kali工具箱

紫光Uniscan包装说明

紫光Uniscan是一个简单的远程文件包含，本地文件包含和远程命令执行漏洞扫描。

资料来源：http://sourceforge.net/projects/uniscan/
紫光Uniscan首页 | 卡利紫光Uniscan回购

作者：道格拉斯Poerschke罗查
许可：GPLv3的

包含在紫光Uniscan包工具

紫光Uniscan - LFI，RFI和RCE漏洞扫描器

[email protected]:~# uniscan -h

####################################

# Uniscan project                  #

# http://uniscan.sourceforge.net/  #

####################################

V. 6.2





OPTIONS:

    -h  help

    -u  <url> example: https://www.example.com/

    -f  <file> list of url's

    -b  Uniscan go to background

    -q  Enable Directory checks

    -w  Enable File checks

    -e  Enable robots.txt and sitemap.xml check

    -d  Enable Dynamic checks

    -s  Enable Static checks

    -r  Enable Stress checks

    -i  <dork> Bing search

    -o  <dork> Google search

    -g  Web fingerprint

    -j  Server fingerprint



usage:

[1] perl ./uniscan.pl -u http://www.example.com/ -qweds

[2] perl ./uniscan.pl -f sites.txt -bqweds

[3] perl ./uniscan.pl -i uniscan

[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"

[5] perl ./uniscan.pl -o "inurl:test"

[6] perl ./uniscan.pl -u https://www.example.com/ -r

紫光Uniscan贵 - LFI，RFI和RCE漏洞扫描（GUI）

一个简单的远程文件包含，本地文件包含和远程命令执行漏洞扫描。

紫光Uniscan用法示例

扫描指定的URL（-u http://192.168.1.202/）的漏洞，使目录和动态检查（-qd）：

[email protected]:~# uniscan -u http://192.168.1.202/ -qd

####################################

# Uniscan project                  #

# http://uniscan.sourceforge.net/  #

####################################

V. 6.2





Scan date: 16-5-2014 16:29:48

===================================================================================================

| Domain: http://192.168.1.202/

| Server: Apache/2.2.22 (Debian)

| IP: 192.168.1.202

===================================================================================================

|

| Directory check:

| [+] CODE: 200 URL: http://192.168.1.202/joomla/

| [+] CODE: 200 URL: http://192.168.1.202/wordpress/

===================================================================================================

|

| Crawler Started:

| Plugin name: FCKeditor upload test v.1 Loaded.

| Plugin name: Web Backdoor Disclosure v.1.1 Loaded.

| Plugin name: phpinfo() Disclosure v.1 Loaded.

| Plugin name: E-mail Detection v.1.1 Loaded.

| Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.

| Plugin name: Code Disclosure v.1.1 Loaded.

| Plugin name: Upload Form Detect v.1.1 Loaded.

| Plugin name: External Host Detect v.1.2 Loaded.

| [+] Crawling finished, 27 URL's found!

紫光Uniscan贵用法示例

[email protected]:~# uniscan-gui