Skipfish is an active web application security reconnaissance tool from Google.

It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

 

Advantages

• Free and open source.
• High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
• Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form auto completion.
• Automatic wordlist construction based on site content analysis.
• Probabilistic scanning features to allow periodic, time-bound assessments of arbitrarily complex sites.
• Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

Tests Implemented

A rough list of the security checks offered by the tool is outlined below.

• Server-side SQL injection (including blind vectors, numerical parameters).
• Explicit SQL-like syntax in GET or POST parameters.
• Server-side shell command injection (including blind vectors).
• Server-side XML / XPath injection (including blind vectors).
• Format string vulnerabilities.
• Integer overflow vulnerabilities.
• Stored and reflected XSS vectors in document body (minimal JS XSS support present).
• Stored and reflected XSS vectors via HTTP redirects.
• Stored and reflected XSS vectors via HTTP header splitting.
• Directory traversal (including constrained vectors).
• HTTP credentials in URLs.
• Self-signed SSL certificates.
• Internal warnings like failed resource fetch attempts,  exceeded crawl limits, Failed 404 behaviour checks etc.
• And many more..

Download skipfish

The following list of products and tools provide web application security scanner functionality.

Commercial Tools

• Acunetix WVS by Acunetix
• AppScan by IBM
• Burp Suite Professional by PortSwigger
• Hailstorm by Cenzic
• MileScan Web Security Auditor by MileSCAN Technologies
• N-Stalker by N-Stalker
• Nessus by Tenable Network Security
• NetSparker by Mavituna Security
• NeXpose by Rapid7
• NTOSpider by NTObjectives
• Retina Web Security Scanner by eEye Digital Security
• WebApp360 by nCircle
• WebInspect by HP
• WebKing by Parasoft

Software-as-a-Service Providers

• AppScan OnDemand by IBM
• ClickToSecure by Cenzic
• QualysGuard Web Application Scanning by Qualys
• Sentinel by WhiteHat
• Veracode Web Application Security by Veracode
• WebInspect by HP
• WebScanService by Elanize KG

Free / Open Source Tools

• Grabber by Romain Gaucher
• Grendel-Scan by David Byrne and Eric Duprey
• Paros by Chinotec
• Powerfuzzer by Marcin Kozlowski
• SecurityQA Toolbar by iSEC Partners
• W3AF by Andres Riancho
• Wapiti by Nicolas Surribas

Related posts

• Google wave for dummies
• Using Gmail advanced search
• Content-Aware Fill in Adobe Creative Suite 5
• Android running on Windows Mobile
• Google Phone – Nexus One