CIP Cyber

Log In
Menu
Log In
  • Opinion
  • Product Reviews
  • Industrial Cybersecurity
  • Videos

Skipfish- Backtrack5 Tutorial

Table of Contents

Vulnerability scanners has changed the world of penetration testing, by the right tools and techniques you can test any network and web application for vulnerabilities, there are so many tools available for both network and web application penetration testing. As discussed different tools before this time we will discuss about Skipfish.

Skipfish is an automatic web application security tool, that has been designed to find the vulnerabilities on a web application, find vulnerability on your website before than a hacker find and exploit it.

Skipfish is applicable on cross platform includes Linux, BSD, MAC and windows. It is a power full scanner that crawls targeted website and fully scanned all the pages, it available on backtrack 5, you can get it Application–>backtrack–>Vulnerability assessment–> web application assessment–> web vulnerability scanner–> skipfish

Key Features
  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. 
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors

Skipfish Tutorial

If you are using backtrac5 than you can easily use skipfish while if you are using some other distro of Linux and other operating system than follow the steps below:
Goto terminal and install skipfish dependencies:
ehacking@ubuntu:~ $ sudo -s -H
ehacking@ubuntu:~ $ sudo apt-get install libidn11-dev

ehacking@ubuntu:~ $ sudo apt-get install libssl-dev zlib1g-dev

After all the next step is to install skipfish, follow the steps. Download the skipfish link has been shared above.
ehacking@ubuntu:~ $ sha1sum skipfish-1.84b.tgz
Match the checksub with the one provided on the web site, than right click on downloaded file extract it, than on the terminal go to the extracted file.
ehacking@ubuntu:~ $ cd skipfish-1.84b
ehacking@ubuntu:~ skipfish-1.84b $ make
ehacking@ubuntu:~ skipfish-1.84b $ cp dictionaries/complete.wl skipfish.wl

ehacking@ubuntu:~ skipfish-1.84b $ mkdir results 

Done now its time to start a attack on web application using skipfish. use this command

./skipfish -o /pentest/web/skipfish/b -W dictionaries/complete.wl http://www.yourweb.com



Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Opinion

Password Cyberattack: Everything You Need to Know

November 7, 2023

Industrial Cybersecurity

Cybersecurity Awareness Month: Spotlight on ICS/OT Security

September 28, 2023

Opinion

How to Protect IoT Devices in Critical Infrastructure Networks

September 15, 2023

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training

Related Articles

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training