skipfish
Skipfish is Google's active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
https://code.google.com/archive/p/skipfish
Install:
brew install skipfish
But...
It looks like the Homebrew package manager port of Skipfish is broken. It doesn't properly changes the path of the
signatures directory to point to /usr/local/Cellar/skipfish/2.10b/libexec/signatures.Fix:
skipfish -z /usr/local/Cellar/skipfish/2.10b/libexec/signatures ...other commands
Setup:
touch dictionaries/empty.wlln -s dictionaries/empty.wl skipfish.wlmkdir ../out
skipfish -z /usr/local/Cellar/skipfish/2.10b/libexec/signatures -o ../out/ http://example.com
Run:
skipfish -z /usr/local/Cellar/skipfish/2.10b/libexec/signatures -o ../out/ http://example.com
Results:
Then view the result in your browser:
firefox ../out/index.html
Just a friendly advice, Don’t be evil!
Be careful where you use this tool, this is an extremely powerful crawler which can eat up any websites’ bandwidth overnight.
firefox ../out/index.html
Just a friendly advice, Don’t be evil!
Be careful where you use this tool, this is an extremely powerful crawler which can eat up any websites’ bandwidth overnight.
No comments:
Post a Comment