Skipfish is an active web application security reconnaissance tool written and maintained by Michal Zalewski (@lcamtuf). Skipfish is one of the fastest webscanners available which spiders using the wordlists, a very powerful web scanning tool with a simple implementation. In Matriux Skipfish can be found in the arsenal under Arsenal ->Framework -> Skipfish
Why Skipfish?
Skipfish fast and easy to implement can perform a robust scan of any website providing a lot of security tests, like php injection, XSS, format string vulnerabilities, overflow vulnerabilities, file inclusions and lot more categorized into high risk, medium risk and low risk issues. Skipfish also provides summary overviews of document types and issue types found; and an interactive sitemap, with nodes discovered through brute-force denoted in a distinctive way.
Getting started
Before starting skipfish make sure you provide a skipfish.wl wordlist file from the dictionaries directory found at
/pt/webscanners/skipfish/dictionaries/
(to put it simple copy a file from dictionaries/ to the directory of skipfish into skipfish.wl).
Start skipfish from Arsenal or move to directory /pt/webscanners/skipfish/ and run ./skipfish –h for help.
./skipfish –o /home/matriux/path http://www.example.com/
You can replace
/home/matriux/
path with other desired locations you want.
Following is how a sample report looks like.
$
./skipfish -X /logout/logout.aspx
… other parameters…
There are also other options with HTTP cookies, authentication which you can find in the skipfish doc or the README file present in the installation directory.
Overall skipfish is a very light tool for web scanning and security testing, which provides a lot of features and scan options in a faster way.
References
http://code.google.com/p/skipfish/wiki/SkipfishDoc
Happy Hacking 🙂
