How it works...
Skipfish will first build a site map by crawling it and optionally using a dictionary for directory and filenames. This map is then processed through multiple security checks.
In this example, we used it to scan Peruggia in our vulnerable VM. To prevent it scanning the whole server, we used the -I peruggia option, which scans only those URLs matching (containing) the specified text. We also used the -o option to tell Skipfish where to save the reports; this directory must not exist at the moment the scan is run.
The main drawback of Skipfish is that it hasn't been updated since 2012, according to its Google Code page, so newer technologies and attack vectors may not be the ideal target for it. It remains a very useful tool, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access