What is skipfish?
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.1.First install these packages
yum install gcc openssl-devel libidn libidn-devel
2. cd /usr/local/src
3. mkdir skipfish
4. cd skipfish
5. wget http://skipfish.googlecode.com/files/skipfish-2.07b.tgz
6. tar -zxf ./skipfish-2.07b.tgz
7. cd skipfish-2.07b
8. make
9.
cp dictionaries/complete.wl skipfish.wl10. mkdir /tmp/skipfish11 (Testing Skipfish) ./skipfish -o /tmp/skipfish http://yourdomain.com/ (It gives the below output)
