CyberGuerrilla 2014
 Vol.4--No.2014 | 2 Users Online
Tuesday,Nov 12,2019 
By ro0ted avatar | May 7, 2014 - 12:42 | Posted in /b/ | Comments Off on #ro0ted #OpNewblood Web Reconnaissance: Skipfish

#ro0ted #OpNewblood Web Reconnaissance: Skipfish


Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Key features:

  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.

  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.

  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.


tar zxvf skipfish-1.01b.tgz
sudo apt-get install libidn11-dev
cd skipfish
cp dictionaries/default.wl skipfish.wl



Warning: takes a very long time to complete the scan.

./skipfish -o output_folder

Screenshot from 2014-05-07 04:55:50Screenshot from 2014-05-07 04:56:16Screenshot from 2014-05-07 05:45:56

Lets try another website.

Screenshot from 2014-05-07 05:58:28Screenshot from 2014-05-07 06:12:49


Screenshot from 2014-05-07 06:45:06







  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.

nonymous. Whoever you are, we are ungovernable!
> =[]= This site is run by cyberguerrilla, your friendly anonymous autonomous tech collective since 2010 =[]= This the past that can NOT be changed! <