Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.
The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
- 500+ against Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local instances.
- Automatic word list construction based on site content analysis.
- Heuristic recognition of obscure path and query-based parameter handling schemes.
- Snort style content signatures which will highlight server errors, information leaks or potentially dangerous web applications.
- Bundled security checks are designed to handle tricky scenarios: Stored XSS (path, parameters, headers), blind SQL or XML injection, or blind shell injection.
To Run this Web application security scanner
Step1: To get all the parameters of type skipfish -h[email protected]:~# skipfish -h
Step2: To scan the target and to write the output in the directory.[email protected]:~# skipfish -d -o 202 http://192.168.169.130/
It will go on scanning through every request, external/Internal links and statistics.
Once the scan completed it will create a professional web application security assessments.
Output consist of various sections such as document type and Issue type overview.
For scanning Wildcard domains[email protected]:~# skipfish -D .192.168.169.130 -o output-dir1 http://192.168.169.130/
You need to customize your HTTP requests when scanning big sites.
-H To insert any additional, non-standard headers.
-F To define a custom mapping between a host and an IP.
-d Limits crawl depth to a specified number of subdirectories.
-c Limits the number of children per directory.
-x Limits the total number of descendants per crawl tree branch.
-r Limits the total number of requests to send in a scan.
skipfish also provides the summary overviews of document types and issue types found, and an interactive sitemap, with nodes discovered through brute-force, denoted in a distinctive
Need to specify -e to avoid binary responses for reporting.
- Author: Google Inc, Michal Zalewski, Niels Heinen, Sebastian Roschke
- License: Apache-2.0