skipfish

What is skipfish?

This fully automated, active web application security reconnaissance tool leverages pure C code, highly optimized HTTP handling, and a minimal CPU footprint to easily achieve 2000 requests per second with responsive targets. It boasts a range of features that streamline the security testing process, including heuristics to support a variety of quirky web frameworks and mixed-technology sites, automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. The cutting-edge security logic behind this tool is designed to deliver high-quality, low false-positive results, capable of spotting a diverse array of subtle flaws, including blind injection vectors. This versatile tool is believed to support a wide range of operating systems, including Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments

Highlights

• High-speed performance, achieving up to 2000 requests per second
• Ease of use features, such as heuristics for quirky web frameworks, automatic learning, and form autocompletion
• Cutting-edge security logic capable of identifying a range of subtle vulnerabilities, including blind injection vectors
• Compatibility with multiple operating systems, including Linux, FreeBSD, MacOS X, and Windows (Cygwin)