Posted on 22 March 2010.
Google released Skipfish, a free fully automated, active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.
The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Key features:
The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
Key features:
- High speed: Pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
- Ease of use: Heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form auto completion.
- Cutting-edge security logic: High quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
download link : http://code.google.com/p/skipfish/downloads/list
source of news : http://www.net-security.org/secworld.php?id=9043
credit to : www.net-security.org
No comments:
Post a Comment