Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.

The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Also, learn an Advanced Web Hacking & Penetration Testing Course – Scratch to Advance

Main Feature

  • 500+ against Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local instances.
  • Automatic word list construction based on site content analysis.
  • Heuristic recognition of obscure path and query-based parameter handling schemes.
  • Snort style content signatures which will highlight server errors, information leaks or potentially dangerous web applications.
  • Bundled security checks are designed to handle tricky scenarios: Stored XSS (path, parameters, headers), blind SQL or XML injection, or blind shell injection.

Also Read  :  Commix – Automated All-in-One OS Command Injection and Exploitation Tool

To Run this Web application security scanner

Step1: To get all the parameters of type skipfish -h

 [email protected]:~# skipfish -h
Skipfish | Web application security scanner

Step2: To scan the target and to write the output in the directory.

[email protected]:~# skipfish -d -o 202 http://192.168.169.130/
Skipfish | Web application security scanner

It will go on scanning through every request, external/Internal links and statistics.

Skipfish | Web application security scanner
Skipfish | Web application security scanner

Once the scan completed it will create a professional web application security assessments.

Skipfish | Web application security scanner

Output consist of various sections such as document type and Issue type overview.

Skipfish | Web application security scanner

For scanning Wildcard domains

[email protected]:~# skipfish -D .192.168.169.130 -o output-dir1 http://192.168.169.130/

You need to customize your HTTP requests when scanning big sites.

-H   To insert any additional, non-standard headers.
-F To define a custom mapping between a host and an IP.
-d Limits crawl depth to a specified number of subdirectories.
-c Limits the number of children per directory.
-x Limits the total number of descendants per crawl tree branch.
-r Limits the total number of requests to send in a scan.

skipfish also provides the summary overviews of document types and issue types found, and an interactive sitemap, with nodes discovered through brute-force, denoted in a distinctive
way.

Need to specify -e to avoid binary responses for reporting.

  • Author: Google Inc, Michal Zalewski, Niels Heinen, Sebastian Roschke
  • License: Apache-2.0

Also Read

EHA
SOURCEskipfish
Guru is an Ex-Security Engineer at Comodo Cybersecurity. Co-Founder - Cyber Security News & GBHackers On Security.

LEAVE A REPLY

Please enter your comment!
Please enter your name here