Uniscan

Overview

Uniscan is a remote web application vulnerability scanner that performs comprehensive security assessments on web applications. It identifies common vulnerabilities including Remote File Inclusion (RFI), Local File Inclusion (LFI), Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), WordPress misconfigurations, and other web-based security issues. Uniscan is useful for security professionals conducting authorized penetration tests and vulnerability assessments.

Note: Use Uniscan only on systems you own or have explicit permission to test.

Installation

Linux Installation

# Install dependencies
sudo apt-get update
sudo apt-get install perl libwww-perl libjson-perl libnet-ssleay-perl

# Clone from repository
git clone https://github.com/ithmilwa/uniscan.git
cd uniscan

# Make executable
chmod +x uniscan.pl

# Run directly
./uniscan.pl -h

Alternative: From Source

# Install via package manager (if available)
sudo apt-get install uniscan

# Or download precompiled binary
wget https://github.com/themilwaug/uniscan/releases/download/latest/uniscan
chmod +x uniscan

Basic Usage

Command	Description
`uniscan.pl -u http://target.com -w`	Scan website in wild mode (aggressive)
`uniscan.pl -u http://target.com -s`	Static mode - scan without network requests
`uniscan.pl -u http://target.com -d`	Dynamic mode - active vulnerability testing
`uniscan.pl -u http://target.com -r`	Report generation
`uniscan.pl -u http://target.com -h`	Display help information

Common Scanning Modes

Basic Website Scan

# Simple wild mode scan (most common)
./uniscan.pl -u http://target.com -w

# Scan with custom port
./uniscan.pl -u http://target.com:8080 -w

# HTTPS scan
./uniscan.pl -u https://target.com -w

Specific Vulnerability Checks

# RFI (Remote File Inclusion) scan
./uniscan.pl -u http://target.com -w -r

# LFI (Local File Inclusion) detection
./uniscan.pl -u http://target.com -d

# XSS (Cross-Site Scripting) testing
./uniscan.pl -u http://target.com -w

# SQL Injection assessment
./uniscan.pl -u http://target.com -d

Advanced Scanning Options

# Scan with custom user agent
./uniscan.pl -u http://target.com -w -a "Mozilla/5.0 (Custom)"

# Static analysis without active testing
./uniscan.pl -u http://target.com -s

# Report generation in HTML format
./uniscan.pl -u http://target.com -w -r > report.html

# Verbose output for detailed information
./uniscan.pl -u http://target.com -w -v

Scanning Parameters

Parameter	Description
`-u`	Target URL (required)
`-w`	Wild mode (extensive scanning)
`-s`	Static mode (passive analysis only)
`-d`	Dynamic mode (active vulnerability testing)
`-r`	Generate HTML report
`-a`	Custom User-Agent string
`-v`	Verbose output
`-t`	Response timeout in seconds
`-o`	Output file path

Vulnerability Types Detected

Remote File Inclusion (RFI)

# Test for RFI vulnerabilities
./uniscan.pl -u http://target.com/page.php?file= -w

# With parameter specification
./uniscan.pl -u http://target.com/index.php?id=1 -w -d

Uniscan will check for common RFI vectors and attempt to load remote files to verify vulnerability.

Local File Inclusion (LFI)

# LFI detection on target application
./uniscan.pl -u http://target.com -w -d

# Test specific parameters
./uniscan.pl -u http://target.com/view.php?file= -d

SQL Injection Detection

# Automated SQLi scanning
./uniscan.pl -u http://target.com -w -d

# Test specific form inputs
./uniscan.pl -u http://target.com/search.php -d

XSS Vulnerability Testing

# Comprehensive XSS testing
./uniscan.pl -u http://target.com -w -d

# Test all form fields for XSS
./uniscan.pl -u http://target.com/contact.php -d

Output and Reporting

HTML Report Generation

# Generate detailed HTML report
./uniscan.pl -u http://target.com -w -r -o scan_report.html

# Save results to file
./uniscan.pl -u http://target.com -w > uniscan_results.txt

# Combine with timestamp
./uniscan.pl -u http://target.com -w -o report_$(date +%Y%m%d_%H%M%S).html

Report Structure

The generated report includes:

Vulnerability summary
Detailed findings with severity levels
Affected URLs and parameters
Remediation recommendations
Technical details for each vulnerability

WordPress-Specific Scanning

WordPress Vulnerability Detection

# Scan WordPress installation
./uniscan.pl -u http://target.com -w

# Test for WordPress-specific issues
./uniscan.pl -u http://target.com/wordpress -w -d

# Check for plugin vulnerabilities
./uniscan.pl -u http://target.com -w -r

Uniscan detects WordPress misconfigurations, insecure plugins, and version-specific vulnerabilities.

Custom Scanning Workflows

Deep Website Assessment

# Comprehensive scan of entire site
./uniscan.pl -u http://target.com -w -d -r -o comprehensive_scan.html

# Multi-level vulnerability assessment
./uniscan.pl -u http://target.com/admin -w -d
./uniscan.pl -u http://target.com/user -w -d
./uniscan.pl -u http://target.com/api -w -d

Batch Scanning Multiple Targets

#!/bin/bash
# Create targets.txt with one URL per line
for url in $(cat targets.txt); do
  ./uniscan.pl -u "$url" -w -r -o report_$(echo $url | md5sum | cut -d' ' -f1).html
done

Parameter Enumeration

# Scan with parameter discovery
./uniscan.pl -u http://target.com -w -d

# Test specific parameters
./uniscan.pl -u "http://target.com/page.php?id=1&cat=tech&user=admin" -w -d

Advanced Configuration

Timeout and Performance Tuning

# Increase timeout for slow servers
./uniscan.pl -u http://target.com -w -t 30

# Faster scan with shorter timeout
./uniscan.pl -u http://target.com -w -t 5

User-Agent Spoofing

# Scan with Firefox user agent
./uniscan.pl -u http://target.com -w -a "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit"

# Chrome user agent
./uniscan.pl -u http://target.com -w -a "Mozilla/5.0 (X11; Linux x86_64) Chrome/91.0"

# Mobile user agent
./uniscan.pl -u http://target.com -w -a "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0)"

Vulnerability Assessment Examples

E-Commerce Site Scan

# Scan online store for payment vulnerabilities
./uniscan.pl -u http://shop.example.com -w -d -r -o ecommerce_scan.html

# Check checkout process
./uniscan.pl -u http://shop.example.com/cart -w -d
./uniscan.pl -u http://shop.example.com/checkout -w -d

API Security Testing

# Test REST API endpoints
./uniscan.pl -u http://api.example.com/v1/ -w -d

# Authentication bypass attempts
./uniscan.pl -u http://api.example.com/v1/users -w -d

Content Management System Assessment

# CMS vulnerability scan
./uniscan.pl -u http://cms.example.com -w -d -r

# Plugin and theme checking
./uniscan.pl -u http://cms.example.com -w

Best Practices

Authorization and Scope

# Define scanning scope clearly
# Only scan URLs explicitly approved in scope
./uniscan.pl -u http://target.com/app -w

# Avoid scanning third-party services
# Example: Don't scan /api/external-service endpoints

Performance Optimization

# Use static mode for initial reconnaissance
./uniscan.pl -u http://target.com -s

# Follow up with dynamic mode on specific areas
./uniscan.pl -u http://target.com/vulnerable-area -d

Reporting and Documentation

# Generate timestamped reports for compliance
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
./uniscan.pl -u http://target.com -w -r -o "report_${TIMESTAMP}.html"

# Save configuration for audit trail
echo "Scan parameters: URL=http://target.com Mode=wild" >> scan_log.txt

Interpreting Results

Vulnerability Severity Levels

Level	Meaning	Action
Critical	Immediate exploitation possible	Fix immediately
High	Severe impact if exploited	Priority fix
Medium	Moderate security risk	Schedule fix
Low	Minimal impact	Document and monitor
Info	Informational finding	Review for context

Common False Positives

Uniscan may flag legitimate security features as vulnerabilities. Review findings carefully:

Security headers may appear as “missing” when intentionally configured
WAF (Web Application Firewall) blocks may be flagged as anomalies
Custom error handling may be detected as information disclosure

Troubleshooting

Scan Timeouts

# Increase timeout for unresponsive servers
./uniscan.pl -u http://slow-target.com -w -t 60

# Check network connectivity first
ping target.com
curl -I http://target.com

SSL/TLS Issues

# If HTTPS scan fails, verify certificate
openssl s_client -connect target.com:443

# Retry HTTPS scan
./uniscan.pl -u https://target.com -w

Insufficient Permissions

# Ensure proper permissions for output files
chmod 755 uniscan.pl
mkdir -p ./reports
chmod 755 ./reports

# Run with appropriate user privileges
./uniscan.pl -u http://target.com -w -o ./reports/scan.html

Integration with Other Tools

Workflow with Nmap

# Identify web services with Nmap first
nmap -p 80,443 target.com

# Then run Uniscan on discovered services
./uniscan.pl -u http://target.com -w
./uniscan.pl -u https://target.com -w

Chaining with Metasploit

# Uniscan identifies vulnerabilities
./uniscan.pl -u http://target.com -w -r -o uniscan_findings.html

# Import findings into Metasploit for exploitation
msfconsole -x "db_import uniscan_findings.html"

Legal and Ethical Considerations

Always obtain written authorization before conducting vulnerability assessments. Unauthorized security testing is illegal in most jurisdictions. Maintain proper documentation of:

Written authorization/scope
Testing dates and times
Vulnerabilities discovered
Remediation recommendations
Test environment details

Uniscan should only be used in authorized security testing scenarios with proper safeguards and documentation.