This is a mirror of official site: http://jasper-net.blogspot.com/

skipfish

| Sunday, March 21, 2010
skipfish - web application security scanner

   * Written and maintained by Michal Zalewski <lcamtuf@google.com>.
   * Copyright 2009, 2010 Google Inc, rights reserved.
   * Released under terms and conditions of the Apache License, version 2.0.

What is skipfish?

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Why should I bother with this particular tool?

A number of commercial and open source tools with analogous functionality is readily available (e.g., Nikto, Nessus); stick to the one that suits you best. That said, skipfish tries to address some of the common problems associated with web security scanners.

Read more: Google code

Posted via email from jasper22's posterous

0 comments: