w -vScanning Parameters
Sección titulada «Scanning Parameters»| Parameter | Description |
|---|---|
-u | Target URL (required) |
-w | Wild mode (extensive scanning) |
-s | Static mode (passive analysis only) |
-d | Dynamic mode (active vulnerability testing) |
-r | Generate HTML report |
-a | Custom User-Agent string |
-v | Verbose output |
-t | Response timeout in seconds |
-o | Output file path |
Vulnerability Types Detected
Sección titulada «Vulnerability Types Detected»Remote File Inclusion (RFI)
Sección titulada «Remote File Inclusion (RFI)»# Test for RFI vulnerabilities
./uniscan.pl -u http://target.com/page.php?file= -w
# With parameter specification
./uniscan.pl -u http://target.com/index.php?id=1 -w -dUniscan will check for common RFI vectors and attempt to load remote files to verify vulnerability.
Local File Inclusion (LFI)
Sección titulada «Local File Inclusion (LFI)»# LFI detection on target application
./uniscan.pl -u http://target.com -w -d
# Test specific parameters
./uniscan.pl -u http://target.com/view.php?file= -dSQL Injection Detection
Sección titulada «SQL Injection Detection»# Automated SQLi scanning
./uniscan.pl -u http://target.com -w -d
# Test specific form inputs
./uniscan.pl -u http://target.com/search.php -dXSS Vulnerability Testing
Sección titulada «XSS Vulnerability Testing»# Comprehensive XSS testing
./uniscan.pl -u http://target.com -w -d
# Test all form fields for XSS
./uniscan.pl -u http://target.com/contact.php -dOutput and Reporting
Sección titulada «Output and Reporting»HTML Report Generation
Sección titulada «HTML Report Generation»# Generate detailed HTML report
./uniscan.pl -u http://target.com -w -r -o scan_report.html
# Save results to file
./uniscan.pl -u http://target.com -w > uniscan_results.txt
# Combine with timestamp
./uniscan.pl -u http://target.com -w -o report_$(date +%Y%m%d_%H%M%S).htmlReport Structure
Sección titulada «Report Structure»The generated report includes:
- Vulnerability summary
- Detailed findings with severity levels
- Affected URLs and parameters
- Remediation recommendations
- Technical details for each vulnerability
WordPress-Specific Scanning
Sección titulada «WordPress-Specific Scanning»WordPress Vulnerability Detection
Sección titulada «WordPress Vulnerability Detection»# Scan WordPress installation
./uniscan.pl -u http://target.com -w
# Test for WordPress-specific issues
./uniscan.pl -u http://target.com/wordpress -w -d
# Check for plugin vulnerabilities
./uniscan.pl -u http://target.com -w -rUniscan detects WordPress misconfigurations, insecure plugins, and version-specific vulnerabilities.
Custom Scanning Workflows
Sección titulada «Custom Scanning Workflows»Deep Website Assessment
Sección titulada «Deep Website Assessment»# Comprehensive scan of entire site
./uniscan.pl -u http://target.com -w -d -r -o comprehensive_scan.html
# Multi-level vulnerability assessment
./uniscan.pl -u http://target.com/admin -w -d
./uniscan.pl -u http://target.com/user -w -d
./uniscan.pl -u http://target.com/api -w -dBatch Scanning Multiple Targets
Sección titulada «Batch Scanning Multiple Targets»#!/bin/bash
# Create targets.txt with one URL per line
for url in $(cat targets.txt); do
./uniscan.pl -u "$url" -w -r -o report_$(echo $url | md5sum | cut -d' ' -f1).html
doneParameter Enumeration
Sección titulada «Parameter Enumeration»# Scan with parameter discovery
./uniscan.pl -u http://target.com -w -d
# Test specific parameters
./uniscan.pl -u "http://target.com/page.php?id=1&cat=tech&user=admin" -w -dAdvanced Configuration
Sección titulada «Advanced Configuration»Timeout and Performance Tuning
Sección titulada «Timeout and Performance Tuning»# Increase timeout for slow servers
./uniscan.pl -u http://target.com -w -t 30
# Faster scan with shorter timeout
./uniscan.pl -u http://target.com -w -t 5User-Agent Spoofing
Sección titulada «User-Agent Spoofing»# Scan with Firefox user agent
./uniscan.pl -u http://target.com -w -a "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit"
# Chrome user agent
./uniscan.pl -u http://target.com -w -a "Mozilla/5.0 (X11; Linux x86_64) Chrome/91.0"
# Mobile user agent
./uniscan.pl -u http://target.com -w -a "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0)"Vulnerability Assessment Examples
Sección titulada «Vulnerability Assessment Examples»E-Commerce Site Scan
Sección titulada «E-Commerce Site Scan»# Scan online store for payment vulnerabilities
./uniscan.pl -u http://shop.example.com -w -d -r -o ecommerce_scan.html
# Check checkout process
./uniscan.pl -u http://shop.example.com/cart -w -d
./uniscan.pl -u http://shop.example.com/checkout -w -dAPI Security Testing
Sección titulada «API Security Testing»# Test REST API endpoints
./uniscan.pl -u http://api.example.com/v1/ -w -d
# Authentication bypass attempts
./uniscan.pl -u http://api.example.com/v1/users -w -dContent Management System Assessment
Sección titulada «Content Management System Assessment»# CMS vulnerability scan
./uniscan.pl -u http://cms.example.com -w -d -r
# Plugin and theme checking
./uniscan.pl -u http://cms.example.com -wBest Practices
Sección titulada «Best Practices»Authorization and Scope
Sección titulada «Authorization and Scope»# Define scanning scope clearly
# Only scan URLs explicitly approved in scope
./uniscan.pl -u http://target.com/app -w
# Avoid scanning third-party services
# Example: Don't scan /api/external-service endpointsPerformance Optimization
Sección titulada «Performance Optimization»# Use static mode for initial reconnaissance
./uniscan.pl -u http://target.com -s
# Follow up with dynamic mode on specific areas
./uniscan.pl -u http://target.com/vulnerable-area -dReporting and Documentation
Sección titulada «Reporting and Documentation»# Generate timestamped reports for compliance
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
./uniscan.pl -u http://target.com -w -r -o "report_${TIMESTAMP}.html"
# Save configuration for audit trail
echo "Scan parameters: URL=http://target.com Mode=wild" >> scan_log.txtInterpreting Results
Sección titulada «Interpreting Results»Vulnerability Severity Levels
Sección titulada «Vulnerability Severity Levels»| Level | Meaning | Action |
|---|---|---|
| Critical | Immediate exploitation possible | Fix immediately |
| High | Severe impact if exploited | Priority fix |
| Medium | Moderate security risk | Schedule fix |
| Low | Minimal impact | Document and monitor |
| Info | Informational finding | Review for context |
Common False Positives
Sección titulada «Common False Positives»Uniscan may flag legitimate security features as vulnerabilities. Review findings carefully:
- Security headers may appear as “missing” when intentionally configured
- WAF (Web Application Firewall) blocks may be flagged as anomalies
- Custom error handling may be detected as information disclosure
Troubleshooting
Sección titulada «Troubleshooting»Scan Timeouts
Sección titulada «Scan Timeouts»# Increase timeout for unresponsive servers
./uniscan.pl -u http://slow-target.com -w -t 60
# Check network connectivity first
ping target.com
curl -I http://target.comSSL/TLS Issues
Sección titulada «SSL/TLS Issues»# If HTTPS scan fails, verify certificate
openssl s_client -connect target.com:443
# Retry HTTPS scan
./uniscan.pl -u https://target.com -wInsufficient Permissions
Sección titulada «Insufficient Permissions»# Ensure proper permissions for output files
chmod 755 uniscan.pl
mkdir -p ./reports
chmod 755 ./reports
# Run with appropriate user privileges
./uniscan.pl -u http://target.com -w -o ./reports/scan.htmlIntegration with Other Tools
Sección titulada «Integration with Other Tools»Workflow with Nmap
Sección titulada «Workflow with Nmap»# Identify web services with Nmap first
nmap -p 80,443 target.com
# Then run Uniscan on discovered services
./uniscan.pl -u http://target.com -w
./uniscan.pl -u https://target.com -wChaining with Metasploit
Sección titulada «Chaining with Metasploit»# Uniscan identifies vulnerabilities
./uniscan.pl -u http://target.com -w -r -o uniscan_findings.html
# Import findings into Metasploit for exploitation
msfconsole -x "db_import uniscan_findings.html"Legal and Ethical Considerations
Sección titulada «Legal and Ethical Considerations»Always obtain written authorization before conducting vulnerability assessments. Unauthorized security testing is illegal in most jurisdictions. Maintain proper documentation of:
- Written authorization/scope
- Testing dates and times
- Vulnerabilities discovered
- Remediation recommendations
- Test environment details
Uniscan should only be used in authorized security testing scenarios with proper safeguards and documentation.