Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.

The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Also, learn an Advanced Web Hacking & Penetration Testing Course – Scratch to Advance

Main Feature

500+ against Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local instances.

Automatic word list construction based on site content analysis.

Heuristic recognition of obscure path and query-based parameter handling schemes.

Snort style content signatures which will highlight server errors, information leaks or potentially dangerous web applications.

Bundled security checks are designed to handle tricky scenarios: Stored XSS (path, parameters, headers), blind SQL or XML injection, or blind shell injection.

Also Read : Commix – Automated All-in-One OS Command Injection and Exploitation Tool

To Run this Web application security scanner



Step1: To get all the parameters of type skipfish -h

[email protected]

Step2: To scan the target and to write the output in the directory.

[email protected]

It will go on scanning through every request, external/Internal links and statistics.

Once the scan completed it will create a professional web application security assessments.

Output consist of various sections such as document type and Issue type overview.

For scanning Wildcard domains

[email protected]

You need to customize your HTTP requests when scanning big sites.

-H To insert any additional, non-standard headers.

-F To define a custom mapping between a host and an IP.

-d Limits crawl depth to a specified number of subdirectories.

-c Limits the number of children per directory.

-x Limits the total number of descendants per crawl tree branch.

-r Limits the total number of requests to send in a scan.

skipfish also provides the summary overviews of document types and issue types found, and an interactive sitemap, with nodes discovered through brute-force, denoted in a distinctive

way.

Need to specify -e to avoid binary responses for reporting.

Author: Google Inc, Michal Zalewski, Niels Heinen, Sebastian Roschke

License: Apache-2.0

Also Read