Difference between revisions of "Skipfish"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) (→Attack) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
+ | ==Run== | ||
− | + | skipfish -h | |
+ | |||
+ | ==Attack== | ||
+ | |||
+ | Attack | ||
+ | |||
+ | skipfish –o (output location) –W (location of wordlist) (target website) | ||
+ | skipfish -o output http://192.168.0.97/guestbook/ | ||
+ | |||
+ | |||
+ | Hasilnya kira-kira | ||
+ | |||
+ | skipfish version 2.10b by lcamtuf@google.com | ||
+ | |||
+ | - 192.168.0.97 - | ||
+ | |||
+ | Scan statistics: | ||
+ | |||
+ | Scan time : 0:32:16.857 | ||
+ | HTTP requests : 35831 (18.5/s), 770572 kB in, 7878 kB out (401.9 kB/s) | ||
+ | Compression : 757803 kB in, 7860572 kB out (82.4% gain) | ||
+ | HTTP faults : 0 net errors, 0 proto errors, 0 retried, 0 drops | ||
+ | TCP handshakes : 367 total (97.6 req/conn) | ||
+ | TCP faults : 0 failures, 0 timeouts, 5 purged | ||
+ | External links : 10 skipped | ||
+ | Reqs pending : 0 | ||
+ | |||
+ | Database statistics: | ||
+ | |||
+ | Pivots : 548 total, 544 done (99.27%) | ||
+ | In progress : 0 pending, 0 init, 0 attacks, 4 dict | ||
+ | Missing nodes : 2 spotted | ||
+ | Node types : 1 serv, 7 dir, 12 file, 520 pinfo, 2 unkn, 6 par, 0 vall | ||
+ | Issues found : 13 info, 2 warn, 2 low, 0 medium, 3 high impact | ||
+ | Dict size : 285 words (285 new), 4 extensions, 256 candidates | ||
+ | Signatures : 77 total | ||
+ | |||
+ | [+] Copying static resources... | ||
+ | [+] Sorting and annotating crawl nodes: 548 | ||
+ | [+] Looking for duplicate entries: 548 | ||
+ | [+] Counting unique nodes: 30 | ||
+ | [+] Saving pivot data for third-party tools... | ||
+ | [+] Writing scan description... | ||
+ | [+] Writing crawl tree: 548 | ||
+ | [+] Generating summary views... | ||
+ | [+] Report saved to 'skipfish/index.html' [0x5cc6919f]. | ||
+ | [+] This was a great day for science! | ||
+ | |||
+ | ==Web Output== | ||
+ | |||
+ | Hasilnya bisa dilihat di web | ||
+ | |||
+ | file:///outoutdirectory/index.html | ||
+ | |||
+ | Contoh: | ||
+ | |||
+ | [[File:Screenshot from 2018-06-05 17-28-40.png|center|200px|thumb]] | ||
+ | |||
+ | atau lebih detail | ||
+ | |||
+ | [[File:Screenshot from 2018-06-05 17-31-17.png|center|200px|thumb]] |
Latest revision as of 17:32, 5 June 2018
Skipfish adalah tool pengintai keamanan aplikasi web. Skipfish menyiapkan sebuah sitemap interaktif akan target menggunakan penjelajah rekursif dan probe berbasis kamus. Peta yang dihasilkan menyediakan output setelah di scan oleh pemeriksaan keamanan.
Skipfish dapat ditemukan di bawah Aplikasi Web | Pemindai Kerentanan Web sebagai skipfish. Ketika Anda pertama kali membuka Skipfish, jendela Terminal akan muncul perintah Skipfish. Skipfish dapat menggunakan kamus built-in atau customizable untuk penilaian kerentanan.
Run
skipfish -h
Attack
Attack
skipfish –o (output location) –W (location of wordlist) (target website) skipfish -o output http://192.168.0.97/guestbook/
Hasilnya kira-kira
skipfish version 2.10b by lcamtuf@google.com - 192.168.0.97 - Scan statistics: Scan time : 0:32:16.857 HTTP requests : 35831 (18.5/s), 770572 kB in, 7878 kB out (401.9 kB/s) Compression : 757803 kB in, 7860572 kB out (82.4% gain) HTTP faults : 0 net errors, 0 proto errors, 0 retried, 0 drops TCP handshakes : 367 total (97.6 req/conn) TCP faults : 0 failures, 0 timeouts, 5 purged External links : 10 skipped Reqs pending : 0 Database statistics: Pivots : 548 total, 544 done (99.27%) In progress : 0 pending, 0 init, 0 attacks, 4 dict Missing nodes : 2 spotted Node types : 1 serv, 7 dir, 12 file, 520 pinfo, 2 unkn, 6 par, 0 vall Issues found : 13 info, 2 warn, 2 low, 0 medium, 3 high impact Dict size : 285 words (285 new), 4 extensions, 256 candidates Signatures : 77 total [+] Copying static resources... [+] Sorting and annotating crawl nodes: 548 [+] Looking for duplicate entries: 548 [+] Counting unique nodes: 30 [+] Saving pivot data for third-party tools... [+] Writing scan description... [+] Writing crawl tree: 548 [+] Generating summary views... [+] Report saved to 'skipfish/index.html' [0x5cc6919f]. [+] This was a great day for science!
Web Output
Hasilnya bisa dilihat di web
file:///outoutdirectory/index.html
Contoh:
atau lebih detail