SlideShare a Scribd company logo

skipfish

Download as KEY, PDF
Christian Heinrich
Christian Heinrich

Delivered on 10 November 2011 Previously delivered at OWASP Chapter Netherlands Chapter Meeting on 30 June 2010

TechnologyDesign
1 of 36
skipfish 10 November 2011 Ernst & Young, Sydney Australia Previously presented at: OWASP NL 30 June 2010
Overview Not an OWASP Project By Michal Zalewski Major contributions to webappsec with Google RatProxy; Browser Security Handbook; “Rise of the Robots” i.e. The inspiration for the OWASP “Google Hacking” Project
Overview Fast webappsec scanner which“spiders” using word lists Could be used to test www DOS
Overview Fast webappsec scanner which“spiders” using word lists Similar to Burp Scanner, etc Does not satisfy WASC Security Scanner Evaluation Criteria I don’t think lcamtuf intends too either :)
Overview 3.Fast webappsec scanner which“spiders” using word lists Similar to DirBuster maybe Nikto, etc “2007 entries resulting in about 42K HTTP Requests” Based on the recommended *minimal* Word List i.e. bigger wordlist = bigger number of HTTP Requests
Build/Install From Source Code Doesn’t build on OpenBSD (issue noted) Dependency on libidn Builds on backtrack
Release Cycle lcamtuf rapidly updates via minor releases i.e. RatProxy followed same development Insert http:// vis.cs.ucdavis.edu/ ~ogawa/codeswarm/
Build/Install http://www.shortinfosec.net/2010/03/compiling-latest-skipfish-for-windows.html Not mantained with each release i.e. v1.29b No mention of support on code.google.com i.e. Use at your own risk
Spidering ./skipfish -W /dev/null -LV ...
Word List keywords and extensions type hits total_age last_age keyword
Supplied Word Lists 1. Empty 2. extensions-only.wl Must be used in conjunction with ./skipfish -Y
Word List The following all contain 1.7K keywords:
Word List minimal.wl ~50,000 HTTP Requests medium.wl ~50,000 HTTP Requests x 2 complete.wl ~50,000 HTTP Requests x 3
Word List Insert sh script 1.Select wordlist from ./dictionaries/ 2.Copy as ../skipfish.wl *copy* .wl as skipfish may append skipfish.wl may depends on cmd line i.e. ./skipfish -V ...
Wordlist Custom Wordlist ./skipfish -W custom_wl ... Suppress Automatic Learning ./skipfish -L ... Suppress Amending Wordlist ./skipfish -V ...
Lightweight Brute Force ~1,700 HTTP Requests cp ./dictionaries/complete.wl dictionary.wl ./skipfish -W dictionary.wl -Y ...
Word List Limit Keyword Guess Size Jar ./skipfish -G ... Drop Old Dictionary Entries ./skipfish -R ... Don’t fuzz $keyword.$extension ./skipfish -Y ...
Basic Usage Output Directory ./skipfish -o output_dir URL ... Suppress Real-Time Statistics ./skipfish -u ...
Usage - Scheduling Percentage of links and directories ./skipfish -p percentage ... Repeat previous scan ./skipfish -q seed ...
Usage - Authentication HTTP Auth ./skipfish -A user:pass ... Cookie ./skipfish -C name=value ... Autocomplete Forms ./skipfish -T form_field=value ...
Usage - Cookie Cookie ./skipfish -C name=value ... Ignore new set-cookies from specific locations i.e. prevent URIs from being fetched, such as logout.aspx ./skipfish -X ... Ignore new set-cookies from all locations ./skipfish -N ...
Usage - HTTP Headers User Agent ./skipfish -b ffox or ie or phone... Custom HTTP Header ./skipfish -H Header ...
Usage - Scoping Spider from ./skipfish -I URI ... Parameters not to Fuzz, such as SessionID ./skipfish -K SessionID_parameter ... Include Domain ./skipfish -D FQDN... Exclude URI ./skipfish -S URI or -X URI ...
Usage - Scoping Limit crawl depth to number of sub directories/folders ./skipfish -d number ... Limit the number of child directories per parent ./skipfish -c number ... Limit Total HTTP Requests ./skipfish -r number ...
Usage - Scoping No parsing of Form ./skipfish -O ... No parsing of HTML ./skipfish -P ...
Usage - Low Impact Mixed TLS/SSLv3 and HTTP (i.e. Cleartext) ./skipfish -M ... Low severity i.e. images are out of scope Caching Directives of HTTP 1.0 vs 1.1 ./skipfish -E ... Information Leakage i.e. E-mail Addresses and URL ./skipfish -U ...
Usage - Reporting Suppress reporting of duplicates hosts ./skipfish -Q ... Suppress warning of “trusted” domains ./skipfish -B ... Purge binary content without affecting report quality ./skipfish -e ...
Delta Reporting sfscandiff non-destructively annotated by adding red background to all new or changed nodes; and blue background to all new or changed issues found
Issues Won’t detect common low risks, such as: cookie without HTTPonly or secure flags autocomplete enabled Forms
Issues (Credit ‘FX’) High Number of False Positives ASCII txt interpreted as JSON reply with XSSI Deviation between charset and MIME type Note ./skipfish -J ... No wordlist generation based on robots.txt
Issues (Credit ‘FX’) Resolved Does not write output while the tool is executing Total Size of HTTP Request vs File System Image
Issues Does not support intercepting web proxy No supporting log entires that skipfish was used Use wireshark instead i.e. TCP/80 and TCP/443
Benefits (Credit ‘FX’) Will display the source of CGI script Can detect IPS HTTP 500 for ASP.NET HttpRequestValidationException
Performance Tuning Number of connections to all hosts ./skipfish -g ... Recommended to be < 50 Per IP ./skipfish -m number ... 2 - 4 localhost 4 - 8 local network 10 - 20 external 30 - 50 hosts which lag or slow connections
Performance Tuning I/O Timeout ./skipfish -w number ... Total Request Timeout ./skipfish -t number ... Number of HTTP Errors before Terminating ./skipfish -f number ... Truncate HTTP Response ./skipfish -s number ...
Q&A Thanks Wouter - Ernst & Young Latest slides available from http://slideshare.net/cmlh http://github.com/cmlh/skipfish http://cmlh.id.au/contact

Recommended

Automated API pentesting using fuzzapi
Automated API pentesting using fuzzapiAutomated API pentesting using fuzzapi
Automated API pentesting using fuzzapiAbhijeth D
 
Introduction to silver light
Introduction to silver lightIntroduction to silver light
Introduction to silver lightjayc8586
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Microservices Security
Microservices SecurityMicroservices Security
Microservices SecurityAditi Anand
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorialVarun Kakumani
 
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Kristina Yasuda
 
Hydra
HydraHydra
Hydrapenetration Tester
 
Nikto
NiktoNikto
NiktoSorina Chirilă
 

Recommended

Automated API pentesting using fuzzapi
Automated API pentesting using fuzzapiAutomated API pentesting using fuzzapi
Automated API pentesting using fuzzapiAbhijeth D
 
Introduction to silver light
Introduction to silver lightIntroduction to silver light
Introduction to silver lightjayc8586
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Microservices Security
Microservices SecurityMicroservices Security
Microservices SecurityAditi Anand
 
Nmap tutorial
Nmap tutorialNmap tutorial
Nmap tutorialVarun Kakumani
 
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Kristina Yasuda
 
Hydra
HydraHydra
Hydrapenetration Tester
 
Nikto
NiktoNikto
NiktoSorina Chirilă
 
初學者都該了解的 HTTP 通訊協定基礎
初學者都該了解的 HTTP 通訊協定基礎初學者都該了解的 HTTP 通訊協定基礎
初學者都該了解的 HTTP 通訊協定基礎Will Huang
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTerrance Medina
 
metaverse presentation
metaverse presentation metaverse presentation
metaverse presentation Ranjithreddy456102
 
Node.js scaling in highload
Node.js scaling in highloadNode.js scaling in highload
Node.js scaling in highloadTimur Shemsedinov
 
Proxy servers
Proxy serversProxy servers
Proxy serversKumar
 
Sqlmap
SqlmapSqlmap
SqlmapRushikesh Kulkarni
 
What is Metaverse ? What is Not ?
What is Metaverse ? What is Not ? What is Metaverse ? What is Not ?
What is Metaverse ? What is Not ? R.Erdem ERKUL , PhD
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability TesterAditya Jain
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network SecurityInformation Technology
 
Francesco D'Orazio - Everything you know about virtual worlds is WRONG - Meta...
Francesco D'Orazio - Everything you know about virtual worlds is WRONG - Meta...Francesco D'Orazio - Everything you know about virtual worlds is WRONG - Meta...
Francesco D'Orazio - Everything you know about virtual worlds is WRONG - Meta...Francesco D'Orazio
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
Https
HttpsHttps
HttpsBala Bhaskar Karakavalasa
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API ManagementApigee | Google Cloud
 
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)Sam Bowne
 
Metaverse - The Future of Internet
Metaverse - The Future of InternetMetaverse - The Future of Internet
Metaverse - The Future of Internetrajdave38
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suitejasonhaddix
 
Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy The Knowledge Academy
 
Web 3.0 - A Detailed Guide
Web 3.0 - A Detailed GuideWeb 3.0 - A Detailed Guide
Web 3.0 - A Detailed Guide101 Blockchains
 
ssh
sshssh
sshChristian Heinrich
 
tit
tittit
titChristian Heinrich
 

More Related Content

What's hot

初學者都該了解的 HTTP 通訊協定基礎
初學者都該了解的 HTTP 通訊協定基礎初學者都該了解的 HTTP 通訊協定基礎
初學者都該了解的 HTTP 通訊協定基礎Will Huang
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTerrance Medina
 
Proxy servers
Proxy serversProxy servers
Proxy serversKumar
 
What is Metaverse ? What is Not ?
What is Metaverse ? What is Not ? What is Metaverse ? What is Not ?
What is Metaverse ? What is Not ? R.Erdem ERKUL , PhD
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability TesterAditya Jain
 
Francesco D'Orazio - Everything you know about virtual worlds is WRONG - Meta...
Francesco D'Orazio - Everything you know about virtual worlds is WRONG - Meta...Francesco D'Orazio - Everything you know about virtual worlds is WRONG - Meta...
Francesco D'Orazio - Everything you know about virtual worlds is WRONG - Meta...Francesco D'Orazio
 
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)Sam Bowne
 
Metaverse - The Future of Internet
Metaverse - The Future of InternetMetaverse - The Future of Internet
Metaverse - The Future of Internetrajdave38
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suitejasonhaddix
 
Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy The Knowledge Academy
 
Web 3.0 - A Detailed Guide
Web 3.0 - A Detailed GuideWeb 3.0 - A Detailed Guide
Web 3.0 - A Detailed Guide101 Blockchains
 

What's hot (20)

初學者都該了解的 HTTP 通訊協定基礎
初學者都該了解的 HTTP 通訊協定基礎初學者都該了解的 HTTP 通訊協定基礎
初學者都該了解的 HTTP 通訊協定基礎
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port Scanning
 
Top 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilitiesTop 10 Web Application vulnerabilities
Top 10 Web Application vulnerabilities
 
metaverse presentation
metaverse presentation metaverse presentation
metaverse presentation
 
Node.js scaling in highload
Node.js scaling in highloadNode.js scaling in highload
Node.js scaling in highload
 
Proxy servers
Proxy serversProxy servers
Proxy servers
 
Sqlmap
SqlmapSqlmap
Sqlmap
 
What is Metaverse ? What is Not ?
What is Metaverse ? What is Not ? What is Metaverse ? What is Not ?
What is Metaverse ? What is Not ?
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
Francesco D'Orazio - Everything you know about virtual worlds is WRONG - Meta...
Francesco D'Orazio - Everything you know about virtual worlds is WRONG - Meta...Francesco D'Orazio - Everything you know about virtual worlds is WRONG - Meta...
Francesco D'Orazio - Everything you know about virtual worlds is WRONG - Meta...
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Https
HttpsHttps
Https
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
 
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)
 
Metaverse - The Future of Internet
Metaverse - The Future of InternetMetaverse - The Future of Internet
Metaverse - The Future of Internet
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Pentesting Using Burp Suite
Pentesting Using Burp SuitePentesting Using Burp Suite
Pentesting Using Burp Suite
 
Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy Best Cyber Security Projects | The Knowledge Academy
Best Cyber Security Projects | The Knowledge Academy
 
Web 3.0 - A Detailed Guide
Web 3.0 - A Detailed GuideWeb 3.0 - A Detailed Guide
Web 3.0 - A Detailed Guide
 

Viewers also liked

TERMS THAT WOULD MAKE KINK LOOK INNOCENT
TERMS THAT WOULD MAKE KINK LOOK INNOCENTTERMS THAT WOULD MAKE KINK LOOK INNOCENT
TERMS THAT WOULD MAKE KINK LOOK INNOCENTKakajan Haytlyyev
 
Cómo hablar de sexualidad con los adolescentes
Cómo hablar de sexualidad con los adolescentes Cómo hablar de sexualidad con los adolescentes
Cómo hablar de sexualidad con los adolescentes Alejandro Pooley
 
Aberraciones sexuales
Aberraciones sexualesAberraciones sexuales
Aberraciones sexualesdaniguzman
 
Amatorski as a 'music career' example?
Amatorski as a 'music career' example?Amatorski as a 'music career' example?
Amatorski as a 'music career' example?hilkeros
 
從u-boot 移植 NDS32 談 嵌入式系統開放原始碼開發的 一些經驗
從u-boot 移植 NDS32 談 嵌入式系統開放原始碼開發的 一些經驗從u-boot 移植 NDS32 談 嵌入式系統開放原始碼開發的 一些經驗
從u-boot 移植 NDS32 談 嵌入式系統開放原始碼開發的 一些經驗Macpaul Lin
 
Sobre la pornografía y el cine - Manuel Bláuab
Sobre la pornografía y el cine - Manuel BláuabSobre la pornografía y el cine - Manuel Bláuab
Sobre la pornografía y el cine - Manuel BláuabManuel Sierra Alonso
 
부천오피, 목동오피,안양오피@(다솜넷)수원오피
부천오피, 목동오피,안양오피@(다솜넷)수원오피부천오피, 목동오피,안양오피@(다솜넷)수원오피
부천오피, 목동오피,안양오피@(다솜넷)수원오피dasom013
 
Bdsm intro PART II/2/B
Bdsm intro PART II/2/BBdsm intro PART II/2/B
Bdsm intro PART II/2/BCree Stetler
 
Magazines download. magazines online. pdf magazines
Magazines download. magazines online. pdf magazines Magazines download. magazines online. pdf magazines
Magazines download. magazines online. pdf magazines Downmagaz
 

Viewers also liked (19)

ssh
sshssh
ssh
 
tit
tittit
tit
 
Maltego Breach
Maltego BreachMaltego Breach
Maltego Breach
 
TERMS THAT WOULD MAKE KINK LOOK INNOCENT
TERMS THAT WOULD MAKE KINK LOOK INNOCENTTERMS THAT WOULD MAKE KINK LOOK INNOCENT
TERMS THAT WOULD MAKE KINK LOOK INNOCENT
 
Cómo hablar de sexualidad con los adolescentes
Cómo hablar de sexualidad con los adolescentes Cómo hablar de sexualidad con los adolescentes
Cómo hablar de sexualidad con los adolescentes
 
Metadata - What is Unseen
Metadata - What is UnseenMetadata - What is Unseen
Metadata - What is Unseen
 
Aberraciones sexuales
Aberraciones sexualesAberraciones sexuales
Aberraciones sexuales
 
Sin City
Sin CitySin City
Sin City
 
BDSM
BDSMBDSM
BDSM
 
Amatorski as a 'music career' example?
Amatorski as a 'music career' example?Amatorski as a 'music career' example?
Amatorski as a 'music career' example?
 
從u-boot 移植 NDS32 談 嵌入式系統開放原始碼開發的 一些經驗
從u-boot 移植 NDS32 談 嵌入式系統開放原始碼開發的 一些經驗從u-boot 移植 NDS32 談 嵌入式系統開放原始碼開發的 一些經驗
從u-boot 移植 NDS32 談 嵌入式系統開放原始碼開發的 一些經驗
 
Sobre la pornografía y el cine - Manuel Bláuab
Sobre la pornografía y el cine - Manuel BláuabSobre la pornografía y el cine - Manuel Bláuab
Sobre la pornografía y el cine - Manuel Bláuab
 
La Pornografía se Parece Al Fin Del Mundo - Art. Chris Hedges - Truthdig Feb...
La Pornografía se Parece Al Fin Del Mundo - Art. Chris Hedges - Truthdig Feb...La Pornografía se Parece Al Fin Del Mundo - Art. Chris Hedges - Truthdig Feb...
La Pornografía se Parece Al Fin Del Mundo - Art. Chris Hedges - Truthdig Feb...
 
부천오피, 목동오피,안양오피@(다솜넷)수원오피
부천오피, 목동오피,안양오피@(다솜넷)수원오피부천오피, 목동오피,안양오피@(다솜넷)수원오피
부천오피, 목동오피,안양오피@(다솜넷)수원오피
 
Bdsm intro PART II/2/B
Bdsm intro PART II/2/BBdsm intro PART II/2/B
Bdsm intro PART II/2/B
 
Bdsm intro
Bdsm introBdsm intro
Bdsm intro
 
SpeakerText Pres
SpeakerText PresSpeakerText Pres
SpeakerText Pres
 
Cuadernos BDSM 1
Cuadernos BDSM 1Cuadernos BDSM 1
Cuadernos BDSM 1
 
Magazines download. magazines online. pdf magazines
Magazines download. magazines online. pdf magazines Magazines download. magazines online. pdf magazines
Magazines download. magazines online. pdf magazines
 

Similar to skipfish

Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Frédéric Harper
 
PyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application securePyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application secureIMMUNIO
 
Everything you wanted to know about writing async, concurrent http apps in java
Everything you wanted to know about writing async, concurrent http apps in java Everything you wanted to know about writing async, concurrent http apps in java
Everything you wanted to know about writing async, concurrent http apps in java Baruch Sadogursky
 
IBM dwLive, "Internet & HTTP - 잃어버린 패킷을 찾아서..."
IBM dwLive, "Internet & HTTP - 잃어버린 패킷을 찾아서..."IBM dwLive, "Internet & HTTP - 잃어버린 패킷을 찾아서..."
IBM dwLive, "Internet & HTTP - 잃어버린 패킷을 찾아서..."Dongwook Lee
 
OpenStack Security Project
OpenStack Security ProjectOpenStack Security Project
OpenStack Security ProjectTravis McPeak
 
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Ontico
 
Four Times Microservices - REST, Kubernetes, UI Integration, Async
Four Times Microservices - REST, Kubernetes, UI Integration, AsyncFour Times Microservices - REST, Kubernetes, UI Integration, Async
Four Times Microservices - REST, Kubernetes, UI Integration, AsyncEberhard Wolff
 
01 overview-and-setup
01 overview-and-setup01 overview-and-setup
01 overview-and-setupsnopteck
 
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawTakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawEC-Council
 
Presentation on Japanese doc sprint
Presentation on Japanese doc sprintPresentation on Japanese doc sprint
Presentation on Japanese doc sprintGo Chiba
 
Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...
Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...
Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...apidays
 
Nginx وب سروری برای تمام فصول
Nginx وب سروری برای تمام فصولNginx وب سروری برای تمام فصول
Nginx وب سروری برای تمام فصولefazati
 
Service discovery like a pro (presented at reversimX)
Service discovery like a pro (presented at reversimX)Service discovery like a pro (presented at reversimX)
Service discovery like a pro (presented at reversimX)Eran Harel
 
Original slides from Ryan Dahl's NodeJs intro talk
Original slides from Ryan Dahl's NodeJs intro talkOriginal slides from Ryan Dahl's NodeJs intro talk
Original slides from Ryan Dahl's NodeJs intro talkAarti Parikh
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
Play Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and ScalaPlay Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and ScalaYevgeniy Brikman
 
AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...
AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...
AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...Magno Logan
 

Similar to skipfish (20)

Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a Fox
 
Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07
 
PyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application securePyCon Canada 2015 - Is your python application secure
PyCon Canada 2015 - Is your python application secure
 
Everything you wanted to know about writing async, concurrent http apps in java
Everything you wanted to know about writing async, concurrent http apps in java Everything you wanted to know about writing async, concurrent http apps in java
Everything you wanted to know about writing async, concurrent http apps in java
 
IBM dwLive, "Internet & HTTP - 잃어버린 패킷을 찾아서..."
IBM dwLive, "Internet & HTTP - 잃어버린 패킷을 찾아서..."IBM dwLive, "Internet & HTTP - 잃어버린 패킷을 찾아서..."
IBM dwLive, "Internet & HTTP - 잃어버린 패킷을 찾아서..."
 
OpenStack Security Project
OpenStack Security ProjectOpenStack Security Project
OpenStack Security Project
 
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
Linux kernel TLS и HTTPS / Александр Крижановский (Tempesta Technologies)
 
Four Times Microservices - REST, Kubernetes, UI Integration, Async
Four Times Microservices - REST, Kubernetes, UI Integration, AsyncFour Times Microservices - REST, Kubernetes, UI Integration, Async
Four Times Microservices - REST, Kubernetes, UI Integration, Async
 
01 overview-and-setup
01 overview-and-setup01 overview-and-setup
01 overview-and-setup
 
2016 03 15_biological_databases_part4
2016 03 15_biological_databases_part42016 03 15_biological_databases_part4
2016 03 15_biological_databases_part4
 
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian CrenshawTakeDownCon Rocket City: WebShells by Adrian Crenshaw
TakeDownCon Rocket City: WebShells by Adrian Crenshaw
 
Presentation on Japanese doc sprint
Presentation on Japanese doc sprintPresentation on Japanese doc sprint
Presentation on Japanese doc sprint
 
Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...
Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...
Apidays Paris 2023 - Forget TypeScript, Choose Rust to build Robust, Fast and...
 
Nginx وب سروری برای تمام فصول
Nginx وب سروری برای تمام فصولNginx وب سروری برای تمام فصول
Nginx وب سروری برای تمام فصول
 
Service discovery like a pro (presented at reversimX)
Service discovery like a pro (presented at reversimX)Service discovery like a pro (presented at reversimX)
Service discovery like a pro (presented at reversimX)
 
Original slides from Ryan Dahl's NodeJs intro talk
Original slides from Ryan Dahl's NodeJs intro talkOriginal slides from Ryan Dahl's NodeJs intro talk
Original slides from Ryan Dahl's NodeJs intro talk
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container Technology
 
Play Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and ScalaPlay Framework: async I/O with Java and Scala
Play Framework: async I/O with Java and Scala
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...
AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...
AppSec EU 2009 - HTTP Parameter Pollution by Luca Carettoni and Stefano di P...
 

More from Christian Heinrich

More from Christian Heinrich (7)

Maltego "Have I been pwned?"
Maltego "Have I been pwned?"Maltego "Have I been pwned?"
Maltego "Have I been pwned?"
 
CVSS
CVSSCVSS
CVSS
 
BSAMMBO
BSAMMBOBSAMMBO
BSAMMBO
 
BSIMM
BSIMMBSIMM
BSIMM
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top Ten
 
PA-DSS
PA-DSSPA-DSS
PA-DSS
 
Download Indexed Cache
Download Indexed CacheDownload Indexed Cache
Download Indexed Cache
 

Recently uploaded

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

skipfish

  • 1. skipfish 10 November 2011 Ernst & Young, Sydney Australia Previously presented at: OWASP NL 30 June 2010
  • 2. Overview Not an OWASP Project By Michal Zalewski Major contributions to webappsec with Google RatProxy; Browser Security Handbook; “Rise of the Robots” i.e. The inspiration for the OWASP “Google Hacking” Project
  • 3. Overview Fast webappsec scanner which“spiders” using word lists Could be used to test www DOS
  • 4. Overview Fast webappsec scanner which“spiders” using word lists Similar to Burp Scanner, etc Does not satisfy WASC Security Scanner Evaluation Criteria I don’t think lcamtuf intends too either :)
  • 5. Overview 3.Fast webappsec scanner which“spiders” using word lists Similar to DirBuster maybe Nikto, etc “2007 entries resulting in about 42K HTTP Requests” Based on the recommended *minimal* Word List i.e. bigger wordlist = bigger number of HTTP Requests
  • 6. Build/Install From Source Code Doesn’t build on OpenBSD (issue noted) Dependency on libidn Builds on backtrack
  • 7. Release Cycle lcamtuf rapidly updates via minor releases i.e. RatProxy followed same development Insert http:// vis.cs.ucdavis.edu/ ~ogawa/codeswarm/
  • 8. Build/Install http://www.shortinfosec.net/2010/03/compiling-latest-skipfish-for-windows.html Not mantained with each release i.e. v1.29b No mention of support on code.google.com i.e. Use at your own risk
  • 10. Word List keywords and extensions type hits total_age last_age keyword
  • 11. Supplied Word Lists 1. Empty 2. extensions-only.wl Must be used in conjunction with ./skipfish -Y
  • 12. Word List The following all contain 1.7K keywords:
  • 13. Word List minimal.wl ~50,000 HTTP Requests medium.wl ~50,000 HTTP Requests x 2 complete.wl ~50,000 HTTP Requests x 3
  • 14. Word List Insert sh script 1.Select wordlist from ./dictionaries/ 2.Copy as ../skipfish.wl *copy* .wl as skipfish may append skipfish.wl may depends on cmd line i.e. ./skipfish -V ...
  • 15. Wordlist Custom Wordlist ./skipfish -W custom_wl ... Suppress Automatic Learning ./skipfish -L ... Suppress Amending Wordlist ./skipfish -V ...
  • 16. Lightweight Brute Force ~1,700 HTTP Requests cp ./dictionaries/complete.wl dictionary.wl ./skipfish -W dictionary.wl -Y ...
  • 17. Word List Limit Keyword Guess Size Jar ./skipfish -G ... Drop Old Dictionary Entries ./skipfish -R ... Don’t fuzz $keyword.$extension ./skipfish -Y ...
  • 18. Basic Usage Output Directory ./skipfish -o output_dir URL ... Suppress Real-Time Statistics ./skipfish -u ...
  • 19. Usage - Scheduling Percentage of links and directories ./skipfish -p percentage ... Repeat previous scan ./skipfish -q seed ...
  • 20. Usage - Authentication HTTP Auth ./skipfish -A user:pass ... Cookie ./skipfish -C name=value ... Autocomplete Forms ./skipfish -T form_field=value ...
  • 21. Usage - Cookie Cookie ./skipfish -C name=value ... Ignore new set-cookies from specific locations i.e. prevent URIs from being fetched, such as logout.aspx ./skipfish -X ... Ignore new set-cookies from all locations ./skipfish -N ...
  • 22. Usage - HTTP Headers User Agent ./skipfish -b ffox or ie or phone... Custom HTTP Header ./skipfish -H Header ...
  • 23. Usage - Scoping Spider from ./skipfish -I URI ... Parameters not to Fuzz, such as SessionID ./skipfish -K SessionID_parameter ... Include Domain ./skipfish -D FQDN... Exclude URI ./skipfish -S URI or -X URI ...
  • 24. Usage - Scoping Limit crawl depth to number of sub directories/folders ./skipfish -d number ... Limit the number of child directories per parent ./skipfish -c number ... Limit Total HTTP Requests ./skipfish -r number ...
  • 25. Usage - Scoping No parsing of Form ./skipfish -O ... No parsing of HTML ./skipfish -P ...
  • 26. Usage - Low Impact Mixed TLS/SSLv3 and HTTP (i.e. Cleartext) ./skipfish -M ... Low severity i.e. images are out of scope Caching Directives of HTTP 1.0 vs 1.1 ./skipfish -E ... Information Leakage i.e. E-mail Addresses and URL ./skipfish -U ...
  • 27. Usage - Reporting Suppress reporting of duplicates hosts ./skipfish -Q ... Suppress warning of “trusted” domains ./skipfish -B ... Purge binary content without affecting report quality ./skipfish -e ...
  • 28. Delta Reporting sfscandiff non-destructively annotated by adding red background to all new or changed nodes; and blue background to all new or changed issues found
  • 29. Issues Won’t detect common low risks, such as: cookie without HTTPonly or secure flags autocomplete enabled Forms
  • 30. Issues (Credit ‘FX’) High Number of False Positives ASCII txt interpreted as JSON reply with XSSI Deviation between charset and MIME type Note ./skipfish -J ... No wordlist generation based on robots.txt
  • 31. Issues (Credit ‘FX’) Resolved Does not write output while the tool is executing Total Size of HTTP Request vs File System Image
  • 32. Issues Does not support intercepting web proxy No supporting log entires that skipfish was used Use wireshark instead i.e. TCP/80 and TCP/443
  • 33. Benefits (Credit ‘FX’) Will display the source of CGI script Can detect IPS HTTP 500 for ASP.NET HttpRequestValidationException
  • 34. Performance Tuning Number of connections to all hosts ./skipfish -g ... Recommended to be < 50 Per IP ./skipfish -m number ... 2 - 4 localhost 4 - 8 local network 10 - 20 external 30 - 50 hosts which lag or slow connections
  • 35. Performance Tuning I/O Timeout ./skipfish -w number ... Total Request Timeout ./skipfish -t number ... Number of HTTP Errors before Terminating ./skipfish -f number ... Truncate HTTP Response ./skipfish -s number ...
  • 36. Q&A Thanks Wouter - Ernst & Young Latest slides available from http://slideshare.net/cmlh http://github.com/cmlh/skipfish http://cmlh.id.au/contact

Editor's Notes

  1. \n
  2. http://lcamtuf.coredump.cx/\nhttp://lcamtuf.blogspot.com/\n\nhttp://twitter.com/lcamtuf\n\nEmployed by Google\nImage Attribution http://www.knackery.net/hackers.php and http://lcamtuf.coredump.cx\n
  3. webappsec scanner e.g. Burp Scanner, IBM Rational AppScan, etc\nspider e.g. DirBuster, Nikto, etc\n\n&amp;#x201C;2007 entries (recommended by lcamtuf) resulting in about 42K HTTP Requests&amp;#x201D; quoted from Felix &amp;#x201C;FX&amp;#x201D; Linder article\n\nWASC applicable standard is Web Application Security Scanner Evaluation Criteria - quoted from lcamtuf documentation.\n\n
  4. webappsec scanner e.g. Burp Scanner, IBM Rational AppScan, etc\nspider e.g. DirBuster, Nikto, etc\n\n&amp;#x201C;2007 entries (recommended by lcamtuf) resulting in about 42K HTTP Requests&amp;#x201D; quoted from Felix &amp;#x201C;FX&amp;#x201D; Linder article\n\nWASC applicable standard is Web Application Security Scanner Evaluation Criteria - quoted from lcamtuf documentation.\n\n
  5. webappsec scanner e.g. Burp Scanner, IBM Rational AppScan, etc\nspider e.g. DirBuster, Nikto, etc\n\n&amp;#x201C;2007 entries (recommended by lcamtuf) resulting in about 42K HTTP Requests&amp;#x201D; quoted from Felix &amp;#x201C;FX&amp;#x201D; Linder article\n\nWASC applicable standard is Web Application Security Scanner Evaluation Criteria - quoted from lcamtuf documentation.\n\n
  6. RatProxy had a similar release cycle\n\nhttps://gist.github.com/1321223\n
  7. \n
  8. http://www.shortinfosec.net/2010/03/compiling-latest-skipfish-for-windows.html\n
  9. http://lcamtuf.blogspot.com/2010/11/understanding-and-using-skipfish.html\n
  10. extensions (a s extensions (a subset of keywords) ubset of keywords)\n
  11. -Y is &amp;#x201C;don&amp;#x2019;t fuzz $keyword.$extension&amp;#x201D;\n\n
  12. \n
  13. \n
  14. \n\n\n
  15. \n
  16. http://lcamtuf.blogspot.com/2010/11/understanding-and-using-skipfish.html\n
  17. \n
  18. \n\n
  19. \n\n
  20. -C is cookie, can you curl to determine cookie\n
  21. -C is cookie, can you curl to determine cookie\n\nhttp://lcamtuf.blogspot.com/2010/11/understanding-and-using-skipfish.html\n
  22. -H Custom HTTP Header\n\n
  23. -I i.e. capital &amp;#x201C;i&amp;#x201D;\n-S or -X i.e. Exclude locations\n\n\n
  24. -c Limits the number of child directories per parent - not clear in Google Code documentation\nNeed to read this -F Bypass the IP Address resolver - need to confirm that is the refer header or something else\n\n
  25. -c Limits the number of child directories per parent - not clear in Google Code documentation\n-F Bypass the IP Address resolver - need to confirm that is the refer header or something else\n\n
  26. \n
  27. -B suppress warning of trusted domains i.e. Cross Domain Content Inclusion\n-Q Suppress the reporting of duplicate nodes i.e. might miss something in report\n-p Used to perform a percentage of the scan (i.e. periodic scanning) supplement with -q\n-e http://lcamtuf.blogspot.com/2010/11/understanding-and-using-skipfish.html\n\n\n
  28. http://code.google.com/p/skipfish/wiki/SkipfishDoc\n
  29. These low risk are quoted from the documentation hosted on Google Code\n
  30. FX is Felix Lindner http://www.h-online.com/security/features/Testing-Google-s-Skipfish-1001315.html?view=print\n\n&amp;#x201C;some regular ASCII text files were interpreted as JSON responses without XSSI (Cross Site Script Inclusion) protection&amp;#x201D;\n\nskipfish -J was not mentioned by FX\n
  31. http://www.h-online.com/security/features/Testing-Google-s-Skipfish-1001315.html?view=print\n
  32. \n
  33. http://www.h-online.com/security/features/Testing-Google-s-Skipfish-1001315.html?view=print\n
  34. \n
  35. \n
  36. \n