释放双眼,带上耳机,听听看~!
skipfish是Google推出的一款免费、开源、Web应用程序安全检测工具。
skipfish主要特点:
- 扫描速度快
- 易于使用
- 尖端的安全逻辑
目前skipfish更新至2.01b版,新版本主要改变如下:
- Substantial improvement to SQL injection checks.
- Improvements to directory traversal checks (courtesy of Niels Heinen).
- Fix to numerical brute-force logic.
- Major improvement to directory brute force: much better duplicate elimination in some webserver configurations.
- Added a check for attacker-controlled prefixes on inline responses. This currently leads to UTF-7 BOM XSS, Flash, Java attacks (thanks to Niels Heinen).
