 |
| ||||
Skipfish generates an interactive sitemap of the target site, created by recursively crawling it and carrying out dictionary-based probes.
Works by performing some known security checks.
The generated report can be used by webmasters for improving their site's security.
Installation:
Unpack the archive and type 'make' to compile.
Copy the desired dictionary file from dictionaries/ to skipfish.wl
Execute ./skipfish -o output_dir http://www.example.com/some/starting/path
The final report is written to output_dir/index.html and can be viewed with any JavaScript-enabled browser.
Here are some key features of "Skipfish":
High performance:
· 500+ requests per second against responsive Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local instances have been observed, with a very modest CPU, network, and memory footprint.
· Multiplexing single-thread, fully asynchronous network I/O and data processing model that eliminates memory management, scheduling, and IPC inefficiencies present in some multi-threaded clients.
· Advanced HTTP/1.1 features such as range requests, content compression, and keep-alive connections, as well as forced response size limiting, to keep network-level overhead in check.
· Smart response caching and advanced server behavior heuristics are used to minimize unnecessary traffic.
· Performance-oriented, pure C implementation, including a custom HTTP stack.
Ease of use:
· Heuristic recognition of obscure path- and query-based parameter handling schemes.
· Graceful handling of multi-framework sites where certain paths obey a completely different semantics, or are subject to different filtering rules.
· Automatic wordlist construction based on site content analysis.
· Probabilistic scanning features to allow periodic, time-bound assessments of arbitrarily complex sites.
Well-designed security checks:
· Three-step differential probes are preferred to signature checks for detecting vulnerabilities.
· Ratproxy-style logic is used to spot subtle security problems: cross-site request forgery, cross-site script inclusion, mixed content, issues MIME- and charset mismatches, incorrect caching directives, etc.
· Bundled security checks are designed to handle tricky scenarios: stored XSS (path, parameters, headers), blind SQL or XML injection, or blind shell injection.
· Report post-processing drastically reduces the noise caused by any remaining false positives or server gimmicks by identifying repetitive patterns.
Requirements:
· GNU Libidn
· Cygwin (on Windows)
What's New in This Release: [ read full changelog ]
· Fixed a crash that could be triggered during 404 fingerprint failures
· Signature IDs for detected issues are now stored in the report JSON files.
· Added mod_status, mod_info, MySQL dump, phpMyAdmin SQL dump and robots.txt signatures.
· Improved the Flash and Silverlight crossdomain policy signatures to only warn about them when they use wildcards.
Via: Skipfish 2.10b
No comments:
Post a Comment