It uses dictionary- based and and recursive crawl approach. The way it displays the result is very impressing, It has rich javascript based user interface. It divides the results in several parts like - High risk, Medium risk, Low risk, Warnings, Notes, Unique children nodes.
Skipfish is purely written in C and easily achieves 2000 requests per second. Skipfish is realy very easy to install
Installation -
1. Download skipfish from - http://skipfish.googlecode.com/files/skipfish-1.32b.tgz
2. Untar it.
3. Now we need libidn, I installed it with add/remove software option on fedora. You can download it from libidn.
4. cd skipfish
5. make
(it does not standalone installation (make install))
6.Copy dictionary file. According to your use you can copy any dictionary file.
cp dictionaries/default.wl skipfish.wl
Now you can test your web application using skipfish.
./skipfish -o siteresult http://example
Skipfish provide various option like -
-A user:pass (for simple HTTP credentials)
-C cookiename=cookieval (for cokkie credentials)
-X /logout.php (matching url will not be feched)
-I (only crawl URLs matching a substring)
-S (ignore links on pages)
-D (allow to specify additional domains )
-B (prevents crawl to third-party domain)
and so on continue... for more details you can visit - http://code.google.com/p/skipfish/wiki/SkipfishDoc
skipfish is very useful, its high risks includes -
- Server-side SQL injection (including blind vectors, numerical parameters).
- Explicit SQL-like syntax in GET or POST parameters.
- Server-side shell command injection (including blind vectors).
- Server-side XML / XPath injection (including blind vectors).
- Format string vulnerabilities.
- Integer overflow vulnerabilities.
- Locations accepting HTTP PUT.
Before using skipfish you make sure that you run this test on staging instance because skipfish will crawl to every link that appears on the site. It can perform any operation of insert, delete, and modify so you should not run on a production site. When I used skipfish it gives very valuable information. Detecting flaws early is surely something worth doing.
skipfish is good quality - it updates it dictionary on run time. Before using skipfish please read skipfish/dictionaries/README-FIRST. So go ahead and use it but not on production server.
Sounds great! I would love to try it sometime.
ReplyDeleteI have used skipfish but it doesnt give a comprehensive approach,for example it just checks the login page each time
ReplyDelete@Njava - Have you tried to create session for your site by somehow..either by using skipfish option or tweaking your site code.
ReplyDelete