Skipfish "Googles' automated web security scanner" Tool

Skipfish is a free, open source, fully automated, active web application security reconnaissance tool. As with ratproxy, a passive security assessment tool; “we feel that skipfish will be a valuable contribution to information security community, making security assessments significantly more accessible and easier to execute. This project is interesting: “High speed: written in pure C, […]

Skipfish is a free, open source, fully automated, active web application security reconnaissance tool. As with ratproxy, a passive security assessment tool; “we feel that skipfish will be a valuable contribution to information security community, making security assessments significantly more accessible and easier to execute. This project is interesting: “High speed: written in pure C, with highly optimized HTTP handling and a minimal CPU footprint, tool easily achieves 2000 requests per second with responsive targets. Ease of use: tool features heuristics to support variety of quirky web frameworks and mixed-tech sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. Cutting-edge security logic: incorporated high quality, low false positive, differential security checks capable of spotting a range of subtle flaws, including blind injection vectors,” explain Google.

Download: Skipfish

[Source]

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.