SkipFish is an active web application security scanner developed by Google's information security engineering team, Michal Zalewski, Niels Heinen and Sebastian Roschke.
SkipFish Key Features
SkipFish have some advantages they are following:
- High performance: 500+ requests per second against responsive Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local instances have been observed, with a very modest CPU, network, and memory footprint.
- Well-designed security checks: the tool is meant to provide accurate and meaningful results.
- Automatic wordlist construction based on site content analysis.
- Probabilistic scanning features to allow periodic, time-bound assessments of arbitrarily complex sites.
- Handcrafted dictionaries offer excellent coverage and permit thorough $keyword.$extension testing in a reasonable timeframe.
- Three-step differential probes are preferred to signature checks for detecting vulnerabilities.
- Ratproxy-style logic is used to spot subtle security problems: cross-site request forgery, cross-site script inclusion, mixed content, issues MIME- and charset mismatches, incorrect caching directives, etc.
- Bundled security checks are designed to handle tricky scenarios: stored XSS (path, parameters, headers), blind SQL or XML injection, or blind shell injection.
- Snort style content signatures which will highlight server errors, information leaks or potentially dangerous web applications.
- Report post-processing drastically reduces the noise caused by any remaining false positives or server gimmicks by identifying repetitive patterns.
How to use SkipFish on Kali Linux
As we previously said that SkipFish comes pre-installed with Kali Linux (Full version) so we don't need to install it (if not we can use sudo apt install skipfish).
We can check it's options by entering following command on our terminal:
The following screenshot shows the output of the preceding command and the help of SkipFish tool.
Now we can run this tool against our target. Here we have a demo localhost target, because using this tool without proper permission will be illegal. We can use this against our own site or have a permission to test.
So we run it against our localhost (http://192.168.225.37/bodgeit, we can use live websites URL when we want to run it against live website) using following command:
In the above command we have used -o flag to specify our output directory and SkipFish will generate a folder called SkipfishTEST as per our used command.
After applying the above command we can see some welcome note on our terminal, as the following screenshot:
Here we can wait 60 seconds to start our scan or we can press any key to start the scan immediately.
After the scanning process is start we can see SkipFish is trying to find vulnerabilities on our target, as we can see in the following screenshot:
This will take some time to scan depending on the size of our target web application and internet speed (Here we are in localhost so internet speed is not an issue).
If we want to see the details of scanning we can press space bar, then we can see the live scanning:
After the scan complete we can see SkipFish generated a ton of output
files in the location specified.
Now we can go to the location where we have saved our reports. In our case it is in SkipfishTEST folder inside the /home/kali directory.
Inside the folder we got a file called index.html we need to open the html file on our browser to get the reports generated by SkipFish. As we did in the following screenshot:
We can see the issues here. To know on which URL we have issues we need to click the issue to expand it.
We can see on the above screenshot we have some serious issue to fix. Bad guys can use these loopholes for bad things. But a ethical guy or bounty hunter will report these issues to the admins. To know more specific scans of SkipFish click here.
This is how we can use SkipFish to find security problems on websites or web application using Kali Linux.
Disclaimer: Please do not be evil. Use SkipFish only against services we own, or have a permission to test. Using these against other property may considered as crime. We wrote this article for educational purpose only. If anyone do any disturbing activity then we are not responsible for that, only that person will responsible.
Liked our article? then make sure to follow our e-mail subscription to get our latest article directly on inbox. We also update our article on our GitHub and Twitter, make sure to follow us there. We also have stated a Telegram group for more discussion.
For any kind of problem or query kindly leave a comment on the comment section. We always reply.