Skipfish – Web application analysis tools

Overview

  • http://tools.kali.org/web-applications/skipfish
  • Web application scanner tool
  • Used for reconnaissance and build sitemap for the target website by using a recursive crawl and prebuild dictionaries (wordlists)
  • Generate graphical output as HTML file
  • Display Number of packets and HTTP connections sent
  • Help to identify common security risks like SQL injection and XSS flaws
  • Check SSL certificate validity
  • Can be used with Http authentication

How to use it

In Kali linux 2, run the following command:

Skipfish -h to lists its options

Skipfish -o <output location> <website target>

01.png

02.png

To end the scan before finish, type Ctrl+C

The output result in index.html file is easy to read and verify by testers

03.png

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s