skipfish v2.09beta - web application security scanner

Skipfish is a fully automated, active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final reportgenerated by the tool is meant to serve as a foundation for professional web application security assessments.

The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

Changelog for Version 2.09b:

  - Fixed a crash that could be triggered during 404 fingerprint failures

  - Signature IDs for detected issues are now stored in the report
    JSON files.

  - Added mod_status, mod_info, MySQL dump, phpMyAdmin SQL dump and
    robots.txt signatures.

  - Improved the Flash and Silverlight crossdomain policy signatures to
    only warn about them when they use wildcards.

Download: Skipfish, version 2.09 beta
http://skipfish.googlecode.com/files/skipfish-2.09b.tgz

Download other versions from here

http://code.google.com/p/skipfish/downloads/list?can=1&q=

Quick links

• Download 2.09b (changelog)
• How to run the scanner! (old)
• View a sample screenshot

Documentation

• Detailed documentation
• Content signatures (new)
• Authenticated scans (new)

Getting help

• Known problems / workarounds
• File a bug in the tracker

Visit Website -

http://code.google.com/p/skipfish/

Screenshot -