Website Vulnerability Scanning

So I tested out Skipfish today to do a quick check on a website / web server. Hosted on Google at: http://code.google.com/p/skipfish/ download it, extract it and make and run:

wget http://skipfish.googlecode.com/files/skipfish-2.01b.tgz
tar xzf skipfish-2.01b.tgz
cd skipfish*
cp ./dictionaries/medium.wl .
make
./skipfish -o ./myreport http://domain.co.uk/index.php
Screenshot Skipfish

Skipfish Scan

Skipfish will create an HTML report in the ./myreport directory in the file index.html

Skipfish Report

Skipfish HTML Report

For more info read the well written README files in the tarball.

Another useful tool in addition to OpenVAS (Nessus) and one which could be scripted to provide a web interface – added to the TO DO list!

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>