[Skipfish] Web Application Security Scanner
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap
for the targeted site by carrying out a recursive crawl and
dictionary-based probes. The resulting map is then annotated with the
output from a number of active (but hopefully non-disruptive) security
checks. The final report generated by the tool is meant to serve as a
foundation for professional web application security assessments.
Key features:
- High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
- Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
- Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
[Skipfish] Web Application Security Scanner
Reviewed by Zion3R
on
7:22 PM
Rating:
![[Skipfish] Web Application Security Scanner](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLQLaIRSzx83iulYTZ3fAWFywd6gT_EOHOwIPsarzP1lJG-fRmW5bmgRIoxlVcNzmhJv2lFdb-bJ5B-Y3L3o9I26x5yf7wuJLQF23iCDLgUt9I5eQ3kO39IVRNZacPPkXHbTDQPkrNxgM/s72-c/skipfish-screen.png)