What is Skipfish?
[You must be registered and logged in to see this image.][quote]Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
The advantage of using Skipfish:
* High performance
* Ease of use
* Well-designed security checks
[code]example using Skipfish…
1.Once you have the dictionary selected, you can try:
$ ./skipfish -o output_dir
[You must be registered and logged in to see this link.] 2. Brute force only no html link :
$ ./skipfish -P -I
[You must be registered and logged in to see this link.] -o output_dir -t 5 -I
[You must be registered and logged in to see this link.] more function if you know…
[You must be registered and logged in to see this link.] after I find out more about skipfish I will share with you. because now I’m still using windows. because my internet providers does not support linux .I hope Skipfish will appear with the version of windows …:D … just hope .. :D : D
Subyek: Skipfish Google web app security.. 
Wed May 25, 2011 9:02 pm
