Bugtraq mailing list archives
announcing skipfish, an automated web app security scanner
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Fri, 19 Mar 2010 10:51:27 -0700
Hi folks, I am happy to announce the availability of skipfish - our open-source, fully automated, active web application scanner. There are several things that probably make it interesting: 1) High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets. 2) Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. 3) Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors. To download, please go to: http://code.google.com/p/skipfish Read more: http://code.google.com/p/skipfish/wiki/SkipfishDoc Cheers, /mz
Current thread:
- announcing skipfish, an automated web app security scanner Michal Zalewski (Mar 19)