Breaking News
Loading...
Saturday, May 31, 2014

Scan a Website for bugs using Kali Linux Tutorial

6:29 AM

Scan a Website for bugs using Kali Linux Tutorial

Posted by Hafeez Feeze on Nov 13, 2013 2

Hello i am back with a new tutorial how to scan website for the bugs and vulnerability using BackTrack's uniscan tool. And as we all know that backtrack is specially designed for the security researchers so there are many tools pre installed in the backtrack like sqlmap, uniscan and all.

 Follow the simple steps to find the vulnerability in any website !
Now make sure you have opened Backtrack operating system and now just open the terminal and write the bellow code in the terminal and hit okay!
cd /pentest/web/uniscan && ./uniscan.pl
Now you can see the bellow snapshot there are few options are given.
how to find vulnerability in website
Now we have are going to use the bellow command and make sure you have the website link :)


./uniscan.pl -u http://www.website.com/ –bqdw
And your website’s URL should be end with the forward slash  and now just hit enter and then the process will start :)
how to find vulnerability
Now as you can see we got the IP address and the server of the website :) and wait we will get many more information :)

Directory Check: Directory check will check the directories of the website and it will list the directories of the website as shown in the bellow snapshot.
How to scan a website for bugs using backtrackFile check : Now as the name says it will check the files which are hosted in the website.
How to scan a website for bugs using backtrack
Now crawler is started it will grab all the email address and externals hosts and all the information
 How to scan a website for bugs using backtrack
Emails :
How to scan a website for bugs using backtrack
External Host:
How to scan a website for bugs using backtrack
Web backdoors:
How to scan a website for bugs using backtrack
File upload forums :
How to scan a website for bugs using backtrack
Now let me tell you that using this tool we can scan the websites for many more vulnerability like sql-i, XSS, remote code execution and many more and you can make few bucks by participating in the bug bounty program :)

Check out: How i got 100$ from Google bugbounty program
How to scan a website for bugs using backtrack
Now you can see in the above snapshot the list of the bugs it will find :)
Check out: The list of the bug bounty program !
How to scan a website for bugs using backtrack
Now as shown in the above we the website is vulnerable to the blind sqli. :D Mission accomplished :) we have found the bug. if you have any question about this then make a comment :)

Now if you want to get the list of the sites hosted on the same server then simply add this command, just replace the ip address with the server’s ip address. and the list of the websites will be stored in the same directory with the name “sites.txt”
./uniscan.pl -i "ip:127.0.0.1"
and then if you want to scan the list of the website then simply run this command
./uniscan.pl -f sites.txt –bqwd
Now you have done ! :)  I hope you have enjoyed this tutorial :)

0 comments:

Post a Comment

 
Toggle Footer