skipfish 2.10b - web application security scanner

Skipfish is an active web application security reconnaissance tool. It prepares aninteractive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Key features:

• High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.

• Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.

• Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

lastest update -

Download 2.10b

Skipfish version 2.10b with configuration file support, enhanced signatures and improved traversal tests.

Change log Version 2.10b:
  - Updated HTML tags and attributes that are checked for URL XSS
    injections to also include a few HTML5 specific ones

  - Updated test and description for semi-colon injection in HTML meta
    refresh tags (this is IE6 specific)

  - Relaxed HTML parsing a bit to allow spaces between HTML tag attributes
    and their values (e.g. "foo =bar").

  - Major update of LFI tests by adding more dynamic tests (double
    encoding, dynamic amount of ../'s for web.xml). The total amount of
    tests for this vulnerability is now 40 per injection point.

  - The RFI test is now a separate test and no longer requires special
    compile options. The default RFI URL and it's payload check are
    still defined in src/config.h.

  - Using the --flush-to-disk flag will cause requests and responses
    to be flushed to disk which reduces the memory footprint. (especially
    noticable in large scans)

  - Fixed a bug where in some conditions (e.g. a page looks similar to
    another) links were not scraped from responses which lead to links
    to be missed (thanks to Anurag Chaurasia for reporting)

  - Added configuration file support with the --config flag. In
    config/example.conf you can find flags and examples.

  - Several signature keyword enhancements have been made. Most
    significant are the "header" keyword, which allows header matching
    and the "depend" keyword which allows signature chaining.

  - Fixed basic authentication which was broken per 2.08b. Cheers to
    Michael Stevens for reporting.

  - Fixed -k scheduling where 1:0:0 would count as a second in stead of
    an hour (also visa versa). Cheers to Claudio Criscione for reporting.

  - Small fix to compile time warnings

Quick links

Download 2.10b (changelog)
How to run the scanner! (old)
View a sample screenshot


Documentation

Detailed documentation
Content signatures (updated)
Authenticated scans (updated)


Getting help

Known problems / workarounds
File a bug in the tracker

Source -

http://code.google.com/p/skipfish/

For more information -

https://www.owasp.org/index.php/Automated_Audit_using_SKIPFISH