Hello i am back with a new tutorial how to scan website for the bugs and vulnerability using BackTrack's uniscan tool. And as we all know that backtrack is specially designed for the security researchers so there are many tools pre installed in the backtrack like sqlmap, uniscan and all. To accomplish this you need backtrack operating system you can get Backtrack5 R3 from here. And you can also use Kali Linux 
Now make sure you have opened Backtrack operating system and now just open the terminal and write the bellow code in the terminal and hit okay!
Now you can see the bellow snapshot there are few options are given.
Now we have are going to use the bellow command and make sure you have the website link
And your websites URL should be end with the forward slash and now just hit enter and then the process will start
Now as you can see we got the IP address and the server of the website and wait we will get many more information
Directory Check: Directory check will check the directories of the website and it will list the directories of the website as shown in the bellow snapshot.
File check : Now as the name says it will check the files which are hosted in the website. Now make sure you have opened Backtrack operating system and now just open the terminal and write the bellow code in the terminal and hit okay!
Kod:
cd /pentest/web/uniscan && ./uniscan.plNow you can see the bellow snapshot there are few options are given.
Now we have are going to use the bellow command and make sure you have the website link
And your websites URL should be end with the forward slash and now just hit enter and then the process will start
Now as you can see we got the IP address and the server of the website
and wait we will get many more information Directory Check: Directory check will check the directories of the website and it will list the directories of the website as shown in the bellow snapshot.
Now crawler is started it will grab all the email address and externals hosts and all the information
Emails :
External Host:
Web backdoors:
File upload forums :
Now let me tell you that using this tool we can scan the websites for many more vulnerability like sql-i, XSS, remote code execution and many more and you can make few bucks by participating in the bug bounty program
Check out: How i got 100$ from Google bugbounty program
Now you can see in the above snapshot the list of the bugs it will find
Check out: The list of the bug bounty program !
Now as shown in the above we the website is vulnerable to the blind sqli.
Mission accomplished we have found the bug. if you have any question about this then make a comment Now if you want to get the list of the sites hosted on the same server then simply add this command, just replace the ip address with the servers ip address. and the list of the websites will be stored in the same directory with the name sites.txt
Kod:
./uniscan.pl -i "ip:127.0.0.1"
Kod:
./uniscan.pl -f sites.txt bqwd
