Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.
The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
You need to customize your HTTP requests when scanning big sites.
Lets Start with Fully Automated Web Application Security Scanner
Skipfish also provides the summary overviews of document types and issue types found, and an interactive sitemap, with nodes discovered through brute-force, denoted in a distinctive way.
Step 1 :-You need to download skipfish tool by executing this command in terminal window of kali linux.
git clone https://github.com/spinkham/skipfish.git
Step 2 :- Now you can run this tool easily, that give this command Skipfish -h and press enter button.
Step 3 :-Then Enter your Target Website. To scan the target and to write the output in the directory.
Here I have used "www.techtrick.in" for demo purpose.
skipfish -o /root/Desktop/TechTrick1 http://www.techtrick.in
Step 4 :-It will go on scanning through every request, external/Internal links and statistics.
Step 5 :-Once the scan completed it will create a professional web application security assessments.
Step 6 :- Output consist of various sections such as document type and Issue type overview.
Step 7 :-Here is your output report of Web Application Security Scanner.