Web安全检测工具-Skipfish
2010-03-27 11:20:12 阿炯

Skipfish是一款免费、开源、全自动化的动态网页应用程序安全检测工具,用以降低用户的在线安全威胁。Skipfish运行一系列测试,去探测网站中存在的高、中和低危急漏洞,包括服务端的SQL注入漏洞,Explicit SQL,服务端的Shell命令注入漏洞、XML/XPath注入漏洞,整数溢出漏洞,格式化字串漏洞等。

特点
-速度快:Skipfish完全由C编写,高度优化的HTTP处理能力以及最低的CPU占用,它每秒钟可以轻松处理2000个请求;
-使用简单:该工具采用启发法来支持多种Web架构;
-前沿安全逻辑法:性能高、误报率低。

A fully automated, active web application security reconnaissance tool. Key features:

* High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.

* Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.

* Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

最新版本:2.10
该版本主要是修复了一些bug,在稳定性方面有所提升,增加了更多的安全扫描工具。

项目主页:http://code.google.com/p/skipfish/

该文章最后由 阿炯 于 2013-06-04 16:53:15 更新,目前是第 2 版。