Uniscan
Overview
Uniscan is a remote web application vulnerability scanner that performs comprehensive security assessments on web applications. It identifies common vulnerabilities including Remote File Inclusion (RFI), Local File Inclusion (LFI), Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), WordPress misconfigurations, and other web-based security issues. Uniscan is useful for security professionals conducting authorized penetration tests and vulnerability assessments.
Note: Use Uniscan only on systems you own or have explicit permission to test.
Installation
Linux Installation
# Install dependencies
sudo apt-get update
sudo apt-get install perl libwww-perl libjson-perl libnet-ssleay-perl
# Clone from repository
git clone https://github.com/ithmilwa/uniscan.git
cd uniscan
# Make executable
chmod +x uniscan.pl
# Run directly
./uniscan.pl -hAlternative: From Source
# Install via package manager (if available)
sudo apt-get install uniscan
# Or download precompiled binary
wget https://github.com/themilwaug/uniscan/releases/download/latest/uniscan
chmod +x uniscanBasic Usage
| Command | Description |
|---|---|
uniscan.pl -u http://target.com -w | Scan website in wild mode (aggressive) |
uniscan.pl -u http://target.com -s | Static mode - scan without network requests |
uniscan.pl -u http://target.com -d | Dynamic mode - active vulnerability testing |
uniscan.pl -u http://target.com -r | Report generation |
uniscan.pl -u http://target.com -h | Display help information |
Common Scanning Modes
Basic Website Scan
# Simple wild mode scan (most common)
./uniscan.pl -u http://target.com -w
# Scan with custom port
./uniscan.pl -u http://target.com:8080 -w
# HTTPS scan
./uniscan.pl -u https://target.com -wSpecific Vulnerability Checks
# RFI (Remote File Inclusion) scan
./uniscan.pl -u http://target.com -w -r
# LFI (Local File Inclusion) detection
./uniscan.pl -u http://target.com -d
# XSS (Cross-Site Scripting) testing
./uniscan.pl -u http://target.com -w
# SQL Injection assessment
./uniscan.pl -u http://target.com -dAdvanced Scanning Options
# Scan with custom user agent
./uniscan.pl -u http://target.com -w -a "Mozilla/5.0 (Custom)"
# Static analysis without active testing
./uniscan.pl -u http://target.com -s
# Report generation in HTML format
./uniscan.pl -u http://target.com -w -r > report.html
# Verbose output for detailed information
./uniscan.pl -u http://target.com -w -vScanning Parameters
| Parameter | Description |
|---|---|
-u | Target URL (required) |
-w | Wild mode (extensive scanning) |
-s | Static mode (passive analysis only) |
-d | Dynamic mode (active vulnerability testing) |
-r | Generate HTML report |
-a | Custom User-Agent string |
-v | Verbose output |
-t | Response timeout in seconds |
-o | Output file path |
Vulnerability Types Detected
Remote File Inclusion (RFI)
# Test for RFI vulnerabilities
./uniscan.pl -u http://target.com/page.php?file= -w
# With parameter specification
./uniscan.pl -u http://target.com/index.php?id=1 -w -dUniscan will check for common RFI vectors and attempt to load remote files to verify vulnerability.
Local File Inclusion (LFI)
# LFI detection on target application
./uniscan.pl -u http://target.com -w -d
# Test specific parameters
./uniscan.pl -u http://target.com/view.php?file= -dSQL Injection Detection
# Automated SQLi scanning
./uniscan.pl -u http://target.com -w -d
# Test specific form inputs
./uniscan.pl -u http://target.com/search.php -dXSS Vulnerability Testing
# Comprehensive XSS testing
./uniscan.pl -u http://target.com -w -d
# Test all form fields for XSS
./uniscan.pl -u http://target.com/contact.php -dOutput and Reporting
HTML Report Generation
# Generate detailed HTML report
./uniscan.pl -u http://target.com -w -r -o scan_report.html
# Save results to file
./uniscan.pl -u http://target.com -w > uniscan_results.txt
# Combine with timestamp
./uniscan.pl -u http://target.com -w -o report_$(date +%Y%m%d_%H%M%S).htmlReport Structure
The generated report includes:
- Vulnerability summary
- Detailed findings with severity levels
- Affected URLs and parameters
- Remediation recommendations
- Technical details for each vulnerability
WordPress-Specific Scanning
WordPress Vulnerability Detection
# Scan WordPress installation
./uniscan.pl -u http://target.com -w
# Test for WordPress-specific issues
./uniscan.pl -u http://target.com/wordpress -w -d
# Check for plugin vulnerabilities
./uniscan.pl -u http://target.com -w -rUniscan detects WordPress misconfigurations, insecure plugins, and version-specific vulnerabilities.
Custom Scanning Workflows
Deep Website Assessment
# Comprehensive scan of entire site
./uniscan.pl -u http://target.com -w -d -r -o comprehensive_scan.html
# Multi-level vulnerability assessment
./uniscan.pl -u http://target.com/admin -w -d
./uniscan.pl -u http://target.com/user -w -d
./uniscan.pl -u http://target.com/api -w -dBatch Scanning Multiple Targets
#!/bin/bash
# Create targets.txt with one URL per line
for url in $(cat targets.txt); do
./uniscan.pl -u "$url" -w -r -o report_$(echo $url | md5sum | cut -d' ' -f1).html
doneParameter Enumeration
# Scan with parameter discovery
./uniscan.pl -u http://target.com -w -d
# Test specific parameters
./uniscan.pl -u "http://target.com/page.php?id=1&cat=tech&user=admin" -w -dAdvanced Configuration
Timeout and Performance Tuning
# Increase timeout for slow servers
./uniscan.pl -u http://target.com -w -t 30
# Faster scan with shorter timeout
./uniscan.pl -u http://target.com -w -t 5User-Agent Spoofing
# Scan with Firefox user agent
./uniscan.pl -u http://target.com -w -a "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit"
# Chrome user agent
./uniscan.pl -u http://target.com -w -a "Mozilla/5.0 (X11; Linux x86_64) Chrome/91.0"
# Mobile user agent
./uniscan.pl -u http://target.com -w -a "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0)"Vulnerability Assessment Examples
E-Commerce Site Scan
# Scan online store for payment vulnerabilities
./uniscan.pl -u http://shop.example.com -w -d -r -o ecommerce_scan.html
# Check checkout process
./uniscan.pl -u http://shop.example.com/cart -w -d
./uniscan.pl -u http://shop.example.com/checkout -w -dAPI Security Testing
# Test REST API endpoints
./uniscan.pl -u http://api.example.com/v1/ -w -d
# Authentication bypass attempts
./uniscan.pl -u http://api.example.com/v1/users -w -dContent Management System Assessment
# CMS vulnerability scan
./uniscan.pl -u http://cms.example.com -w -d -r
# Plugin and theme checking
./uniscan.pl -u http://cms.example.com -wBest Practices
Authorization and Scope
# Define scanning scope clearly
# Only scan URLs explicitly approved in scope
./uniscan.pl -u http://target.com/app -w
# Avoid scanning third-party services
# Example: Don't scan /api/external-service endpointsPerformance Optimization
# Use static mode for initial reconnaissance
./uniscan.pl -u http://target.com -s
# Follow up with dynamic mode on specific areas
./uniscan.pl -u http://target.com/vulnerable-area -dReporting and Documentation
# Generate timestamped reports for compliance
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
./uniscan.pl -u http://target.com -w -r -o "report_${TIMESTAMP}.html"
# Save configuration for audit trail
echo "Scan parameters: URL=http://target.com Mode=wild" >> scan_log.txtInterpreting Results
Vulnerability Severity Levels
| Level | Meaning | Action |
|---|---|---|
| Critical | Immediate exploitation possible | Fix immediately |
| High | Severe impact if exploited | Priority fix |
| Medium | Moderate security risk | Schedule fix |
| Low | Minimal impact | Document and monitor |
| Info | Informational finding | Review for context |
Common False Positives
Uniscan may flag legitimate security features as vulnerabilities. Review findings carefully:
- Security headers may appear as “missing” when intentionally configured
- WAF (Web Application Firewall) blocks may be flagged as anomalies
- Custom error handling may be detected as information disclosure
Troubleshooting
Scan Timeouts
# Increase timeout for unresponsive servers
./uniscan.pl -u http://slow-target.com -w -t 60
# Check network connectivity first
ping target.com
curl -I http://target.comSSL/TLS Issues
# If HTTPS scan fails, verify certificate
openssl s_client -connect target.com:443
# Retry HTTPS scan
./uniscan.pl -u https://target.com -wInsufficient Permissions
# Ensure proper permissions for output files
chmod 755 uniscan.pl
mkdir -p ./reports
chmod 755 ./reports
# Run with appropriate user privileges
./uniscan.pl -u http://target.com -w -o ./reports/scan.htmlIntegration with Other Tools
Workflow with Nmap
# Identify web services with Nmap first
nmap -p 80,443 target.com
# Then run Uniscan on discovered services
./uniscan.pl -u http://target.com -w
./uniscan.pl -u https://target.com -wChaining with Metasploit
# Uniscan identifies vulnerabilities
./uniscan.pl -u http://target.com -w -r -o uniscan_findings.html
# Import findings into Metasploit for exploitation
msfconsole -x "db_import uniscan_findings.html"Legal and Ethical Considerations
Always obtain written authorization before conducting vulnerability assessments. Unauthorized security testing is illegal in most jurisdictions. Maintain proper documentation of:
- Written authorization/scope
- Testing dates and times
- Vulnerabilities discovered
- Remediation recommendations
- Test environment details
Uniscan should only be used in authorized security testing scenarios with proper safeguards and documentation.