> > > >


Uniscan web scanner
zee eichel Offline
IBTeam Server Sysadmn
269 - 2,291
#1
08-31-2011, 10:09 PM
hmmmm.. salah satu tools yang dapat kita pergunakan dalam menguji sistem keamanan khusus web aplication heheheh .. tools ini dapat memeriksa beberapa jenis web attack seperti RFI, LFI dan SQL Injection.

ok nama toolsnya sudah ane taro di judul atas ... lanjut bro ..

pertama-tama download dulu ya toolsnya pada saat thread ini ditulis uniscan telah mencapai versi 4.1

Code:
wget http://nchc.dl.sourceforge.net/project/uniscan/4.1/uniscan.tar

nah klo udah extract waee
Code:
tar xvwf uniscan.tar

chmod biar bisa di esekusi

Code:
root@zee-eichel{/pentest/zee}:cd uniscan-code/
./   CHANGES.txt  Directory  LFI  RFI       uniscan.conf
../  c.txt        Files      RCE  Uniscan/  uniscan.pl*
root@zee-eichel{/pentest/zee/uniscan-code}:chmod +x uniscan.pl

ya udah coba di esekusi .. klo keluar tampilan error itu karena dia membutuhkan beberapa resource lib

Code:
apt-get install libmoose-perl

selow down bro ... ok kita lanjut ..

Code:
root@zee-eichel{/pentest/zee/uniscan-code}:perl uniscan.pl
###############################
# Uniscan project             #
# http://www.uniscan.com.br/  #
###############################
V. 4.1


OPTIONS:
    -h     help
    -u     <url> example: https://www.example.com/
    -f     <file> list of url's
    -b     Uniscan go to background
    -q     Disable Directory checks
    -w     Disable File checks
    -e     Disable Backup file checks
    -r     Disable RFI checks by Crawler
    -t     Disable LFI checks by Crawler
    -y     Disable RCE checks by Crawler
    -i     Disable SQL checks by Crawler
    -o     Disable XSS checks by Crawler
    -p     Disable static RFI checks
    -a     Disable static LFI checks
    -s     Disable static RCE checks
    -d     Disable /robots.txt check
    -g     Disable PUT method check
    -j     Not show e-mails found by Crawler

    Option -u or -f is required, all others no.

usage:
[1] perl uniscan.pl -u http://www.example.com/
[2] perl uniscan.pl -f /home/user/file.txt -b
[3] perl uniscan.pl -u https://www.example.com/

lihat usagenya bro Tongue terus di coba aja .... ane dah coba and its works Tongue




FOLLOW @DutaLinux
for more question and sharing about security and Opensource only
www.dutalinux.org
 
Website Find
Reply

iKONspirasi Offline
Sysadmin
56 - 2,544
#2
08-31-2011, 10:15 PM
wah wah wah, ga ada habisnya nih, ngikutin aja capek ane bro wkwkwk suram...

buat testing website kantor aah :ngacir
I'm @ikonspirasi - Facebook
Personal blog: http://ikonspirasi.net
 
Website Find
Reply

koecroet Offline
<<-- yang punya naga
44 - 808
#3
09-01-2011, 07:10 AM
ea, om zee lagi bae banget nih ngeshare toolsnya Big Grin
[shcode=This_site_xss-ed]
 
Website Find
Reply

sasaka Offline
Banned moderator
5 - 49
#4
09-01-2011, 12:04 PM
perasaan kalo ane di markas, om zee ga pernah bahas ginian Huh Huh ,,,hehehehe
lumayan buat scan web Big Grin :apn:
 
Find
Reply

Minbar Offline
Advance
4 - 110
#5
09-08-2011, 04:59 PM
Ijin dicoba dulu om zhee,
btw itu pas ane ektrak .tarnya itu ektrak filenya satu per satu, kalau biar langsung ektrak semuanya sekaligus gimana ya om?
[Image: dragonanimated_664194.gif]
 
Find
Reply

cassaprodigy Offline
Coder
76 - 1,101
#6
09-08-2011, 07:10 PM
lha perintah tar zxvf itu sudah sekaligus kok om
 
Find
Reply

Minbar Offline
Advance
4 - 110
#7
09-13-2011, 07:43 AM
iya om, kudu ketik enter terus2an baru bisa di ektrak semuanya Sad
Btw, lama banget ya nungguinnya :hammer: saking banyaknya yg kudu discan, btw, boleh liat contoh hasilnya ga ya? ane dah coba 1 website tapi hasilnya nihil
[Image: dragonanimated_664194.gif]
 
Find
Reply

Junior Riau Offline
http://www.juniorriau.com
95 - 2,063
#8
10-06-2011, 02:49 PM
Quote:| [*] Checking: http://www.****.id/aw-cgi/
| [*] Checking: http://www.****.id/awk/
| [+] CODE: 200 URL: http://www.****.id/icons/
| [+] CODE: 200 URL: http://www.****.id/images/
| [+] CODE: 200 URL: http://www.****.id/include/
| [+] CODE: 200 URL: http://www.****.id/jquery/
| [+] CODE: 200 URL: http://www.****.id/phpmyadmin/
| [+] CODE: 200 URL: http://www.****.id/register/
| [+] CODE: 401 URL: http://www.****.id/stats/
| [+] CODE: 200 URL: http://www.****.id/user/

maksud yang ini apaan kak ===>>> | [+] CODE: 401 URL: http://www.****.id/stats/
yang ini paan maksudnya ??
Quote:| Check robots.txt:
| [+] *
| [+] /stats/
| Crawler Started:
| [+] Crawling finished, 58 URL's found!
|
| [+] E-mail Found: [email protected] 1x times
| [+] E-mail Found: [email protected] 1x times
blaaaaa.....blaaa....

| Check if PUT method is enabled:
| Checking for backup files:
| RFI tests:
Unmatched ) in regex; marked by <-- HERE in m/urlParts.path==baseUrlParts.path) <-- HERE return/ at Uniscan/Scan.pm line 785.
terus setelah ini mesti napain?
Junior IBTeam - official site
gained facebook account
(This post was last modified: 10-06-2011, 03:04 PM by Junior Riau.)  
Find
Reply

ali3nd Offline

0 - 7
#9
10-06-2011, 05:44 PM
ijin nyobak kk
 
Find
Reply

cassaprodigy Offline
Coder
76 - 1,101
#10
10-06-2011, 06:22 PM
error 401 berarti file atau folder tersebut di set permissionnya tidak untuk public

check robot.txt.. uniscan memang gitu ,.., tapi lom tentu robot.txt ada di situs target
 
Find
Reply






Users browsing this thread: 1 Guest(s)