Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [WEB SECURITY] announcing skipfish, an automated web app security scanner
From: NeZa <neza0x () gmail com>
Date: Tue, 23 Mar 2010 16:13:26 -0500

Hey Michal,

Great!! effort and thanks for sharing.

Are you considering to implement "web macros" in near future for this tool?

So that you can manually crawl apps and fill out expected data (Captchas,
Credit Cards)  in order to do a thorough analysis.

As you know, sometimes a captcha or lack of valid information in the forms
break the app flow and therefore the web applications missed to test
important sections.

Let me know your thoughts.

On Fri, Mar 19, 2010 at 12:51 PM, Michal Zalewski <lcamtuf () coredump cx>wrote:

Hi folks,

I am happy to announce the availability of skipfish - our open-source,
fully automated, active web application scanner. There are several
things that probably make it interesting:

1) High speed: pure C code, highly optimized HTTP handling, minimal
CPU footprint - easily achieving 2000 requests per second with
responsive targets.

2) Ease of use: heuristics to support a variety of quirky web
frameworks and mixed-technology sites, with automatic learning
capabilities, on-the-fly wordlist creation, and form autocompletion.

3) Cutting-edge security logic: high quality, low false positive,
differential security checks, capable of spotting a range of subtle
flaws, including blind injection vectors.

To download, please go to:
http://code.google.com/p/skipfish

Read more:
http://code.google.com/p/skipfish/wiki/SkipfishDoc

Cheers,
/mz


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA




-- 
NeZa
Hacker Wanna Be from Nezahualcoyotl
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Re: [WEB SECURITY] announcing skipfish, an automated web app security scanner NeZa (Mar 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault