Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the outputfrom a number of active (but hopefully non-disruptive) security checks. The final reportgenerated by the tool is meant to serve as a foundation for professional web application security assessment .
Improtant features
High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors
To run theis skipfish skipfish -h
You can download skipfish here
REad
Only for educational purposes.
