Skipfish- Backtrack5 Tutorial

Vulnerability scanners has changed the world of penetration testing, by the right tools and techniques you can test any network and web application for vulnerabilities, there are so many tools available for both network and web application penetration testing. As discussed different tools before this time we will discuss about Skipfish.

Skipfish is an automatic web application security tool, that has been designed to find the vulnerabilities on a web application, find vulnerability on your website before than a hacker find and exploit it.

Skipfish is applicable on cross platform includes Linux, BSD, MAC and windows. It is a power full scanner that crawls targeted website and fully scanned all the pages, it available on backtrack 5, you can get it Application–>backtrack–>Vulnerability assessment–> web application assessment–> web vulnerability scanner–> skipfish

Key Features
  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. 
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors

Skipfish Tutorial

If you are using backtrac5 than you can easily use skipfish while if you are using some other distro of Linux and other operating system than follow the steps below:
Goto terminal and install skipfish dependencies:
[email protected]:~ $ sudo -s -H
[email protected]:~ $ sudo apt-get install libidn11-dev

[email protected]:~ $ sudo apt-get install libssl-dev zlib1g-dev

After all the next step is to install skipfish, follow the steps. Download the skipfish link has been shared above.
[email protected]:~ $ sha1sum skipfish-1.84b.tgz
Match the checksub with the one provided on the web site, than right click on downloaded file extract it, than on the terminal go to the extracted file.
[email protected]:~ $ cd skipfish-1.84b
[email protected]:~ skipfish-1.84b $ make
[email protected]:~ skipfish-1.84b $ cp dictionaries/complete.wl skipfish.wl

[email protected]:~ skipfish-1.84b $ mkdir results 

Done now its time to start a attack on web application using skipfish. use this command

./skipfish -o /pentest/web/skipfish/b -W dictionaries/complete.wl http://www.yourweb.com



Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...

OSINT Tutorial to Track An Aircraft And Flight Information In Real-Time

No doubt Internet is said to be the world's largest repository of data and information. It contains an enormous amount of data related to...

Preventing SQL Injection in PHP Applications

SQL injection is one of the most common cybersecurity threats and as the name suggests, it is a form of injection attack. Injection attacks, on...