Security Hole Scanner

Google Release Skipfish 1.13 Beta

Jessica Thornsby

Google have released a beta of version 1.13 of Skipfish.

The open source web application security hole scanner features automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. It is written in pure C. Skipfish works by using a recursive crawl and dictionary-based probes, to prepare an interactive sitemap for a website, which is then annotated with the output from a number of security checks. Skipfish security checks include server-side SQL injection, format string vulnerabilities, and integer overflow vulnerabilities. For a full list of features and security checks implemented by Skipfish, please see the project wiki.

“We feel that skipfish will be a valuable contribution to the information security community, making security assessments significantly more accessible and easier to execute,” wrote Michal Zalewski, at his ‘Meet Skipfish‘ blog posting.

comments powered by Disqus