Skipfish – Web application analysis tools


  • Web application scanner tool
  • Used for reconnaissance and build sitemap for the target website by using a recursive crawl and prebuild dictionaries (wordlists)
  • Generate graphical output as HTML file
  • Display Number of packets and HTTP connections sent
  • Help to identify common security risks like SQL injection and XSS flaws
  • Check SSL certificate validity
  • Can be used with Http authentication

How to use it

In Kali linux 2, run the following command:

Skipfish -h to lists its options

Skipfish -o <output location> <website target>



To end the scan before finish, type Ctrl+C

The output result in index.html file is easy to read and verify by testers




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s