Full Disclosure mailing list archives
Re: [WEB SECURITY] announcing skipfish, an automated web app security scanner
From: NeZa <neza0x () gmail com>
Date: Tue, 23 Mar 2010 16:13:26 -0500
Hey Michal, Great!! effort and thanks for sharing. Are you considering to implement "web macros" in near future for this tool? So that you can manually crawl apps and fill out expected data (Captchas, Credit Cards) in order to do a thorough analysis. As you know, sometimes a captcha or lack of valid information in the forms break the app flow and therefore the web applications missed to test important sections. Let me know your thoughts. On Fri, Mar 19, 2010 at 12:51 PM, Michal Zalewski <lcamtuf () coredump cx>wrote:
Hi folks, I am happy to announce the availability of skipfish - our open-source, fully automated, active web application scanner. There are several things that probably make it interesting: 1) High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets. 2) Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. 3) Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors. To download, please go to: http://code.google.com/p/skipfish Read more: http://code.google.com/p/skipfish/wiki/SkipfishDoc Cheers, /mz ---------------------------------------------------------------------------- Join us on IRC: irc.freenode.net #webappsec Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed] Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
-- NeZa Hacker Wanna Be from Nezahualcoyotl
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [WEB SECURITY] announcing skipfish, an automated web app security scanner NeZa (Mar 23)