Shulou(Shulou.com)06/01 Report--

How to use the vulnerability scanning tool Skipfish, for this question, this article describes in detail the corresponding analysis and answers, hoping to help more partners who want to solve this problem to find a more simple and easy way.

Skipfish is an active security reconnaissance tool for Web applications. It prepares an interactive site map for the target site by performing recursive crawling and dictionary-based detection. The final map is then annotated with output from security checks from many activities (but hopefully uninterrupted). The final report generated by this tool is intended to serve as the basis for professional Web application security assessment.

Environment: kali2020

2. Usage:

-I only check the URL that contains' string'

Skipfish-o test-I / aiyou/ http://192.168.1.104

-X does not check URL # containing 'string' # for example: aiyou

Skipfish-o test-X / aiyou/ http://192.168.1.104

-S uses a dictionary to climb the website

Skipfish-o test-S complet.wl http://192.168.1.104

-W saves the characteristic vulnerability code unique to the target website to a file

1. Scan the entire site and save the results in the test folder

Skipfish-o test-S somplet.wl-W abc.wl http://192.168.1.104

2. Identity authentication based on http

Skipfish-An admin:password-o test http://192.168.1.104/dvwa/

3. Identity authentication based on Cookies

Skipfish-C "name=val"-o test http://192.168.1.104/dvwa/

If there are multiple cookies, one more cookies means one more-C "name=val"

This is the answer to the question about how to use the vulnerability scanning tool Skipfish. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.