Skipfish is a very fast scanner that can help identify vulnerabilities like the following:
- Cross-Site Scripting
- SQL injection
- Command injection
- XML/XPath injection
- Directory traversal and file inclusions
- Directory listing
According to its Google Code page (http://code.google.com/p/skipfish/):
The use of Skipfish is very straightforward. You just need to provide the URL to be scanned as a parameter. Optionally, you can add the output file and fine-tune the scan. To run Skipfish over the WackoPicko application in the test VM and generate an HTML report, use the following command:
skipfish -o WebPentest/skipfish_result -I WackoPicko http://10.7.7.5/WackoPicko/
The -o option indicates the directory where the report is to be stored. The -I option tells Skipfish only to scan URLs that include the string WackoPicko, excluding the rest of the applications in the VM. The last parameter is the URL where you want the scanning to start.
When the command is launched, an information screen appears. You can press any key or wait for 60 seconds for the scan to start. Once the scan starts, the following status screen is displayed:
When the scan finishes, a summary screen like the following is shown:
Also, once the scan completes, the report will be ready in the specified folder. The following screenshot shows what a Skipfish report looks like:
The report shows the vulnerabilities identified by Skipfish in the order of higher risk (red dots) to lower risk (orange dots). For example, Skipfish identified an SQL injection vulnerability in the login page, Query injection vector, rated as high risk by the scanner. It also identified a directory traversal or file inclusion and a possible XSS vulnerability rated as medium, among others.