Tuesday, October 9, 2012

How to install and use Skipfish

What is skipfish?

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments. 

1.First install these packages
           yum install gcc openssl-devel libidn libidn-devel
2.  cd /usr/local/src
3.  mkdir skipfish
4.  cd skipfish
5.  wget http://skipfish.googlecode.com/files/skipfish-2.07b.tgz
6.  tar -zxf ./skipfish-2.07b.tgz
7.  cd skipfish-2.07b
8.  make 
9.  cp dictionaries/complete.wl skipfish.wl
10. mkdir /tmp/skipfish
11 (Testing Skipfish)  
  ./skipfish -o /tmp/skipfish http://yourdomain.com/ (It gives the below output)