Fully Automated Web Application Security Scanner - Skipfish


Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.

The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.


Key features :-

  • High speed : pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

You need to customize your HTTP requests when scanning big sites.


For scanning Wildcard domains

Lets Start with Fully Automated Web Application Security Scanner

  • -H :- To insert any additional, non-standard headers.
  • -F :- To define a custom mapping between a host and an IP.
  • -d :- Limits crawl depth to a specified number of subdirectories.
  • -c :- Limits the number of children per directory.
  • -x :- Limits the total number of descendants per crawl tree branch.
  • -r :- Limits the total number of requests to send in a scan.

Skipfish also provides the summary overviews of document types and issue types found, and an interactive sitemap, with nodes discovered through brute-force, denoted in a distinctive way.


Step 1 :-You need to download skipfish tool by executing this command in terminal window of kali linux.

git clone https://github.com/spinkham/skipfish.git

Fully Automated Web Application Security Scanner - Skipfish


Step 2 :- Now you can run this tool easily, that give this command Skipfish -h and press enter button.


Fully Automated Web Application Security Scanner - Skipfish


Step 3 :-Then Enter your Target Website. To scan the target and to write the output in the directory.

Here I have used "www.techtrick.in" for demo purpose.

skipfish -o /root/Desktop/TechTrick1 http://www.techtrick.in

Fully Automated Web Application Security Scanner - Skipfish


Step 4 :-It will go on scanning through every request, external/Internal links and statistics.


Fully Automated Web Application Security Scanner - Skipfish


Step 5 :-Once the scan completed it will create a professional web application security assessments.


Fully Automated Web Application Security Scanner - Skipfish


Step 6 :- Output consist of various sections such as document type and Issue type overview.


Fully Automated Web Application Security Scanner - Skipfish


Step 7 :-Here is your output report of Web Application Security Scanner.


Fully Automated Web Application Security Scanner - Skipfish


For References :-




Thank you for reading this article. Do let me know for any queries in comment section below.




Sharing is caring

google
linkedin

About Author

Akash is a co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email (akashchugh1994@gmail.com).


You may also like :-




Leave a Comment

Your email address will not be published. Required fields are marked *




Stay Connected

Popular Posts

Get Latest Stuff Through Email


Who Should Read TechTrick?

All the tricks and tips that TechTrick provides only for educational purpose. If you choose to use the information in TechTrick to break into computer systems maliciously and without authorization, you are on your own. Neither I (TechTrick Admin) nor anyone else associated with TechTrick shall be liable. We are not responsibe for any issues that caused due to informations provided here. So, Try yourself and see the results. You are not losing anything by trying... We are humans, Mistakes are quite natural. Here on TechTrick also have many mistakes..