skipfish是Google推出的一款免费、开源、Web应用程序安全检测工具。skipfish主要特点:扫描速度快、易于使用、尖端的安全逻辑。
目前skipfish更新至2.04b版,新版本主要改变如下:
Option -V eliminated in favor of -W / -S.
Option -ladded to limit the maximum requests per second (contributed by Sebastian Roschke)
Option -kadded to limit the maximum duration of a scan (contributed by Sebastian Roschke)
Support for #ro, -W-; related documentation changes.
HTTPS -> HTTP form detection.
Added more diverse traversal and file disclosure tests (including file:// scheme tests)
Improved injection detection in < script > sections, where a ‘ or ” is all we need to inject js code.
Added check to see if our injection strings end up server Set-Cookie, Set-Cookie2 and Content-Type reponse headers
URLs that give us a Javascript response are now tested with a “callback=” parameter to find JSONP issues.
Fixed “response varies” bug in 404 detection where a stable page would be marked unstable.
Bugfix to es / eg handling in dictionaries.
Added the “complete-fast.wl” wordlist which is an es / eg optimized version of “complete.wl” (resulting in 20-30% fewer requests).
出自:BugZone – http://www.pulog.org/tools/2409/Skipfish-2.04b/
