Scan website vulnerabilities with UNIscan - kali linux


UNISCAN a popular linux based tool for scanning vulnerabilities in website or web application running on server. Security Pentesters have found it very useful for different type of enumeration such as for collecting information about the web application and server and also to find vulnerabilities in the web application.

uniscan is a Perl based tool and is easy to use and which comes preloaded with Kali Linux but you can also run this Perl script on other linux platforms too and you can download it from here.

Get Started 

Now to start this tool in Kali Linux you can simply type the command for its options in the terminal of Kali Linux.

This command will give you its all the option,s which you can use to pentest and scan the website security.


You can use the listed options to penetrate the website security which are following.
    -h     help
    -u     <url> example:
    -f     <file> list of url's
    -b     Uniscan go to background
    -q     Enable Directory checks
    -w     Enable File checks
    -e     Enable robots.txt and sitemap.xml check
    -d     Enable Dynamic checks
    -s     Enable Static checks
    -r     Enable Stress checks
    -i     <dork> Bing search
    -o     <dork> Google search
    -g     Web fingerprint
    -j     Server fingerprint

To use uniscan , type " uniscan " in the terminal <space> after name of the command such as for pointing to the website domain name we will use " -u " after <space> and the domain name with <space> and other commands such as -w , -q -s -r , etc like in the below example. -u -q-w-e-d-s

Or to make it easy for you , you can also type in this way as stated below.

uniscan -u -qweds

From which we have commanded it to perform the following tasks.

  • -q   for brute forcing and checking the directories / folders
  • -w  for listing the working files or for checking the files
  • -e   for checking files stated in robots.txt or site.xml
  • -d   for dynamics checks
  • -s   for static checks

From this we can also find the details of a server by using the below command. -i "ip:"

Before scanning you can simply change the ip address with your targeted server.

Moreover if you have more than one website or servers you can also perform a mass security scan by providing uniscan list of the website,s in a text file and by commanding -f after <space> and file name , example :- -f sites.txt -bqweds

 Also you can use Google dork with uniscan in this way you can scan the websites in mass and in series such as if a website have subdomains and you are looking forward to scan the sub-domains of the website we know that to find sub-domains using google dork we use " " and we can combine it with uniscan by using -o command like in the below example. -o "site:test"

Hope you learned much from this tutorial , dont forget to connect to our facebook fan page and also dont forget to share , because sharing is caring.

Visitors are strictly tend to follow the terms and conditions and The content provided on this page is the authority of Security Fuse and the content provided is only for educational purpose. Security Fuse is not responsible for any of the act caused by viewers after reading the content from * our aim is to provide a quality information on Cyber Security and exploitation and the knowledge is only for peace and educational purpose.
Share on Google Plus

About Ahmed Mehtab

Ahmed Mehtab is a white hat cyber security researcher , speaker , trainer and blogger at security fuse. He loves to research on cyber security issues , cyber crime and hacktivism. Quote " Being a hacker without having knowledge of programming is just like a knife without sharpness ~ Ahmed Mehtab "


  1. Great information regarding tool hope you will cover all steps of pentesting

  2. this awesome @Ahmed Mehtab u are amazing thx for ur help


Hi , Please take a minute to say somthing about this post