Skipfish- Backtrack5 Tutorial

Vulnerability scanners has changed the world of penetration testing, by the right tools and techniques you can test any network and web application for vulnerabilities, there are so many tools available for both network and web application penetration testing. As discussed different tools before this time we will discuss about Skipfish.

Skipfish is an automatic web application security tool, that has been designed to find the vulnerabilities on a web application, find vulnerability on your website before than a hacker find and exploit it.

Skipfish is applicable on cross platform includes Linux, BSD, MAC and windows. It is a power full scanner that crawls targeted website and fully scanned all the pages, it available on backtrack 5, you can get it Application–>backtrack–>Vulnerability assessment–> web application assessment–> web vulnerability scanner–> skipfish

Key Features
  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. 
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors

Skipfish Tutorial

If you are using backtrac5 than you can easily use skipfish while if you are using some other distro of Linux and other operating system than follow the steps below:
Goto terminal and install skipfish dependencies:
[email protected]:~ $ sudo -s -H
[email protected]:~ $ sudo apt-get install libidn11-dev

[email protected]:~ $ sudo apt-get install libssl-dev zlib1g-dev

After all the next step is to install skipfish, follow the steps. Download the skipfish link has been shared above.
[email protected]:~ $ sha1sum skipfish-1.84b.tgz
Match the checksub with the one provided on the web site, than right click on downloaded file extract it, than on the terminal go to the extracted file.
[email protected]:~ $ cd skipfish-1.84b
[email protected]:~ skipfish-1.84b $ make
[email protected]:~ skipfish-1.84b $ cp dictionaries/complete.wl skipfish.wl

[email protected]:~ skipfish-1.84b $ mkdir results 

Done now its time to start a attack on web application using skipfish. use this command

./skipfish -o /pentest/web/skipfish/b -W dictionaries/complete.wl http://www.yourweb.com



Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...