紫光Uniscan包装说明

紫光Uniscan是一个简单的远程文件包含,本地文件包含和远程命令执行漏洞扫描。 资料来源:http://sourceforge.net/projects/uniscan/

紫光Uniscan首页 | 卡利紫光Uniscan回购

  • 作者:道格拉斯Poerschke罗查

  • 许可:GPLv3的

    0x01 包含在紫光Uniscan包工具

    紫光Uniscan - LFI,RFI和RCE漏洞扫描器

    
:~# uniscan -h
####################################
# Uniscan project                  #
# http://uniscan.sourceforge.net/  #
####################################
V. 6.2
OPTIONS:
  -h  help
  -u  <url> example: https://www.example.com/
  -f  <file> list of url's
  -b  Uniscan go to background
  -q  Enable Directory checks
  -w  Enable File checks
  -e  Enable robots.txt and sitemap.xml check
  -d  Enable Dynamic checks
  -s  Enable Static checks
  -r  Enable Stress checks
  -i  <dork> Bing search
  -o  <dork> Google search
  -g  Web fingerprint
  -j  Server fingerprint
usage:
[1] perl ./uniscan.pl -u http://www.example.com/ -qweds
[2] perl ./uniscan.pl -f sites.txt -bqweds
[3] perl ./uniscan.pl -i uniscan
[4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx"
[5] perl ./uniscan.pl -o "inurl:test"
[6] perl ./uniscan.pl -u https://www.example.com/ -r

    0x02 紫光Uniscan贵 - LFI,RFI和RCE漏洞扫描(GUI)

    一个简单的远程文件包含,本地文件包含和远程命令执行漏洞扫描。

    0x03 紫光Uniscan用法示例

    扫描指定的 URL(-u http://192.168.1.202/) 的漏洞,使目录和动态 检查(-qd): 


 :~# uniscan -u http://192.168.1.202/ -qd
####################################
# Uniscan project                  #
# http://uniscan.sourceforge.net/  #
####################################
V. 6.2
Scan date: 16-5-2014 16:29:48
===================================================================================================
| Domain: http://192.168.1.202/
| Server: Apache/2.2.22 (Debian)
| IP: 192.168.1.202
===================================================================================================
|
| Directory check:
| [+] CODE: 200 URL: http://192.168.1.202/joomla/
| [+] CODE: 200 URL: http://192.168.1.202/wordpress/
===================================================================================================
|
| Crawler Started:
| Plugin name: FCKeditor upload test v.1 Loaded.
| Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
| Plugin name: phpinfo() Disclosure v.1 Loaded.
| Plugin name: E-mail Detection v.1.1 Loaded.
| Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
| Plugin name: Code Disclosure v.1.1 Loaded.
| Plugin name: Upload Form Detect v.1.1 Loaded.
| Plugin name: External Host Detect v.1.2 Loaded.
| [+] Crawling finished, 27 URL's found!

0x04 紫光Uniscan贵用法示例


 :~# uniscan-gui

紫光Uniscan

原文来自:https://www.hackfun.org/kali-tools/uniscan_zh.html。转载请注明原出处,商用请联系原作者授权。

results matching ""

    No results matching ""