1. High performance : 500+ requests per second against responsive Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local instances have been observed, with a very modest CPU, network, and memory footprint
2. Ease of use : skipfish is highly adaptive and reliable. Heuristic recognition, Automatic wordlist construction, Well-designed security checks, etc.
3. Snort style signatures : highlight server errors, information leaks or potentially dangerous web applications
4. Advanced security logic (can detect even subtle problems)

• Automated crawling and auditing : Skipfish can crawl a website and automatically audit it for potential security vulnerabilities. It uses a recursive crawling algorithm to discover and test new URLs and forms.
• Intelligent exploration : Skipfish uses a variety of techniques to intelligently explore a website, including checking for common naming patterns in URLs, analyzing the website’s structure, and using heuristics to guess at hidden URLs.
• Flexible scanning : Skipfish allows users to customize the scanning process by specifying which parts of the website to scan, which types of vulnerabilities to look for, and how to handle certain types of requests or responses.
• Incremental scanning : Skipfish supports incremental scanning, which means that it only tests the parts of the website that have changed since the last scan. This can help reduce the time and resources needed to perform a full security audit.
• Detailed reporting : Skipfish generates detailed reports that highlight any potential security vulnerabilities it finds. The reports include information about the vulnerabilities, the impact they could have, and recommended steps to mitigate them.
• Integration with other tools : Skipfish can be integrated with other security testing tools, such as Burp Suite and OWASP ZAP, to provide a more comprehensive security testing solution.

• Skipfish is Open source intelligence tool.
• It can track enumeration.
• It is a fully automated tool.
• It has more than 15 modules that can be used for penetration testing.
• It is used to scanning websites and web apps.
• It is used to scan content management systems(CMS).
• It can find vulnerabilities in CMS, eg. WordPress, Joomla, etc.
• It has a large number of modules, such as metagoofil, wananga, etc.

Skipfish is a web application security scanner that performs reconnaissance and identifies vulnerabilities. Here are some examples of its usage :

Basic Examples

1. Scan a Website :

$ skipfish -o output_dir http://example.com

This scans the target website (http://example.com) and saves the results in the specified output directory.

2. Use a Custom Wordlist :

$ skipfish -o output_dir -W custom_wordlist.txt http://example.com

Uses a custom wordlist (custom_wordlist.txt) for dictionary-based probes.

3. Authentication :

$ skipfish -o output_dir -A username:password http://example.com

Performs a scan with HTTP authentication using the provided credentials.

4. Limit Scan Depth :

$ skipfish -o output_dir -d 5 http://example.com

Limits the crawl depth to 5 levels to avoid scanning too deeply.

5. Exclude Specific URLs :

$ skipfish -o output_dir -X /admin http://example.com

Excludes the /admin directory from the scan.

Advanced Examples

1. Form Authentication :

$ skipfish -o output_dir --auth-form http://example.com/login --auth-user user --auth-pass pass --auth-verify-url http://example.com/dashboard

Configures form-based authentication for scanning.

2. Custom HTTP Headers :

$ skipfish -o output_dir -H "User-Agent: CustomAgent" http://example.com

Adds a custom HTTP header to the scan requests.

3. Proxy Support :

$ skipfish -o output_dir --proxy http://proxyserver:port http://example.com

Routes the scan through a specified proxy server.

4. Generate an HTML Report : After the scan, open the index.html file in the output directory to view a detailed report of vulnerabilities and issues.

Practical Applications

• Web Application Security : Identify vulnerabilities like XSS, SQL injection, and misconfigurations.
• Compliance Testing : Ensure web applications meet security standards.
• Penetration Testing : Use Skipfish as part of a broader security assessment.

• libc6
• libidn12
• libpcre3
• libssl3
• zlib1g

Terminal Installation Commands ...
GUI Installation Steps ...

Linux

1. Update your package list : sudo apt update
2. Install Skipfish : sudo apt install skipfish

Windows

Skipfish is primarily designed for Linux, but you can run it on Windows using Cygwin, a Linux-like environment for Windows. Here’s how you can install and uninstall it :

1. Install Cygwin :
• Download and install Cygwin from Cygwin's official site.
• During installation, ensure you select packages like gcc, make, and perl.
2. Download Skipfish :
• Clone the repository or download the source code from GitHub.
3. Compile Skipfish :
• Open Cygwin terminal and navigate to the Skipfish directory.
• Run : make

MacOS

You can install and uninstall Skipfish on macOS using Homebrew or MacPorts. Here’s how :

1. Install Homebrew (if not already installed) :

$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

2. Install Skipfish using Homebrew : brew install skipfish

Alternatively, you can install it via MacPorts : sudo port install skipfish

Terminal Uninstallation Commands ...
GUI Uninstallation Steps ...

Linux

1. Remove Skipfish : sudo apt remove skipfish
2. Remove configuration files and dependencies : sudo apt-get -y autoremove --purge skipfish

Windows

1. Remove Skipfish directory : rm -rf /path/to/skipfish
2. Uninstall Cygwin (if no longer needed) :
• Delete the Cygwin installation folder.
• Remove Cygwin-related environment variables.

MacOS

1. Remove Skipfish using Homebrew : brew uninstall skipfish

Or, if installed via MacPorts : sudo port uninstall skipfish