Skipfish v1.33b released

In: Application Scanner , Enumeration , Information Gathering , Skipfish

25 April 2010

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.

Key Features:

High performance: 500+ requests per second against responsive Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local instances has been observed, with a very modest CPU, network, and memory footprint. This can be attributed to:

Multiplexing single-thread, fully asynchronous network I/O and data processing model that eliminates memory management, scheduling, and IPC inefficiencies present in some multi-threaded clients.
Advanced HTTP/1.1 features such as range requests, content compression, and keep-alive connections, as well as forced response size limiting, to keep network-level overhead in check.
Smart response caching and advanced server behavior heuristics are used to minimize unnecessary traffic.
Performance-oriented, pure C implementation, including a custom HTTP stack.

Ease of use: skipfish is highly adaptive and reliable. The scanner
features:
Heuristic recognition of obscure path- and query-based parameter
handling schemes.
Graceful handling of multi-framework sites where certain paths obey a completely different semantics, or are subject to different filtering rules.
Automatic wordlist construction based on site content analysis.
Probabilistic scanning features to allow periodic, time-bound assessments of arbitrarily complex sites.

Well-designed security checks: the tool is meant to provide accurate and
meaningful results:

Three-step differential probes are preferred to signature checks for detecting vulnerabilities.
Ratproxy-style logic is used to spot subtle security problems: cross-site request forgery, cross-site script inclusion, mixed content, issues MIME- and charset mismatches, incorrect caching directive, etc.

Bundled security checks are designed to handle tricky scenarios: stored XSS (path, parameters, headers), blind SQL or XML injection, or blind shell injection.

Report post-processing drastically reduces the noise caused by any
remaining false positives or server gimmicks by identifying repetitive
patterns.

The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

Changes Version 1.33b:

New SQL error signature added.
Improved tolerance for tabs in text page detector.

Post scriptum

Download

Compliance Mandates

Application Scanner :
PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

Application Scanner	10 May 2010 : SQLNinja v0.2.5 released! 1 May 2010 : WhatWeb just updated to v0.4.2 29 April 2010 : WhatWeb v0.4.1 - released 28 April 2010 : NSIA (Network System Integrity Analysis) v0.8.99 released 26 April 2010 : Acunetix WVS v6.5 build 20100419 released
Enumeration	26 April 2010 : (update) Foca v2.0.1: in the wild 25 April 2010 : Skipfish v1.33b released 25 April 2010 : Process Monitor v2.9 released 7 April 2010 : bing-ip2hosts v0.2 released - Enumerate hostnames from Bing 2 April 2010 : (update) Skipfish Active web application scanner v1.29b released
Information Gathering	12 May 2010 : MetaGoofil v1.4b released 1 May 2010 : Lansweeper v4.0 released 1 May 2010 : OpenDLP v0.1 released 9 April 2010 : CSniffer Command Line Network Sniffer v1.0.0.3 released 2 April 2010 : CMS Explorer v1.0 released - Discover the CMS components behind the site (...)
Skipfish	19 March 2010 : (Update) Skipfish Active web application scanner v1.08 beta just released

Skipfish v1.33b released

Post scriptum

Compliance Mandates

Related Articles

Follow us

Like us !

Most Read

Advertising

License

Categories

COMPANY

STANDARDS

RECENT POSTS

MENU