A MarketPlace of Ideas

How to find website vulnerabilities with Uniscan

Published by Fudgy McFarlen on May 20, 2017May 20, 2017

Show Transcript…
 

. Kix that your book hunting career with book crowd book crowd is the largest security research community in the world and it helps companies such as Tesla simple Western Union Spotify and many more with cybersecurity paying anywhere from a simple thank you to 15,000 begin your book hunting career at bugcrowd comm slash track tutorials hey guys welcome back to a new video tutorial today we're going to be taking a look at the tool built into color linux 2.0 called eunice can now eunice can is a web vulnerability scanner some of you may have heard of it some of it some of you may not have but that's okay because either way you're going to learn something today now like said um comes built into color i'm using color next 2016 point one it has one of a terminal version and a GUI version so you can use whichever one you're more comfortable with and yeah it's a very powerful tool is very simple to use which makes it so good you know it's easy to use and is also very rewarding so let's just open up a terminal here and if you type in uni scam you can see that we get the help file now the help file contains all the different parameters you can use all the options we are running version 6.3 and you can download you scan if you don't have it from sourceforge.net and it is written in perl so we are going to be looking at some of these options today so i'll just go through quickly what you can do with eunice cancer you can enable Derrick's checks you can enable file tricks you can enable robots dot txt and sitemap.xml checks you can enable dynamic checks and static checks and stress tests you also have the ability to do Bing and Google searches for dogs however the Google one doesn't seem to be working very well because Google blocks a lot of automated search queries however being does not we also have web fingerprint and server fingerprinting and down here you've got a couple of examples on how you can use uni scan so I'm going to be basically doing these today showing you what and you can do so I'll also show you what the GUI looks like you just do unit scan – GUI for that and you'll get this very simplistic and GUI but if you want to use that you can do is you know perfectly as personal preference I will use both and just because well I'll use both just for one specific check just so you guys can see what it looks like so let's just go ahead and do unit scan again and so what we need to do is we need to first of all whenever you're going to prepare a unit scan a scan you need to do – you and then you just want to put in the URL of the website so let's just do check tutorials comm I'm pretty sure there's nothing too bad that's going to come up here so you can see that we just did a quick scan of it and you get the server so you can see we're running CloudFlare you also get the IP address so now you can add a bunch of parameters to this and you can actually you know you might want to run a direct check and a file check you can just easily do that you can see here under usage – you can string together parameters into one parameter themselves so if I'm just going to copy this out pure laziness but basically this is going to run it's going to enable units going to go back into the background so we will just leave that blank and for now so we're just going to be using QW EDS so we are going to be doing a direct Rick a file check the robots dot txt and sitemap.xml check that looks we're also going to do in a dynamic check and a static check so let's just go ahead and run that so what we'll do is do units can ever jet tutorials and we'll paste in this and still is basic see what's going on and hit enter and you can see that it's going to run through it also has some built-in plugins such as upload form detection email detection PHP info disclosure and many more like that so I'm going to leave that running for a little bit just because it might take a while to return and some of the information so I'll be back in just a second so you can see the report has been saved in this location here now it doesn't actually take long to complete it all you can see we've got some stuff here most of stuff has come up as you know no because and I guess jet tutorials is pretty secure so call me another if you do find a bug feel free to report it to me so if it may come your way anyway let's go ahead and look at that report file so it seems a report files in HTML files it's a very nice a very professional looking reports oh you can use this file I don't know real-life pen tested if you were to do such a thing so just go ahead and click on other locations and then go to computer and then just type in user and then go to share and inside of share there should be a folder called Eunice camp and in here there will be a folder called report and you will have let's just delete these because you don't need them and I don't need that one either and also delete this one these are all the old ones and we will do need to delete this one Mabel it down and mmm yeah we can do that one as well okay so just open up the go the jet tutorials comm HTML report and this is what you're going to get you shows everything in its own section so you've got scan time the target crawling so that includes your things like emails and stuff like that that it finds dynamic tests static tests and scan time so that gives you a basic understanding on how in you know scan looks at websites now I've mentioned that you can do multiple parameters at once so that's always good like said using this at the end of it is multiple parameters so you can add as many as you want onto there alternatively you can just do do the ego I mean you can do that but it's just easier to tie them all up into one single parameter so let's just do that same scan again but we'll use the units can GUI so I'll show you what that looks like let's do you scan GUI and we will paste in well we will try and paste in HTTP do it up check tutorials calm and we can just check what we want to do so let's just check everything and press stat scam so you can see that you just get terminal here and I'm just going to leave that running as well so that's going to take a little bit too long then what I wanted it to take so you get the idea it will save the same report in this HTML file it'll look exactly the same apart from using GUI mode with a nice little turnbull in it so just imagine this this is what it is in a fashion anyway let's move on so let's talk about being in Google dogs so this is two units getting it now I can said and the Google one doesn't work because it can detect automatic queries so for example if I do you lease camp – oh and then do I'll explain what this is in the military right in URL index dot PHP ID equals it's going to return to your websites and if it doesn't then I get surprise for me see what it returns it should be zero if not then there's a reason for that and I can explain it as well so yeah will be an idea if actually like put in quotes and so you can see that it returns zero sites and the reason why is because Google can filter automated search requests now if I change this to Bing is going to work fine so let's just talk about what dog is and so doc is a specific search term so if we just go actually we'll just do this in color why do I always need to go to my Windows machine let's stay in color so I just got iceweasel here and I'll head over to Google so you just work and go but basically this is a search term so I can put in in URLs so that means to look inside of the URL for index dot PHP ID equals HC that's returned to a bunch of websites but these websites and return because of their content you know the title or the header text or all like that is returned specifically based on their URL now we've obviously I've done a SQL injection video and you can see that this link here these are the kind of things you are looking for if you're going to be doing a post based or a get based SQL injection these are commonly the get missing SQL injection so I can obviously go on this website and I can go ahead and I don't know I've just come onto here but I can just do this and we can see if the website is SQL vulnerable or not which hopefully is not so yeah you can see that it seems to be okay so that is what the docs are now you can you know these returns pages and pages of results or you can just use unit scan which will generate generate them fires so let's just do Eunice camp and we are going to have to use Bing because Google doesn't work so – I and we'll just put open speech right here piston that thing that we did before hit enter X it's going to do a Bing search for in URL index dot PHP ID equals now there is a little bit of a downside to this and I'll show you all those in a minute and you can see that we've returned 477 sites and let's save insights dot txt which is inside that bar folder so let's just go head up one folder to the eunice gun folder and it's going to be insights dot txt so you can see we've got 477 sites here now the issue is that it doesn't return it you know with the index dot PHP ID equals it doesn't return that it just returns the actual URL but that's fine there's nothing to really worry about but then and that's kind of ironic hacking skills anyway then you can actually load this file into into units can and you can roam ability scan all these different websites so I can go ahead into units can dash F size dot txt and then put a bunch of parameters on the end of it so let's just do a simple directory check on all of these websites dash Q hit enter and is going to work its way through all of them sites that were in size dot txt so this is going to take a while to do you can see this actually found an admin folder on this first web site and so yeah that's going to take a while to do so we'll just leave that for now ctrl C so you can see that's basically it will have to work its way through 477 website starting from the very top so that was book server and then it's going to go to this one this one this one and that'll save it in their individual reports inside of the reports folder so the final thing I want to show you today ladies and gentlemen I'll probably Millie gentlemen but if you are related that that is awesome and we're going to do you can basically search IP addresses this is using the same google doc method but you can search for IP addresses and they return a list of websites that are also associated with that IP address so for example I'm going to choose one on one you care because it's one-on-one calm because we know that that is a web hosting company so there is a good chance they will have different IP addresses a different websites associated with that same IP address so let's just search one on one and what we want to do is just get the IP address of this which is nice and easy because I can just go ahead in two units can do – you piss in that and I can get the IP address so what we can do them is copy the IP address and we can do units cam – I for blog not blog be easy I I believe it's I Stella look – oh no – I yes – i you can do units can – I I P : and then pierced in the IP address and that's going to return the number of sites that are associated with that site next to it because I returned one website and let's just go ahead and rerun that again so actually doesn't append it it just changes it you can see that the only website associated at HTTP which is interesting I did not expect that result let's just make sure I've got the string right let's go up here and yeah it looks like it's right to me so yeah that's a bad example that's just it's a bad example let's get all the web sites associated with a different IP address so decide to use the IP address that jet tutorials came up once let's have a look at what we've got in there and see we've got lots of different web sites here and then I was like we can go ahead and do Eunice can on that so that is a basic guide on how to use units can hopefully you'll have some fun with it you can do all kinds of stuff in it and you basically can generate some nice reports and also it can be used for finding potential memorable websites so remember to report your findings if you do find anything to the respected every respect – that's not the right word alright good bye we put your findings to the person the webmaster basically so they can fix it so that is the end of this video tutorial please like comment and subscribe if you enjoyed it if you have not already and feel free to follow me on Twitter days at Jack 157 also follow me on Twitch days at check one three three seven as well and also like me on Facebook those track tutorials and don't forget to tune in for next video and I said that this video was going through the veil evasion one but veil evasion and Callanetics above plane up and they're not working properly but hopefully the Creator will have that fixed soon for me to do that video but for now I haven't got really much else to say so Figaro much for watching like I said before and I'll see you again in the next one

Categories: ComputingHacking

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Categories
DashBoard
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
  • About
  • Book List
  • Brazil
  • China
  • Courses
  • Daily Reads
  • Design Tools
  • Disassembly
  • Ebay
  • Food
  • Informatics
  • Investing
  • Jobs
  • Languages
  • Library
  • Literature
  • Math-Science
  • Music
  • Open Hardware
  • Portals
  • Projects
  • Real Estate
  • RF-Wireless
  • The Freemon Sandlewould Show
  • Tools
  • USA HeadQuarters Research
  • Video
  • Weather
  • References
  • BookMarks
Hestia | Developed by ThemeIsle