Skipfish V2.0.5

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Features : 

  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

How To Usage:

A standard, authenticated scan of a well-designed and self-contained site (warns about all external links, e-mails, mixed content, and caching header issues), including gentle brute-force:

$ touch new_dict.wl
$ ./skipfish -MEU -S dictionaries/minimal.wl -W new_dict.wl
-C “AuthCookie=value” -X /logout.aspx -o output_dir
Five-connection crawl, but no brute-force; pretending to be MSIE and caring less about ambiguous MIME or character set mismatches, and trusting links:

$ ./skipfish -m 5 -L -W- -o output_dir -b ie -B
Heavy brute force only (no HTML link extraction), limited to a single directory and timing out after 5 seconds:

$ touch new_dict.wl
$ ./skipfish -S dictionaries/complete.wl -W new_dict.wl -P -I
-o output_dir -t 5 -I
For a short list of all command-line options, try ./skipfish -h. A quick primer on some of the particularly useful options is also given here.

Platform : Unix/Linux
Download Latest Version : skipfish-2.05b.tgz (202 KB)
Find Other Version |
Read more in here :