Description: Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Key features:
High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
source : http://code.google.com/p/skipfish/
this video is a simple demo of Skipfish. we can find vulnerability on our website and fix it before a hacker exploit it. this tool is included in backtrack.
cd/pentest/web/Skipfish
./Skipfish -h will give various options.
Tags: Skipfish ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
This tool is good for web vulnerability assessment !
it can detect a range of flaws. its for both new and professional user.