Skipfish
Jump to navigation
Jump to search
Skipfish adalah tool pengintai keamanan aplikasi web. Skipfish menyiapkan sebuah sitemap interaktif akan target menggunakan penjelajah rekursif dan probe berbasis kamus. Peta yang dihasilkan menyediakan output setelah di scan oleh pemeriksaan keamanan.
Skipfish dapat ditemukan di bawah Aplikasi Web | Pemindai Kerentanan Web sebagai skipfish. Ketika Anda pertama kali membuka Skipfish, jendela Terminal akan muncul perintah Skipfish. Skipfish dapat menggunakan kamus built-in atau customizable untuk penilaian kerentanan.
Run
skipfish -h
Attack
Attack
skipfish –o (output location) –W (location of wordlist) (target website) skipfish -o output http://192.168.0.97/guestbook/
Hasilnya kira-kira
skipfish version 2.10b by lcamtuf@google.com
- 192.168.0.97 -
Scan statistics:
Scan time : 0:32:16.857
HTTP requests : 35831 (18.5/s), 770572 kB in, 7878 kB out (401.9 kB/s)
Compression : 757803 kB in, 7860572 kB out (82.4% gain)
HTTP faults : 0 net errors, 0 proto errors, 0 retried, 0 drops
TCP handshakes : 367 total (97.6 req/conn)
TCP faults : 0 failures, 0 timeouts, 5 purged
External links : 10 skipped
Reqs pending : 0
Database statistics:
Pivots : 548 total, 544 done (99.27%)
In progress : 0 pending, 0 init, 0 attacks, 4 dict
Missing nodes : 2 spotted
Node types : 1 serv, 7 dir, 12 file, 520 pinfo, 2 unkn, 6 par, 0 vall
Issues found : 13 info, 2 warn, 2 low, 0 medium, 3 high impact
Dict size : 285 words (285 new), 4 extensions, 256 candidates
Signatures : 77 total
[+] Copying static resources...
[+] Sorting and annotating crawl nodes: 548
[+] Looking for duplicate entries: 548
[+] Counting unique nodes: 30
[+] Saving pivot data for third-party tools...
[+] Writing scan description...
[+] Writing crawl tree: 548
[+] Generating summary views...
[+] Report saved to 'skipfish/index.html' [0x5cc6919f].
[+] This was a great day for science!
Web Output
Hasilnya bisa dilihat di web
file:///outoutdirectory/index.html
Contoh:
atau lebih detail
