Skipfish- Backtrack5 Tutorial

Vulnerability scanners has changed the world of penetration testing, by the right tools and techniques you can test any network and web application for vulnerabilities, there are so many tools available for both network and web application penetration testing. As discussed different tools before this time we will discuss about Skipfish.

Skipfish is an automatic web application security tool, that has been designed to find the vulnerabilities on a web application, find vulnerability on your website before than a hacker find and exploit it.

Skipfish is applicable on cross platform includes Linux, BSD, MAC and windows. It is a power full scanner that crawls targeted website and fully scanned all the pages, it available on backtrack 5, you can get it Application–>backtrack–>Vulnerability assessment–> web application assessment–> web vulnerability scanner–> skipfish

Key Features
  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. 
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors

Skipfish Tutorial

If you are using backtrac5 than you can easily use skipfish while if you are using some other distro of Linux and other operating system than follow the steps below:
Goto terminal and install skipfish dependencies:
[email protected]:~ $ sudo -s -H
[email protected]:~ $ sudo apt-get install libidn11-dev

[email protected]:~ $ sudo apt-get install libssl-dev zlib1g-dev

After all the next step is to install skipfish, follow the steps. Download the skipfish link has been shared above.
[email protected]:~ $ sha1sum skipfish-1.84b.tgz
Match the checksub with the one provided on the web site, than right click on downloaded file extract it, than on the terminal go to the extracted file.
[email protected]:~ $ cd skipfish-1.84b
[email protected]:~ skipfish-1.84b $ make
[email protected]:~ skipfish-1.84b $ cp dictionaries/complete.wl skipfish.wl

[email protected]:~ skipfish-1.84b $ mkdir results 

Done now its time to start a attack on web application using skipfish. use this command

./skipfish -o /pentest/web/skipfish/b -W dictionaries/complete.wl http://www.yourweb.com



Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...

Digital Forensics Investigation using Autopsy In Kali Linux

Autopsy is one of the digital forensics tools use to investigate what happened on a computer. It offers a GUI access to variety of...