Installation, configuration and use of Google web site security scanning software skipfish 04/18 Update SLTechnology News&Howtos

Installation, configuration and use of Google web site security scanning software skipfish

2025-04-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

One: brief introduction

What is skipfish?

Skipfish is an active security reconnaissance tool for Web applications. It prepares an interactive site map of the site for a recursive crawl and dictionary-based probe. The resulting map is then annotated with the output of many active (but hopefully non-destructive) security checks. The final report tool is generated as the basis for a professional network application security assessment.

Two: deployment and installation

2.1: deployment environment

[root@cn-ptmind skipfish-read-only] # uname-a

Linux cn-ptmind 2.6.32-220.el6.x86_64 # 1 SMP Tue Dec 6 19:48:22 GMT 2011 x86 "64 GNU/Linux

[root@cn-ptmind skipfish-read-only] # more / etc/redhat-release

CentOS release 6.2 (Final)

2.2: install the skipfish dependency package:

Yum-y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel zip unzip ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssh openssl-devel nss_ldap openldap openldap-devel openldap-clients openldap-servers libxslt-devel libevent-devel ntp libtool-ltdl bison libtool vim-enhanced python wget lsof iptraf strace lrzsz kernel-devel kernel-headers pam-devel Tcl/Tk cmake ncurses-devel bison setuptool popt-devel rsynx openssh system-config-network-tui svn

2.3: download skipfish

Svn checkout http://skipfish.googlecode.com/svn/trunk/ skipfish-read-only

# enter the directory

Cd skipfish-read-only

# execute make compilation to generate skipfish commands.

Make

Three: an example of website sweeping

. / skipfish-o ptengine http://www.ptengine.com

#-o option to generate scan report folder

# package the report folder

Tar-cvf ptengine.tar ptengine

# download the compressed package locally

Sz-bey ptengine.tar

After the scan report is downloaded to the local PC and decompressed, open the folder, find the index.html file, open it with a browser, and you can view the scan report.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.