skipfish 2.10b - web application security scanner


Skipfish is an active web application security reconnaissance tool. It prepares aninteractive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Key features:
  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

lastest update -


Skipfish version 2.10b with configuration file support, enhanced signatures and improved traversal tests.

Change log Version 2.10b:
- Updated HTML tags and attributes that are checked for URL XSS
injections to also include a few HTML5 specific ones

- Updated test and description for semi-colon injection in HTML meta
refresh tags (this is IE6 specific)

- Relaxed HTML parsing a bit to allow spaces between HTML tag attributes
and their values (e.g. "foo =bar").

- Major update of LFI tests by adding more dynamic tests (double
encoding, dynamic amount of ../'s for web.xml). The total amount of
tests for this vulnerability is now 40 per injection point.

- The RFI test is now a separate test and no longer requires special
compile options. The default RFI URL and it's payload check are
still defined in src/config.h.

- Using the --flush-to-disk flag will cause requests and responses
to be flushed to disk which reduces the memory footprint. (especially
noticable in large scans)

- Fixed a bug where in some conditions (e.g. a page looks similar to
another) links were not scraped from responses which lead to links
to be missed (thanks to Anurag Chaurasia for reporting)

- Added configuration file support with the --config flag. In
config/example.conf you can find flags and examples.

- Several signature keyword enhancements have been made. Most
significant are the "header" keyword, which allows header matching
and the "depend" keyword which allows signature chaining.

- Fixed basic authentication which was broken per 2.08b. Cheers to
Michael Stevens for reporting.

- Fixed -k scheduling where 1:0:0 would count as a second in stead of
an hour (also visa versa). Cheers to Claudio Criscione for reporting.

- Small fix to compile time warnings


Quick links




Documentation




Getting help




Source -
http://code.google.com/p/skipfish/

For more information -
https://www.owasp.org/index.php/Automated_Audit_using_SKIPFISH