Hey all in this tutorial i will be telling you about Skipfish which is used for Web Security or we can say for web vulnerability scanning.
Skipfish is an automatic web application security tool, that has been designed to find the vulnerabilities on a web application, find vulnerability on your website before than a hacker find and exploit it.It was made for security purposes.
Skipfish is applicable on cross platform includes Linux, BSD, MAC and windows. It is a power full scanner that crawls targeted website and fully scanned all the pages.
1. High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
2. Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
3. Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
If you are using backtrack5 than it is present there, for getting it follow the procedure
Application-->backtrack-->Vulnerability assessment--> web application assessment--> web vulnerability scanner--> skipfish
If you are using other distro of Linux or other operating system than follow the steps:
1.First of all install all skipfish dependencies. For that open terminal and type following things
sudo -s -H
sudo apt-get install libidn11-dev
sudo apt-get install libssl-dev zlib1g-dev
2.Then download skipfish.
3. After downloading open terminal and type following things
sha1sum skipfish-1.84b.tgz
4. Now match the checksub with the one provided on the web site, than right click on downloaded file extract it, than on the terminal go to the extracted file.
Then open terminal and type following things
cd skipfish-1.84b
skipfish-1.84b $ make
skipfish-1.84b $ cp dictionaries/complete.wl skipfish.wl
skipfish-1.84b $ mkdir results
Our work is done and skipfish is successfully installed. Now time for attack for that go to skipfish directory and type following things
./skipfish -o /pentest/web/skipfish/b -W dictionaries/complete.wl http://www.yoursite.com
Hope you all enjoyed this tutorial and if you have any problem or question then you may ask in comments.
What Is Skipfish ?
Skipfish is an automatic web application security tool, that has been designed to find the vulnerabilities on a web application, find vulnerability on your website before than a hacker find and exploit it.It was made for security purposes.
Skipfish is applicable on cross platform includes Linux, BSD, MAC and windows. It is a power full scanner that crawls targeted website and fully scanned all the pages.
Features Of Skipfish
1. High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
2. Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
3. Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
Installing Skipfish
If you are using backtrack5 than it is present there, for getting it follow the procedure
Application-->backtrack-->Vulnerability assessment--> web application assessment--> web vulnerability scanner--> skipfish
If you are using other distro of Linux or other operating system than follow the steps:
1.First of all install all skipfish dependencies. For that open terminal and type following things
sudo -s -H
sudo apt-get install libidn11-dev
sudo apt-get install libssl-dev zlib1g-dev
2.Then download skipfish.
3. After downloading open terminal and type following things
sha1sum skipfish-1.84b.tgz
4. Now match the checksub with the one provided on the web site, than right click on downloaded file extract it, than on the terminal go to the extracted file.
Then open terminal and type following things
cd skipfish-1.84b
skipfish-1.84b $ make
skipfish-1.84b $ cp dictionaries/complete.wl skipfish.wl
skipfish-1.84b $ mkdir results
Our work is done and skipfish is successfully installed. Now time for attack for that go to skipfish directory and type following things
./skipfish -o /pentest/web/skipfish/b -W dictionaries/complete.wl http://www.yoursite.com
Hope you all enjoyed this tutorial and if you have any problem or question then you may ask in comments.
0 comments:
Post a Comment
Got any doubts or feedbacks ?
Feel free to comment !