Skipfish "Googles' automated web security scanner" Tool

Skipfish is a free, open source, fully automated, active web application security reconnaissance tool. As with ratproxy, a passive security assessment tool; “we feel that skipfish will be a valuable contribution to information security community, making security assessments significantly more accessible and easier to execute. This project is interesting: “High speed: written in pure C, […]

Skipfish is a free, open source, fully automated, active web application security reconnaissance tool. As with ratproxy, a passive security assessment tool; “we feel that skipfish will be a valuable contribution to information security community, making security assessments significantly more accessible and easier to execute. This project is interesting: “High speed: written in pure C, with highly optimized HTTP handling and a minimal CPU footprint, tool easily achieves 2000 requests per second with responsive targets. Ease of use: tool features heuristics to support variety of quirky web frameworks and mixed-tech sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. Cutting-edge security logic: incorporated high quality, low false positive, differential security checks capable of spotting a range of subtle flaws, including blind injection vectors,” explain Google.

Download: Skipfish

[Source]