Audit Keamanan Website Dengan Uniscan di Kali Linux
lebakcyber.net – Audit Keamanan Website Dengan Uniscan di Kali Linux. Uniscan merupakan sebuah tools yang bisa bisa kita gunakan untuk melakukan information gathering dan juga mempermudah kita untuk melakukan proses scanning dan juga audit keamanan pada aplikasi website.
Tools Uniscan ini dibuat agar dapat menemukan sebuah celah umum pada aplikasi website seperti SQLi, RFI, LFI maupun RCE. Jika teman-teman menggunakan sistem operasi Kali Linux, maka tools Uniscan ini sudah tersedia di repository yang disediakan oleh kali Linux.
Instalasi Uniscan di Kali Linux
Untuk melakukan proses instalasi tools Uniscan caranya sangat mudah, silahkan teman-teman ikuti langkah-langkah dibawah ini untuk memulai proses instalasinya:
- Lakukan proses update dengan perintah
apt update
Selanjutnya setelah proses update repository selesai, kita lakukan proses instalasi Uniscan dengan menggunakan perintah:
apt install uniscan
Tunggu sampai proses instalasinya selesai seperti informasi dibawah ini:
┌──(root㉿kali)-[/home/kali] └─# apt install uniscan Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: libalgorithm-c3-perl libb-hooks-endofscope-perl libb-hooks-op-check-perl libclass-c3-perl libclass-c3-xs-perl libclass-load-perl libclass-load-xs-perl libclass-tiny-perl libdata-optlist-perl libdevel-callchecker-perl libdevel-caller-perl libdevel-globaldestruction-perl libdevel-lexalias-perl libdevel-overloadinfo-perl libdevel-partialdump-perl libdevel-stacktrace-perl libdist-checkconflicts-perl libdynaloader-functions-perl libeval-closure-perl libmodule-implementation-perl libmodule-runtime-conflicts-perl libmodule-runtime-perl libmoose-perl libmro-compat-perl libnamespace-clean-perl libpackage-deprecationmanager-perl libpackage-stash-perl libpackage-stash-xs-perl libpadwalker-perl libparams-classify-perl libparams-util-perl libsub-exporter-perl libsub-exporter-progressive-perl libsub-identify-perl libsub-install-perl libsub-name-perl libvariable-magic-perl Suggested packages: libscalar-number-perl The following NEW packages will be installed: libalgorithm-c3-perl libb-hooks-endofscope-perl libb-hooks-op-check-perl libclass-c3-perl libclass-c3-xs-perl libclass-load-perl libclass-load-xs-perl libclass-tiny-perl libdata-optlist-perl libdevel-callchecker-perl libdevel-caller-perl libdevel-globaldestruction-perl libdevel-lexalias-perl libdevel-overloadinfo-perl libdevel-partialdump-perl libdevel-stacktrace-perl libdist-checkconflicts-perl libdynaloader-functions-perl libeval-closure-perl libmodule-implementation-perl libmodule-runtime-conflicts-perl libmodule-runtime-perl libmoose-perl libmro-compat-perl libnamespace-clean-perl libpackage-deprecationmanager-perl libpackage-stash-perl libpackage-stash-xs-perl libpadwalker-perl libparams-classify-perl libparams-util-perl libsub-exporter-perl libsub-exporter-progressive-perl libsub-identify-perl libsub-install-perl libsub-name-perl libvariable-magic-perl uniscan 0 upgraded, 38 newly installed, 0 to remove and 0 not upgraded. Need to get 1,578 kB of archives. After this operation, 5,354 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://kali.download/kali kali-rolling/main amd64 libalgorithm-c3-perl all 0.11-2 [10.8 kB] Get:5 http://http.kali.org/kali kali-rolling/main amd64 libparams-classify-perl amd64 0.015-2+b2 [22.4 kB] Get:6 http://kali.download/kali kali-rolling/main amd64 libmodule-runtime-perl all 0.016-2 [19.6 kB] Get:8 http://kali.download/kali kali-rolling/main amd64 libsub-exporter-progressive-perl all 0.001013-3 [7,496 B] Get:9 http://http.kali.org/kali kali-rolling/main amd64 libvariable-magic-perl amd64 0.63-1+b2 [43.9 kB] Get:11 http://kali.download/kali kali-rolling/main amd64 libclass-c3-perl all 0.35-2 [21.0 kB] Get:3 http://xsrv.moratelindo.io/kali kali-rolling/main amd64 libdynaloader-functions-perl all 0.003-3 [12.7 kB] Get:4 http://http.kali.org/kali kali-rolling/main amd64 libdevel-callchecker-perl amd64 0.008-2+b1 [15.1 kB] Get:14 http://xsrv.moratelindo.io/kali kali-rolling/main amd64 libsub-install-perl all 0.929-1 [10.5 kB] Get:12 http://http.kali.org/kali kali-rolling/main amd64 libclass-c3-xs-perl amd64 0.15-1+b4 [17.5 kB] Get:19 http://xsrv.moratelindo.io/kali kali-rolling/main amd64 libclass-tiny-perl all 1.008-2 [18.6 kB] Get:21 http://http.kali.org/kali kali-rolling/main amd64 libdevel-caller-perl amd64 2.07-1+b1 [11.5 kB] Get:15 http://kali.download/kali kali-rolling/main amd64 libdata-optlist-perl all 0.114-1 [10.6 kB] Get:17 http://kali.download/kali kali-rolling/main amd64 libclass-load-perl all 0.25-2 [15.3 kB] Get:20 http://http.kali.org/kali kali-rolling/main amd64 libpadwalker-perl amd64 2.5-1+b4 [18.5 kB] Get:10 http://kali.cs.nycu.edu.tw/kali kali-rolling/main amd64 libb-hooks-endofscope-perl all 0.28-1 [17.5 kB] Get:16 http://kali.cs.nycu.edu.tw/kali kali-rolling/main amd64 libpackage-stash-perl all 0.40-1 [22.0 kB] Get:23 http://http.kali.org/kali kali-rolling/main amd64 libdevel-lexalias-perl amd64 0.05-3+b2 [8,644 B] Get:27 http://http.kali.org/kali kali-rolling/main amd64 libsub-name-perl amd64 0.27-1+b1 [12.5 kB] Get:30 http://xsrv.moratelindo.io/kali kali-rolling/main amd64 libdevel-partialdump-perl all 0.20-2 [15.6 kB] Get:31 http://xsrv.moratelindo.io/kali kali-rolling/main amd64 libdevel-stacktrace-perl all 2.0500-1 [26.4 kB] Get:22 http://kali.cs.nycu.edu.tw/kali kali-rolling/main amd64 libdevel-globaldestruction-perl all 0.14-4 [7,144 B] Get:24 http://kali.cs.nycu.edu.tw/kali kali-rolling/main amd64 libmro-compat-perl all 0.15-2 [11.8 kB] Get:25 http://kali.cs.nycu.edu.tw/kali kali-rolling/main amd64 libdevel-overloadinfo-perl all 0.007-1 [7,896 B] Get:29 http://kali.cs.nycu.edu.tw/kali kali-rolling/main amd64 libsub-exporter-perl all 0.990-1 [50.6 kB] Get:2 http://http.kali.org/kali kali-rolling/main amd64 libb-hooks-op-check-perl amd64 0.22-2+b2 [10.7 kB] Get:34 http://kali.download/kali kali-rolling/main amd64 libmodule-runtime-conflicts-perl all 0.003-2 [7,356 B] Get:7 http://mirror.primelink.net.id/kali kali-rolling/main amd64 libmodule-implementation-perl all 0.09-2 [12.6 kB] Get:13 http://http.kali.org/kali kali-rolling/main amd64 libparams-util-perl amd64 1.102-2+b2 [24.4 kB] Get:18 http://http.kali.org/kali kali-rolling/main amd64 libclass-load-xs-perl amd64 0.10-2+b2 [14.2 kB] Get:26 http://http.kali.org/kali kali-rolling/main amd64 libsub-identify-perl amd64 0.14-3+b1 [11.2 kB] Get:36 http://http.kali.org/kali kali-rolling/main amd64 libpackage-stash-xs-perl amd64 0.30-1+b2 [20.2 kB] Get:28 http://mirror.primelink.net.id/kali kali-rolling/main amd64 libnamespace-clean-perl all 0.27-2 [17.8 kB] Get:37 http://kali.cs.nycu.edu.tw/kali kali-rolling/main amd64 libmoose-perl amd64 2.2207-1 [765 kB] Get:32 http://mirror.primelink.net.id/kali kali-rolling/main amd64 libdist-checkconflicts-perl all 0.11-2 [10.5 kB] Get:33 http://mirror.primelink.net.id/kali kali-rolling/main amd64 libeval-closure-perl all 0.14-3 [11.2 kB] Get:35 http://mirror.primelink.net.id/kali kali-rolling/main amd64 libpackage-deprecationmanager-perl all 0.18-1 [17.6 kB] Get:38 http://kali.cs.nycu.edu.tw/kali kali-rolling/main amd64 uniscan all 6.3-0kali3 [220 kB] Fetched 1,578 kB in 3s (488 kB/s) Extracting templates from packages: 100% Selecting previously unselected package libalgorithm-c3-perl. (Reading database ... 423580 files and directories currently installed.) Preparing to unpack .../00-libalgorithm-c3-perl_0.11-2_all.deb ... Unpacking libalgorithm-c3-perl (0.11-2) ... Selecting previously unselected package libb-hooks-op-check-perl:amd64. Preparing to unpack .../01-libb-hooks-op-check-perl_0.22-2+b2_amd64.deb ... Unpacking libb-hooks-op-check-perl:amd64 (0.22-2+b2) ... Selecting previously unselected package libdynaloader-functions-perl. Preparing to unpack .../02-libdynaloader-functions-perl_0.003-3_all.deb ... Unpacking libdynaloader-functions-perl (0.003-3) ... Selecting previously unselected package libdevel-callchecker-perl:amd64. Preparing to unpack .../03-libdevel-callchecker-perl_0.008-2+b1_amd64.deb ... Unpacking libdevel-callchecker-perl:amd64 (0.008-2+b1) ... Selecting previously unselected package libparams-classify-perl:amd64. Preparing to unpack .../04-libparams-classify-perl_0.015-2+b2_amd64.deb ... Unpacking libparams-classify-perl:amd64 (0.015-2+b2) ... Selecting previously unselected package libmodule-runtime-perl. Preparing to unpack .../05-libmodule-runtime-perl_0.016-2_all.deb ... Unpacking libmodule-runtime-perl (0.016-2) ... Selecting previously unselected package libmodule-implementation-perl. Preparing to unpack .../06-libmodule-implementation-perl_0.09-2_all.deb ... Unpacking libmodule-implementation-perl (0.09-2) ... Selecting previously unselected package libsub-exporter-progressive-perl. Preparing to unpack .../07-libsub-exporter-progressive-perl_0.001013-3_all.deb ... Unpacking libsub-exporter-progressive-perl (0.001013-3) ... Selecting previously unselected package libvariable-magic-perl. Preparing to unpack .../08-libvariable-magic-perl_0.63-1+b2_amd64.deb ... Unpacking libvariable-magic-perl (0.63-1+b2) ... Selecting previously unselected package libb-hooks-endofscope-perl. Preparing to unpack .../09-libb-hooks-endofscope-perl_0.28-1_all.deb ... Unpacking libb-hooks-endofscope-perl (0.28-1) ... Selecting previously unselected package libclass-c3-perl. Preparing to unpack .../10-libclass-c3-perl_0.35-2_all.deb ... Unpacking libclass-c3-perl (0.35-2) ... Selecting previously unselected package libclass-c3-xs-perl. Preparing to unpack .../11-libclass-c3-xs-perl_0.15-1+b4_amd64.deb ... Unpacking libclass-c3-xs-perl (0.15-1+b4) ... Selecting previously unselected package libparams-util-perl. Preparing to unpack .../12-libparams-util-perl_1.102-2+b2_amd64.deb ... Unpacking libparams-util-perl (1.102-2+b2) ... Selecting previously unselected package libsub-install-perl. Preparing to unpack .../13-libsub-install-perl_0.929-1_all.deb ... Unpacking libsub-install-perl (0.929-1) ... Selecting previously unselected package libdata-optlist-perl. Preparing to unpack .../14-libdata-optlist-perl_0.114-1_all.deb ... Unpacking libdata-optlist-perl (0.114-1) ... Selecting previously unselected package libpackage-stash-perl. Preparing to unpack .../15-libpackage-stash-perl_0.40-1_all.deb ... Unpacking libpackage-stash-perl (0.40-1) ... Selecting previously unselected package libclass-load-perl. Preparing to unpack .../16-libclass-load-perl_0.25-2_all.deb ... Unpacking libclass-load-perl (0.25-2) ... Selecting previously unselected package libclass-load-xs-perl. Preparing to unpack .../17-libclass-load-xs-perl_0.10-2+b2_amd64.deb ... Unpacking libclass-load-xs-perl (0.10-2+b2) ... Selecting previously unselected package libclass-tiny-perl. Preparing to unpack .../18-libclass-tiny-perl_1.008-2_all.deb ... Unpacking libclass-tiny-perl (1.008-2) ... Selecting previously unselected package libpadwalker-perl. Preparing to unpack .../19-libpadwalker-perl_2.5-1+b4_amd64.deb ... Unpacking libpadwalker-perl (2.5-1+b4) ... Selecting previously unselected package libdevel-caller-perl:amd64. Preparing to unpack .../20-libdevel-caller-perl_2.07-1+b1_amd64.deb ... Unpacking libdevel-caller-perl:amd64 (2.07-1+b1) ... Selecting previously unselected package libdevel-globaldestruction-perl. Preparing to unpack .../21-libdevel-globaldestruction-perl_0.14-4_all.deb ... Unpacking libdevel-globaldestruction-perl (0.14-4) ... Selecting previously unselected package libdevel-lexalias-perl. Preparing to unpack .../22-libdevel-lexalias-perl_0.05-3+b2_amd64.deb ... Unpacking libdevel-lexalias-perl (0.05-3+b2) ... Selecting previously unselected package libmro-compat-perl. Preparing to unpack .../23-libmro-compat-perl_0.15-2_all.deb ... Unpacking libmro-compat-perl (0.15-2) ... Selecting previously unselected package libdevel-overloadinfo-perl. Preparing to unpack .../24-libdevel-overloadinfo-perl_0.007-1_all.deb ... Unpacking libdevel-overloadinfo-perl (0.007-1) ... Selecting previously unselected package libsub-identify-perl. Preparing to unpack .../25-libsub-identify-perl_0.14-3+b1_amd64.deb ... Unpacking libsub-identify-perl (0.14-3+b1) ... Selecting previously unselected package libsub-name-perl:amd64. Preparing to unpack .../26-libsub-name-perl_0.27-1+b1_amd64.deb ... Unpacking libsub-name-perl:amd64 (0.27-1+b1) ... Selecting previously unselected package libnamespace-clean-perl. Preparing to unpack .../27-libnamespace-clean-perl_0.27-2_all.deb ... Unpacking libnamespace-clean-perl (0.27-2) ... Selecting previously unselected package libsub-exporter-perl. Preparing to unpack .../28-libsub-exporter-perl_0.990-1_all.deb ... Unpacking libsub-exporter-perl (0.990-1) ... Selecting previously unselected package libdevel-partialdump-perl. Preparing to unpack .../29-libdevel-partialdump-perl_0.20-2_all.deb ... Unpacking libdevel-partialdump-perl (0.20-2) ... Selecting previously unselected package libdevel-stacktrace-perl. Preparing to unpack .../30-libdevel-stacktrace-perl_2.0500-1_all.deb ... Unpacking libdevel-stacktrace-perl (2.0500-1) ... Selecting previously unselected package libdist-checkconflicts-perl. Preparing to unpack .../31-libdist-checkconflicts-perl_0.11-2_all.deb ... Unpacking libdist-checkconflicts-perl (0.11-2) ... Selecting previously unselected package libeval-closure-perl. Preparing to unpack .../32-libeval-closure-perl_0.14-3_all.deb ... Unpacking libeval-closure-perl (0.14-3) ... Selecting previously unselected package libmodule-runtime-conflicts-perl. Preparing to unpack .../33-libmodule-runtime-conflicts-perl_0.003-2_all.deb ... Unpacking libmodule-runtime-conflicts-perl (0.003-2) ... Selecting previously unselected package libpackage-deprecationmanager-perl. Preparing to unpack .../34-libpackage-deprecationmanager-perl_0.18-1_all.deb ... Unpacking libpackage-deprecationmanager-perl (0.18-1) ... Selecting previously unselected package libpackage-stash-xs-perl:amd64. Preparing to unpack .../35-libpackage-stash-xs-perl_0.30-1+b2_amd64.deb ... Unpacking libpackage-stash-xs-perl:amd64 (0.30-1+b2) ... Selecting previously unselected package libmoose-perl:amd64. Preparing to unpack .../36-libmoose-perl_2.2207-1_amd64.deb ... Unpacking libmoose-perl:amd64 (2.2207-1) ... Selecting previously unselected package uniscan. Preparing to unpack .../37-uniscan_6.3-0kali3_all.deb ... Unpacking uniscan (6.3-0kali3) ... Setting up libdynaloader-functions-perl (0.003-3) ... Setting up libsub-identify-perl (0.14-3+b1) ... Setting up libpadwalker-perl (2.5-1+b4) ... Setting up libclass-c3-xs-perl (0.15-1+b4) ... Setting up libdevel-caller-perl:amd64 (2.07-1+b1) ... Setting up libsub-install-perl (0.929-1) ... Setting up libdevel-lexalias-perl (0.05-3+b2) ... Setting up libpackage-stash-xs-perl:amd64 (0.30-1+b2) ... Setting up libalgorithm-c3-perl (0.11-2) ... Setting up libclass-tiny-perl (1.008-2) ... Setting up libvariable-magic-perl (0.63-1+b2) ... Setting up libb-hooks-op-check-perl:amd64 (0.22-2+b2) ... Setting up libparams-util-perl (1.102-2+b2) ... Setting up libsub-exporter-progressive-perl (0.001013-3) ... Setting up libsub-name-perl:amd64 (0.27-1+b1) ... Setting up libdevel-globaldestruction-perl (0.14-4) ... Setting up libdevel-stacktrace-perl (2.0500-1) ... Setting up libclass-c3-perl (0.35-2) ... Setting up libdevel-callchecker-perl:amd64 (0.008-2+b1) ... Setting up libdata-optlist-perl (0.114-1) ... Setting up libmro-compat-perl (0.15-2) ... Setting up libsub-exporter-perl (0.990-1) ... Setting up libeval-closure-perl (0.14-3) ... Setting up libparams-classify-perl:amd64 (0.015-2+b2) ... Setting up libmodule-runtime-perl (0.016-2) ... Setting up libdist-checkconflicts-perl (0.11-2) ... Setting up libmodule-implementation-perl (0.09-2) ... Setting up libpackage-stash-perl (0.40-1) ... Setting up libmodule-runtime-conflicts-perl (0.003-2) ... Setting up libclass-load-perl (0.25-2) ... Setting up libpackage-deprecationmanager-perl (0.18-1) ... Setting up libdevel-overloadinfo-perl (0.007-1) ... Setting up libclass-load-xs-perl (0.10-2+b2) ... Setting up libb-hooks-endofscope-perl (0.28-1) ... Setting up libmoose-perl:amd64 (2.2207-1) ... Setting up libnamespace-clean-perl (0.27-2) ... Setting up uniscan (6.3-0kali3) ... Setting up libdevel-partialdump-perl (0.20-2) ... Processing triggers for kali-menu (2023.4.7) ... Processing triggers for man-db (2.12.0-3) ... Scanning processes... Scanning linux images... Running kernel seems to be up-to-date.
- Setelah proses instalasi Uniscan berhasil dilakukan, sekarang kita sudah bisa menggunakan tools tersebut.
Menjalankan Uniscan Kali Linux
Untuk menjalankan tools Uniscan, teman-teman hanya perlu mengetikan uniscan pada terminal dan nanti tampilannya akan seperti dibawah ini :
┌──(root㉿kali)-[/home/kali] └─# uniscan #################################### # Uniscan project # # http://uniscan.sourceforge.net/ # #################################### V. 6.3 OPTIONS: -h help -u <url> example: https://www.example.com/ -f <file> list of url's -b Uniscan go to background -q Enable Directory checks -w Enable File checks -e Enable robots.txt and sitemap.xml check -d Enable Dynamic checks -s Enable Static checks -r Enable Stress checks -i <dork> Bing search -o <dork> Google search -g Web fingerprint -j Server fingerprint usage: [1] perl ./uniscan.pl -u http://www.example.com/ -qweds [2] perl ./uniscan.pl -f sites.txt -bqweds [3] perl ./uniscan.pl -i uniscan [4] perl ./uniscan.pl -i "ip:xxx.xxx.xxx.xxx" [5] perl ./uniscan.pl -o "inurl:test" [6] perl ./uniscan.pl -u https://www.example.com/ -r
Jika tampilan seperti diatas berhasil muncul, berarti tools dari Uniscan sudah berhasil terinstall.
Konfigurasi Uniscan
Tools uniscan sebenarnya dapat berjalan walau dengan sedikit konfigurasi, namun uniscan juga memberikan beberapa opsi agar proses scanning bisa menjadi lebih spesifik lagi sesuai dengan kebutuhan. Misalnya:
- -h : Menampilkan daftar pilihan yang tersedia pada tools Uniscan.
- -u : Digunakan untuk menampilkan url spesifik yang akan di scan.
- -f : Jika teman-teman ingin melakukan scan pada beberapa url sekaligus, teman-teman bisa memasukan daftar url tersebut kedalam suatu text dan mereferensikannya menggunakan flag -f.
- -b : Menjalankan proses scanning uniscan di belakang layar.
- -q : Mengaktifkan direktori cek pada url target.
- -w : Mengaktifkan cek file pada url target.
- -e : mengaktifkan pengecekan pada sitemap.xml dan juga robots.txt.
- -d : mengaktifkan dynamic cek.
- -s : mengaktifkan cek statis.
- -r : Mengaktifkan stress cek.
- -i : Mencari informasi dorking dari mesin pencari Bing.
- -o : Mencari informasi dorking dari mesin pecari Google.
Menjalankan Uniscan di Kali Linux
Untuk menjalan scan dasar pada suatu aplikasi web, kita bisa menggunakan flag “qweds” yang memerintahkan uniscan untuk melakukan perintah :
- Pengecekan direktori (q)
- Pengecekan file (w)
- Pengecekan Robots dan sitemap (e)
- Pengecekan file dinamis (d)
- Pengecekan file statis (s)
Sekarang kita coba jalankan uniscan dengan menggunakan flag “qweds” tersebut pada situs yang akan dijadikan target, maka perintah yang kita masukan seperti dibawah ini:
┌──(root㉿kali)-[/home/kali] └─# uniscan -u https://domaindarisitustarget.com -qweds
Setelah dijalankan nanti hasilnya akan seperti informasi dibawah ini :
Seperti yang terlihat pada gambar diatas, saat direktori dan file dilakukan pengecekan, tools Uniscan dapat menemukan dan mendaftarkan direktori yang ada pada aplikasi website yang sedang di scan.
Selanjutnya Uniscan juga akan melakukan pengecekan pada robot.txt dan juga sitemap serta menghitung setiap ektsternal host yang terhubung pada web target yang sedang di scan.
Kesimpulan
Walaupun Uniscan sudah tidak di update lagi semenjak beberapa tahun yang lalu, namun tools ini masih bisa kita gunakan untuk mendapatkan berbagai informasi penting dari suatu web aplikasi.
Dengan kemudahaan penggunaan dan juga cara installnya dan ketersediannya pada paket manajer di sistem operasi Kali Linux, Uniscan masih bisa dikatakan sebagai salah satu kumpulan tools yang bisa digunakan untuk melakukan audit keamanan pada suatu website, selain itu tools ini juga amat sangat mudah untuk digunakan.
Semoga tutorial sederhana mengenai security system ini dapat bermanfaat bagi teman-teman yang sedang mempelajari security sytem. Dan sampai jumpa di tutorial security system dan belajar Kali Linux lainnya.